svchost outgoing every 3 min

dnahunter · June 12, 2013

Hello MBAM keeps saying website block. website is:46.249.61.94 Type outgoing, Port=47000+. This keep going on every 3 mins . DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 1.6.0_39

Run by THMark at 21:01:33 on 2013-06-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5609 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\ASUS.SYS\config\DVMExportService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\ARRRGHHH!!\HiPatchService.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Steam 2\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\wbem\wmiprvse.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\THMark\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "C:\Program Files (x86)\Steam 2\Steam.exe" -silent

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [AdobeBridge] <no file>

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Download all by FlashGet3 - C:\Users\THMark\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - C:\Users\THMark\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3FD03C73-2DA3-4BF2-BBC3-35FA76540AB3} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6270270B-9F29-4756-B371-C7BDBA678C86} : DHCPNameServer = 192.168.1.133

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\THMark\AppData\Roaming\Mozilla\Firefox\Profiles\0qllv7u0.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll

FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: G:\New folder\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113933&tt=120812_bandext_3212_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 1e666e7c00000000000002004c4f4f50

FF - user.js: extensions.BabylonToolbar.instlDay - 15564

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.615:48:43

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-7-16 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-8-27 931448]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130521.011\BHDrvx64.sys [2013-5-28 1390680]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-13 283200]

R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130611.001\IDSviA64.sys [2013-6-11 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-9-13 171128]

R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-9-8 386168]

R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-7-10 75144]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-7-10 385416]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\ARRRGHHH!!\HiPatchService.exe [2013-4-4 9216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 701512]

R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]

R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]

R2 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]

R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-9-20 137224]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-10 3560288]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-24 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-7-10 397704]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-11 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-11 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-11 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-25 1255736]

S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [?]

.

=============== Created Last 30 ================

.

2013-06-12 03:57:11 -------- d-----w- C:\Users\THMark\AppData\Local\{358D293F-3171-4A14-B3B9-D42F32B68222}

2013-06-11 16:31:01 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE81F950-7FAF-4341-A8D7-685562AEAE08}\mpengine.dll

2013-06-10 03:43:14 -------- d-----w- C:\Users\THMark\AppData\Local\Warframe

2013-06-09 03:39:35 -------- d-----w- C:\Users\THMark\AppData\Local\FreeOCR

2013-06-09 03:35:03 -------- d-----w- C:\Users\THMark\AppData\Local\assembly

2013-06-09 03:34:45 2680320 ----a-w- C:\Windows\SysWow64\ImageEnXLibrary.ocx

2013-06-09 03:34:43 -------- d-----w- C:\FreeOCR

2013-06-09 03:32:52 -------- d-----w- C:\Program Files (x86)\Temp

2013-06-05 15:42:55 -------- d-----w- C:\Users\THMark\AppData\Local\{19AE5637-162C-43D7-AF94-C748693EB32F}

2013-06-05 10:01:47 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-05 01:20:51 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll

2013-06-03 03:04:52 -------- d-----w- C:\Users\THMark\AppData\Local\{9AD8D4DB-F944-4F62-9B43-2EC362AD5D4D}

2013-05-17 18:21:04 -------- d-----w- C:\ProgramData\boost_interprocess

2013-05-16 14:49:42 -------- d-----w- C:\Users\THMark\AppData\Local\{BA883505-911C-4F42-9431-2A3785952414}

2013-05-15 22:59:18 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 22:59:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 22:59:18 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 22:59:06 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 22:59:05 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 22:59:05 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 22:59:05 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 22:58:53 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 22:58:53 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-15 22:58:53 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-14 20:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-05-14 20:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2013-06-05 10:01:47 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-14 19:07:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 19:07:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-24 07:26:43 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-24 07:26:43 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-24 06:55:12 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-07 16:02:04 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 21:03:11.27 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/24/2011 11:37:40 PM

System Uptime: 6/11/2013 8:53:49 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A88TD-M/USB3

Processor: AMD Phenom II X6 1090T Processor | AM3 | 3200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 131 GiB total, 32.867 GiB free.

D: is FIXED (NTFS) - 50 GiB total, 8.669 GiB free.

E: is FIXED (NTFS) - 200 GiB total, 46.234 GiB free.

G: is FIXED (NTFS) - 150 GiB total, 76.511 GiB free.

H: is FIXED (NTFS) - 100 GiB total, 24.039 GiB free.

I: is CDROM ()

J: is CDROM (CDFS)

Z: is FIXED (NTFS) - 600 GiB total, 254.088 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acronis Disk Director Suite

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

Adobe Reader X (10.1.7)

Adobe Shockwave Player 11.6

AhnLab Online Security

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArtMoney SE v7.37.2

ASPCA Reminder by We-Care.com v4.0.19.1

Audacity 2.0

AVS Document Converter 2.0.1

AVS Ringtone Maker version 1.6

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.4

black-ops.themepack

BlueStacks

Bonjour

Champions Online: Free For All

Cheat Engine 6.1

Core Temp version 0.99.8

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Express Gate

FIFA 12 © EA version 1

FlashGet 3.7

Galactic Magnate v1.2

GameMaker 8.1

Ghost Recon Online (NCSA-Live)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Guild Wars 2

Happy Cloud Client

Heroes of Newerth

Hex Workshop v6.6

Hi-Rez Studios Authenticate and Update Service

Homefront

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

HydraIRC

iCloud

InstaCodecs

iTunes

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java 6 Update 39

K-Lite Codec Pack 7.8.0 (Full)

Kabod

League of Legends

MahjongWorld (uninstall only)

Major League Baseball 2K12

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Expression Blend 3 SDK

Microsoft Expression Blend 4

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Studio 4

Microsoft Expression Web 4

Microsoft Expression Web 4 Service Pack 2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Project MUI (English) 2010

Microsoft Office Project Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Project 2010 Service Pack 1 (SP1)

Microsoft Project Professional 2010

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Premium 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Xbox 360 Accessories 1.2

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

mIRC

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

NBA 2K12

NBA 2K13

Nexon Game Manager

Nitro Reader 3

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Oracle Database 11g Express Edition

Origin

Pando Media Booster

PC Probe II

PCSX2 - Playstation 2 Emulator

PDF Settings CS6

PeerBlock 1.1 (r518)

Pirates of the Burning Sea

Port Royale 3

PrimoPDF -- brought to you by Nitro PDF Software

PunkBuster Services

Ragnarok Online2

Realtek Ethernet Controller Driver For Windows 7

Renesas Electronics USB 3.0 Host Controller Driver

Saints Row. The Third 1.0

Secure Download Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Expression Design 4 (KB2667730)

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Sins of a Solar Empire Rebellion © Stardock version 1

Skype Click to Call

Skype™ 5.10

Spiral Knights

Star Wars: The Old Republic

Steam

Symantec Endpoint Protection

System Requirements Lab CYRI

TeamSpeak 3 Client

TeamViewer 8

The Lord of the Rings Online

Tom Clancy's Ghost Recon Future Soldier

Tom Clancys Ghost Recon Future Soldier version 1.02

Tribes Ascend

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Ventrilo Client for Windows x64

VLC media player 1.1.11

Warframe

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (64-bit)

World of Tanks v.0.6.3.11

WPF Toolkit February 2010 (Version 3.5.50211.1)

XChat 2 (remove only)

.

==== Event Viewer Messages From Past Week ========

.

6/11/2013 8:59:48 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

6/11/2013 8:59:48 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

6/11/2013 5:59:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032aed35). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061113-40716-01.

6/11/2013 5:51:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:50:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:50:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:50:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:50:27 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

6/11/2013 5:49:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 5:49:27 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:49:17 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:49:17 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:49:17 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:51 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:45 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:48:11 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Secondary Logon service to connect.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IKE and AuthIP IPsec Keying Modules service to connect.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:21:58 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:21:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the System Event Notification Service service to connect.

6/11/2013 5:21:57 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:21:53 PM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:21:49 PM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:21:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:20:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.

6/11/2013 5:20:57 PM, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:20:57 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:20:57 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 5:20:57 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:19:59 PM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has returned a service-specific error code.

6/11/2013 5:19:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:19:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.

6/11/2013 5:19:50 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:19:50 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/11/2013 5:19:49 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 5:19:49 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/11/2013 5:19:49 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:19:47 PM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/11/2013 5:19:47 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

6/11/2013 5:01:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Networking Identity Manager service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 5:01:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error: An instance of the service is already running.

6/11/2013 4:56:52 PM, Error: Service Control Manager [7031] - The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/11/2013 4:56:52 PM, Error: Service Control Manager [7031] - The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/11/2013 4:56:52 PM, Error: Service Control Manager [7031] - The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

.

==== End Of File ===========================

D-FRED-BROWN · June 12, 2013

Hello dnahunter and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

dnahunter · June 12, 2013

Thanks that fix it.21:30:36.0115 2160 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

21:30:36.0720 2160 ============================================================

21:30:36.0720 2160 Current date / time: 2013/06/11 21:30:36.0720

21:30:36.0720 2160 SystemInfo:

21:30:36.0720 2160

21:30:36.0720 2160 OS Version: 6.1.7601 ServicePack: 1.0

21:30:36.0720 2160 Product type: Workstation

21:30:36.0720 2160 ComputerName: THMARK-PC

21:30:36.0720 2160 UserName: THMark

21:30:36.0720 2160 Windows directory: C:\Windows

21:30:36.0720 2160 System windows directory: C:\Windows

21:30:36.0720 2160 Running under WOW64

21:30:36.0720 2160 Processor architecture: Intel x64

21:30:36.0720 2160 Number of processors: 6

21:30:36.0720 2160 Page size: 0x1000

21:30:36.0720 2160 Boot type: Normal boot

21:30:36.0720 2160 ============================================================

21:30:38.0960 2160 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:30:38.0970 2160 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:30:38.0985 2160 ============================================================

21:30:38.0985 2160 \Device\Harddisk0\DR0:

21:30:38.0985 2160 MBR partitions:

21:30:38.0985 2160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F110, BlocksNum 0x106D007E

21:30:38.0985 2160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x106FF800, BlocksNum 0x4B000000

21:30:38.0985 2160 \Device\Harddisk1\DR1:

21:30:38.0985 2160 MBR partitions:

21:30:38.0985 2160 ============================================================

21:30:39.0010 2160 C: <-> \Device\Harddisk0\DR0\Partition1

21:30:39.0050 2160 Z: <-> \Device\Harddisk0\DR0\Partition2

21:30:39.0050 2160 ============================================================

21:30:39.0050 2160 Initialize success

21:30:39.0050 2160 ============================================================

21:30:57.0787 5792 ============================================================

21:30:57.0787 5792 Scan started

21:30:57.0787 5792 Mode: Manual;

21:30:57.0787 5792 ============================================================

21:30:58.0217 5792 ================ Scan system memory ========================

21:30:58.0217 5792 System memory - ok

21:30:58.0217 5792 ================ Scan services =============================

21:30:58.0457 5792 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:30:58.0457 5792 1394ohci - ok

21:30:58.0532 5792 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:30:58.0542 5792 ACPI - ok

21:30:58.0562 5792 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:30:58.0562 5792 AcpiPmi - ok

21:30:58.0657 5792 [ E2769E2699AF88CA3C57289A8A32ED19 ] AcronisOSSReinstallSvc C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

21:30:58.0697 5792 AcronisOSSReinstallSvc - ok

21:30:58.0772 5792 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:30:58.0772 5792 AdobeARMservice - ok

21:30:58.0887 5792 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:30:58.0892 5792 AdobeFlashPlayerUpdateSvc - ok

21:30:58.0922 5792 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:30:58.0932 5792 adp94xx - ok

21:30:58.0962 5792 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:30:58.0967 5792 adpahci - ok

21:30:58.0987 5792 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:30:58.0987 5792 adpu320 - ok

21:30:59.0017 5792 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:30:59.0017 5792 AeLookupSvc - ok

21:30:59.0062 5792 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

21:30:59.0072 5792 AFD - ok

21:30:59.0102 5792 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:30:59.0102 5792 agp440 - ok

21:30:59.0127 5792 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

21:30:59.0127 5792 ALG - ok

21:30:59.0147 5792 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

21:30:59.0147 5792 aliide - ok

21:30:59.0227 5792 ALSysIO - ok

21:30:59.0332 5792 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

21:30:59.0337 5792 amdide - ok

21:30:59.0357 5792 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:30:59.0357 5792 AmdK8 - ok

21:30:59.0382 5792 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

21:30:59.0382 5792 AmdPPM - ok

21:30:59.0407 5792 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:30:59.0407 5792 amdsata - ok

21:30:59.0422 5792 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

21:30:59.0427 5792 amdsbs - ok

21:30:59.0457 5792 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:30:59.0457 5792 amdxata - ok

21:30:59.0477 5792 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

21:30:59.0477 5792 AppID - ok

21:30:59.0512 5792 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:30:59.0522 5792 AppIDSvc - ok

21:30:59.0557 5792 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

21:30:59.0562 5792 Appinfo - ok

21:30:59.0667 5792 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:30:59.0667 5792 Apple Mobile Device - ok

21:30:59.0707 5792 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

21:30:59.0712 5792 AppMgmt - ok

21:30:59.0737 5792 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

21:30:59.0737 5792 arc - ok

21:30:59.0752 5792 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:30:59.0757 5792 arcsas - ok

21:30:59.0862 5792 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:30:59.0862 5792 aspnet_state - ok

21:30:59.0887 5792 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:30:59.0887 5792 AsyncMac - ok

21:30:59.0897 5792 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

21:30:59.0897 5792 atapi - ok

21:30:59.0952 5792 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:30:59.0962 5792 AudioEndpointBuilder - ok

21:30:59.0982 5792 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:30:59.0992 5792 AudioSrv - ok

21:31:00.0032 5792 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:31:00.0037 5792 AxInstSV - ok

21:31:00.0057 5792 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

21:31:00.0062 5792 b06bdrv - ok

21:31:00.0082 5792 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:31:00.0087 5792 b57nd60a - ok

21:31:00.0102 5792 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

21:31:00.0107 5792 BDESVC - ok

21:31:00.0117 5792 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

21:31:00.0117 5792 Beep - ok

21:31:00.0152 5792 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

21:31:00.0167 5792 BFE - ok

21:31:00.0337 5792 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130521.011\BHDrvx64.sys

21:31:00.0352 5792 BHDrvx64 - ok

21:31:00.0402 5792 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

21:31:00.0412 5792 BITS - ok

21:31:00.0442 5792 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:31:00.0442 5792 blbdrive - ok

21:31:00.0507 5792 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:31:00.0512 5792 Bonjour Service - ok

21:31:00.0542 5792 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:31:00.0542 5792 bowser - ok

21:31:00.0567 5792 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

21:31:00.0567 5792 BrFiltLo - ok

21:31:00.0587 5792 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

21:31:00.0587 5792 BrFiltUp - ok

21:31:00.0627 5792 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

21:31:00.0627 5792 Browser - ok

21:31:00.0652 5792 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:31:00.0657 5792 Brserid - ok

21:31:00.0677 5792 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:31:00.0682 5792 BrSerWdm - ok

21:31:00.0737 5792 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:31:00.0737 5792 BrUsbMdm - ok

21:31:00.0757 5792 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:31:00.0757 5792 BrUsbSer - ok

21:31:00.0842 5792 [ A510D4E029B977E285FB0116EDE86DBF ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe

21:31:00.0887 5792 BstHdAndroidSvc - ok

21:31:00.0917 5792 [ 5E69B16FD15FD4FED0E5964FD6925141 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys

21:31:00.0917 5792 BstHdDrv - ok

21:31:00.0947 5792 [ 9F9C8178E839C8B81B9EAE352E5C7E9F ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

21:31:00.0952 5792 BstHdLogRotatorSvc - ok

21:31:00.0972 5792 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:31:00.0972 5792 BTHMODEM - ok

21:31:01.0017 5792 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

21:31:01.0022 5792 bthserv - ok

21:31:01.0032 5792 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:31:01.0032 5792 cdfs - ok

21:31:01.0042 5792 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:31:01.0047 5792 cdrom - ok

21:31:01.0067 5792 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

21:31:01.0072 5792 CertPropSvc - ok

21:31:01.0092 5792 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

21:31:01.0092 5792 circlass - ok

21:31:01.0117 5792 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

21:31:01.0127 5792 CLFS - ok

21:31:01.0202 5792 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:31:01.0267 5792 clr_optimization_v2.0.50727_32 - ok

21:31:01.0307 5792 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:31:01.0337 5792 clr_optimization_v2.0.50727_64 - ok

21:31:01.0392 5792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:31:01.0392 5792 clr_optimization_v4.0.30319_32 - ok

21:31:01.0432 5792 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:31:01.0432 5792 clr_optimization_v4.0.30319_64 - ok

21:31:01.0452 5792 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

21:31:01.0452 5792 CmBatt - ok

21:31:01.0467 5792 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:31:01.0472 5792 cmdide - ok

21:31:01.0517 5792 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

21:31:01.0527 5792 CNG - ok

21:31:01.0547 5792 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

21:31:01.0547 5792 Compbatt - ok

21:31:01.0567 5792 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:31:01.0567 5792 CompositeBus - ok

21:31:01.0577 5792 COMSysApp - ok

21:31:01.0597 5792 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:31:01.0597 5792 crcdisk - ok

21:31:01.0642 5792 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:31:01.0647 5792 CryptSvc - ok

21:31:01.0697 5792 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

21:31:01.0707 5792 CSC - ok

21:31:01.0737 5792 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

21:31:01.0747 5792 CscService - ok

21:31:01.0802 5792 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:31:01.0817 5792 DcomLaunch - ok

21:31:01.0862 5792 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

21:31:01.0867 5792 defragsvc - ok

21:31:01.0882 5792 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:31:01.0887 5792 DfsC - ok

21:31:01.0907 5792 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

21:31:01.0912 5792 Dhcp - ok

21:31:01.0927 5792 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

21:31:01.0927 5792 discache - ok

21:31:01.0947 5792 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

21:31:01.0952 5792 Disk - ok

21:31:01.0992 5792 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

21:31:01.0992 5792 dmvsc - ok

21:31:02.0022 5792 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:31:02.0022 5792 Dnscache - ok

21:31:02.0037 5792 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:31:02.0037 5792 dot3svc - ok

21:31:02.0047 5792 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

21:31:02.0047 5792 DPS - ok

21:31:02.0087 5792 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:31:02.0087 5792 drmkaud - ok

21:31:02.0147 5792 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

21:31:02.0152 5792 dtsoftbus01 - ok

21:31:02.0222 5792 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe

21:31:02.0227 5792 DvmMDES - ok

21:31:02.0282 5792 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:31:02.0297 5792 DXGKrnl - ok

21:31:02.0332 5792 EagleX64 - ok

21:31:02.0352 5792 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

21:31:02.0357 5792 EapHost - ok

21:31:02.0452 5792 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

21:31:02.0517 5792 ebdrv - ok

21:31:02.0592 5792 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

21:31:02.0597 5792 eeCtrl - ok

21:31:02.0627 5792 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

21:31:02.0632 5792 EFS - ok

21:31:02.0712 5792 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:31:02.0727 5792 ehRecvr - ok

21:31:02.0737 5792 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

21:31:02.0742 5792 ehSched - ok

21:31:02.0782 5792 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:31:02.0792 5792 elxstor - ok

21:31:02.0837 5792 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:31:02.0842 5792 EraserUtilRebootDrv - ok

21:31:02.0857 5792 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:31:02.0857 5792 ErrDev - ok

21:31:02.0897 5792 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

21:31:02.0907 5792 EventSystem - ok

21:31:02.0932 5792 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

21:31:02.0937 5792 exfat - ok

21:31:02.0957 5792 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:31:02.0962 5792 fastfat - ok

21:31:02.0992 5792 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

21:31:03.0007 5792 Fax - ok

21:31:03.0032 5792 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

21:31:03.0032 5792 fdc - ok

21:31:03.0047 5792 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

21:31:03.0052 5792 fdPHost - ok

21:31:03.0052 5792 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

21:31:03.0052 5792 FDResPub - ok

21:31:03.0062 5792 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:31:03.0067 5792 FileInfo - ok

21:31:03.0072 5792 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:31:03.0072 5792 Filetrace - ok

21:31:03.0087 5792 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

21:31:03.0087 5792 flpydisk - ok

21:31:03.0102 5792 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:31:03.0102 5792 FltMgr - ok

21:31:03.0167 5792 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

21:31:03.0187 5792 FontCache - ok

21:31:03.0247 5792 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:31:03.0257 5792 FontCache3.0.0.0 - ok

21:31:03.0277 5792 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:31:03.0277 5792 FsDepends - ok

21:31:03.0327 5792 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:31:03.0327 5792 Fs_Rec - ok

21:31:03.0377 5792 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:31:03.0382 5792 fvevol - ok

21:31:03.0402 5792 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:31:03.0407 5792 gagp30kx - ok

21:31:03.0462 5792 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:31:03.0462 5792 GEARAspiWDM - ok

21:31:03.0497 5792 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

21:31:03.0512 5792 gpsvc - ok

21:31:03.0612 5792 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:31:03.0612 5792 gupdate - ok

21:31:03.0632 5792 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:31:03.0637 5792 gupdatem - ok

21:31:03.0677 5792 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:31:03.0692 5792 gusvc - ok

21:31:03.0717 5792 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:31:03.0717 5792 hcw85cir - ok

21:31:03.0772 5792 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:31:03.0777 5792 HdAudAddService - ok

21:31:03.0802 5792 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:31:03.0807 5792 HDAudBus - ok

21:31:03.0822 5792 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

21:31:03.0822 5792 HidBatt - ok

21:31:03.0842 5792 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:31:03.0842 5792 HidBth - ok

21:31:03.0857 5792 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

21:31:03.0862 5792 HidIr - ok

21:31:03.0887 5792 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

21:31:03.0887 5792 hidserv - ok

21:31:03.0917 5792 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:31:03.0917 5792 HidUsb - ok

21:31:03.0927 5792 HiPatchService - ok

21:31:03.0972 5792 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:31:03.0972 5792 hkmsvc - ok

21:31:03.0992 5792 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:31:03.0997 5792 HomeGroupListener - ok

21:31:04.0032 5792 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:31:04.0037 5792 HomeGroupProvider - ok

21:31:04.0057 5792 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:31:04.0057 5792 HpSAMD - ok

21:31:04.0087 5792 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys

21:31:04.0087 5792 HTCAND64 - ok

21:31:04.0112 5792 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys

21:31:04.0117 5792 htcnprot - ok

21:31:04.0147 5792 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:31:04.0162 5792 HTTP - ok

21:31:04.0172 5792 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:31:04.0172 5792 hwpolicy - ok

21:31:04.0182 5792 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

21:31:04.0187 5792 i8042prt - ok

21:31:04.0202 5792 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:31:04.0202 5792 iaStorV - ok

21:31:04.0257 5792 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:31:04.0272 5792 idsvc - ok

21:31:04.0352 5792 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130611.001\IDSvia64.sys

21:31:04.0362 5792 IDSVia64 - ok

21:31:04.0377 5792 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:31:04.0377 5792 iirsp - ok

21:31:04.0412 5792 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

21:31:04.0427 5792 IKEEXT - ok

21:31:04.0447 5792 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

21:31:04.0447 5792 intelide - ok

21:31:04.0462 5792 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

21:31:04.0462 5792 intelppm - ok

21:31:04.0482 5792 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:31:04.0487 5792 IPBusEnum - ok

21:31:04.0497 5792 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:31:04.0502 5792 IpFilterDriver - ok

21:31:04.0547 5792 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:31:04.0557 5792 iphlpsvc - ok

21:31:04.0577 5792 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:31:04.0582 5792 IPMIDRV - ok

21:31:04.0597 5792 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:31:04.0597 5792 IPNAT - ok

21:31:04.0637 5792 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:31:04.0642 5792 iPod Service - ok

21:31:04.0657 5792 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:31:04.0657 5792 IRENUM - ok

21:31:04.0672 5792 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:31:04.0672 5792 isapnp - ok

21:31:04.0687 5792 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:31:04.0692 5792 iScsiPrt - ok

21:31:04.0707 5792 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:31:04.0707 5792 kbdclass - ok

21:31:04.0722 5792 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:31:04.0722 5792 kbdhid - ok

21:31:04.0737 5792 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

21:31:04.0737 5792 KeyIso - ok

21:31:04.0762 5792 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:31:04.0767 5792 KSecDD - ok

21:31:04.0802 5792 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:31:04.0802 5792 KSecPkg - ok

21:31:04.0812 5792 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:31:04.0812 5792 ksthunk - ok

21:31:04.0832 5792 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

21:31:04.0837 5792 KtmRm - ok

21:31:04.0857 5792 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

21:31:04.0862 5792 LanmanServer - ok

21:31:04.0893 5792 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:31:04.0893 5792 LanmanWorkstation - ok

21:31:04.0918 5792 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:31:04.0918 5792 lltdio - ok

21:31:04.0953 5792 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:31:04.0958 5792 lltdsvc - ok

21:31:04.0968 5792 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:31:04.0968 5792 lmhosts - ok

21:31:04.0978 5792 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:31:04.0983 5792 LSI_FC - ok

21:31:04.0998 5792 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:31:04.0998 5792 LSI_SAS - ok

21:31:05.0013 5792 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

21:31:05.0013 5792 LSI_SAS2 - ok

21:31:05.0028 5792 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:31:05.0028 5792 LSI_SCSI - ok

21:31:05.0048 5792 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

21:31:05.0048 5792 luafv - ok

21:31:05.0103 5792 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

21:31:05.0103 5792 MBAMProtector - ok

21:31:05.0158 5792 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

21:31:05.0163 5792 MBAMScheduler - ok

21:31:05.0203 5792 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:31:05.0213 5792 MBAMService - ok

21:31:05.0248 5792 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:31:05.0268 5792 Mcx2Svc - ok

21:31:05.0273 5792 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

21:31:05.0278 5792 megasas - ok

21:31:05.0298 5792 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

21:31:05.0298 5792 MegaSR - ok

21:31:05.0348 5792 Microsoft SharePoint Workspace Audit Service - ok

21:31:05.0373 5792 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

21:31:05.0378 5792 MMCSS - ok

21:31:05.0393 5792 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

21:31:05.0393 5792 Modem - ok

21:31:05.0418 5792 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:31:05.0418 5792 monitor - ok

21:31:05.0433 5792 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:31:05.0438 5792 mouclass - ok

21:31:05.0458 5792 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:31:05.0458 5792 mouhid - ok

21:31:05.0468 5792 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:31:05.0468 5792 mountmgr - ok

21:31:05.0493 5792 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

21:31:05.0503 5792 MozillaMaintenance - ok

21:31:05.0513 5792 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

21:31:05.0518 5792 mpio - ok

21:31:05.0533 5792 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:31:05.0533 5792 mpsdrv - ok

21:31:05.0558 5792 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:31:05.0568 5792 MpsSvc - ok

21:31:05.0578 5792 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:31:05.0578 5792 MRxDAV - ok

21:31:05.0623 5792 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:31:05.0628 5792 mrxsmb - ok

21:31:05.0663 5792 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:31:05.0668 5792 mrxsmb10 - ok

21:31:05.0688 5792 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:31:05.0693 5792 mrxsmb20 - ok

21:31:05.0713 5792 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

21:31:05.0713 5792 msahci - ok

21:31:05.0733 5792 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:31:05.0733 5792 msdsm - ok

21:31:05.0753 5792 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

21:31:05.0758 5792 MSDTC - ok

21:31:05.0788 5792 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:31:05.0788 5792 Msfs - ok

21:31:05.0803 5792 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:31:05.0803 5792 mshidkmdf - ok

21:31:05.0833 5792 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:31:05.0833 5792 msisadrv - ok

21:31:05.0853 5792 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:31:05.0853 5792 MSiSCSI - ok

21:31:05.0858 5792 msiserver - ok

21:31:05.0878 5792 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:31:05.0878 5792 MSKSSRV - ok

21:31:05.0908 5792 [ 103B3BBE23AB774B009D182276EC6786 ] msloop C:\Windows\system32\DRIVERS\loop.sys

21:31:05.0908 5792 msloop - ok

21:31:05.0933 5792 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:31:05.0933 5792 MSPCLOCK - ok

21:31:05.0938 5792 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:31:05.0943 5792 MSPQM - ok

21:31:05.0958 5792 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:31:05.0963 5792 MsRPC - ok

21:31:05.0968 5792 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:31:05.0973 5792 mssmbios - ok

21:31:05.0978 5792 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:31:05.0983 5792 MSTEE - ok

21:31:05.0993 5792 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

21:31:05.0993 5792 MTConfig - ok

21:31:06.0033 5792 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

21:31:06.0033 5792 MTsensor - ok

21:31:06.0053 5792 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

21:31:06.0053 5792 Mup - ok

21:31:06.0093 5792 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

21:31:06.0098 5792 napagent - ok

21:31:06.0113 5792 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:31:06.0118 5792 NativeWifiP - ok

21:31:06.0213 5792 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130611.018\ENG64.SYS

21:31:06.0213 5792 NAVENG - ok

21:31:06.0278 5792 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130611.018\EX64.SYS

21:31:06.0308 5792 NAVEX15 - ok

21:31:06.0368 5792 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:31:06.0383 5792 NDIS - ok

21:31:06.0413 5792 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:31:06.0413 5792 NdisCap - ok

21:31:06.0438 5792 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:31:06.0438 5792 NdisTapi - ok

21:31:06.0458 5792 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:31:06.0458 5792 Ndisuio - ok

21:31:06.0483 5792 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:31:06.0513 5792 NdisWan - ok

21:31:06.0533 5792 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:31:06.0538 5792 NDProxy - ok

21:31:06.0548 5792 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:31:06.0553 5792 NetBIOS - ok

21:31:06.0573 5792 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:31:06.0578 5792 NetBT - ok

21:31:06.0593 5792 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

21:31:06.0593 5792 Netlogon - ok

21:31:06.0638 5792 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

21:31:06.0648 5792 Netman - ok

21:31:06.0678 5792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:06.0683 5792 NetMsmqActivator - ok

21:31:06.0693 5792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:06.0698 5792 NetPipeActivator - ok

21:31:06.0723 5792 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

21:31:06.0728 5792 netprofm - ok

21:31:06.0733 5792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:06.0738 5792 NetTcpActivator - ok

21:31:06.0743 5792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:06.0743 5792 NetTcpPortSharing - ok

21:31:06.0758 5792 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:31:06.0763 5792 nfrd960 - ok

21:31:06.0853 5792 [ DCD9287B04DE83CA22C8057C358243EA ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

21:31:06.0858 5792 NitroReaderDriverReadSpool3 - ok

21:31:06.0878 5792 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:31:06.0878 5792 NlaSvc - ok

21:31:06.0888 5792 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:31:06.0888 5792 Npfs - ok

21:31:06.0903 5792 npggsvc - ok

21:31:06.0913 5792 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

21:31:06.0918 5792 nsi - ok

21:31:06.0928 5792 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:31:06.0928 5792 nsiproxy - ok

21:31:07.0003 5792 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:31:07.0033 5792 Ntfs - ok

21:31:07.0058 5792 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

21:31:07.0058 5792 Null - ok

21:31:07.0083 5792 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

21:31:07.0083 5792 nusb3hub - ok

21:31:07.0113 5792 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

21:31:07.0113 5792 nusb3xhc - ok

21:31:07.0153 5792 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

21:31:07.0158 5792 NVHDA - ok

21:31:07.0378 5792 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:31:07.0418 5792 nvlddmkm - ok

21:31:07.0438 5792 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:31:07.0438 5792 nvraid - ok

21:31:07.0448 5792 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:31:07.0448 5792 nvstor - ok

21:31:07.0478 5792 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe

21:31:07.0483 5792 nvsvc - ok

21:31:07.0543 5792 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

21:31:07.0558 5792 nvUpdatusService - ok

21:31:07.0578 5792 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:31:07.0583 5792 nv_agp - ok

21:31:07.0598 5792 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:31:07.0603 5792 ohci1394 - ok

21:31:07.0638 5792 OracleJobSchedulerXE - ok

21:31:07.0643 5792 OracleMTSRecoveryService - ok

21:31:07.0648 5792 OracleServiceXE - ok

21:31:07.0653 5792 OracleXEClrAgent - ok

21:31:07.0683 5792 [ 788D4CD078E3D55D92C4B986C739DA43 ] OracleXETNSListener C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe

21:31:07.0688 5792 OracleXETNSListener - ok

21:31:07.0733 5792 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:31:07.0733 5792 ose64 - ok

21:31:07.0858 5792 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:31:07.0883 5792 osppsvc - ok

21:31:07.0923 5792 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:31:07.0928 5792 p2pimsvc - ok

21:31:07.0968 5792 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

21:31:07.0978 5792 p2psvc - ok

21:31:07.0993 5792 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

21:31:07.0998 5792 Parport - ok

21:31:08.0018 5792 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:31:08.0018 5792 partmgr - ok

21:31:08.0053 5792 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

21:31:08.0053 5792 PassThru Service - ok

21:31:08.0073 5792 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:31:08.0078 5792 PcaSvc - ok

21:31:08.0088 5792 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

21:31:08.0088 5792 pci - ok

21:31:08.0098 5792 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

21:31:08.0098 5792 pciide - ok

21:31:08.0118 5792 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:31:08.0118 5792 pcmcia - ok

21:31:08.0133 5792 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

21:31:08.0133 5792 pcw - ok

21:31:08.0143 5792 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:31:08.0153 5792 PEAUTH - ok

21:31:08.0213 5792 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

21:31:08.0238 5792 PeerDistSvc - ok

21:31:08.0328 5792 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:31:08.0328 5792 PerfHost - ok

21:31:08.0368 5792 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

21:31:08.0393 5792 pla - ok

21:31:08.0428 5792 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:31:08.0438 5792 PlugPlay - ok

21:31:08.0473 5792 PnkBstrA - ok

21:31:08.0488 5792 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:31:08.0493 5792 PNRPAutoReg - ok

21:31:08.0518 5792 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:31:08.0528 5792 PNRPsvc - ok

21:31:08.0573 5792 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:31:08.0583 5792 PolicyAgent - ok

21:31:08.0633 5792 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

21:31:08.0638 5792 Power - ok

21:31:08.0708 5792 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:31:08.0708 5792 PptpMiniport - ok

21:31:08.0723 5792 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

21:31:08.0728 5792 Processor - ok

21:31:08.0768 5792 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

21:31:08.0773 5792 ProfSvc - ok

21:31:08.0788 5792 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:31:08.0793 5792 ProtectedStorage - ok

21:31:08.0843 5792 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:31:08.0848 5792 Psched - ok

21:31:08.0903 5792 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:31:08.0928 5792 ql2300 - ok

21:31:08.0943 5792 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:31:08.0948 5792 ql40xx - ok

21:31:08.0963 5792 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

21:31:08.0968 5792 QWAVE - ok

21:31:08.0978 5792 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:31:08.0978 5792 QWAVEdrv - ok

21:31:08.0988 5792 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:31:08.0988 5792 RasAcd - ok

21:31:09.0003 5792 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:31:09.0003 5792 RasAgileVpn - ok

21:31:09.0013 5792 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

21:31:09.0018 5792 RasAuto - ok

21:31:09.0028 5792 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:31:09.0028 5792 Rasl2tp - ok

21:31:09.0043 5792 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

21:31:09.0048 5792 RasMan - ok

21:31:09.0063 5792 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:31:09.0063 5792 RasPppoe - ok

21:31:09.0073 5792 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:31:09.0073 5792 RasSstp - ok

21:31:09.0083 5792 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:31:09.0088 5792 rdbss - ok

21:31:09.0103 5792 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

21:31:09.0103 5792 rdpbus - ok

21:31:09.0108 5792 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:31:09.0108 5792 RDPCDD - ok

21:31:09.0153 5792 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

21:31:09.0158 5792 RDPDR - ok

21:31:09.0163 5792 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:31:09.0168 5792 RDPENCDD - ok

21:31:09.0183 5792 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:31:09.0183 5792 RDPREFMP - ok

21:31:09.0213 5792 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

21:31:09.0213 5792 RdpVideoMiniport - ok

21:31:09.0243 5792 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:31:09.0248 5792 RDPWD - ok

21:31:09.0308 5792 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:31:09.0313 5792 rdyboost - ok

21:31:09.0348 5792 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:31:09.0353 5792 RemoteAccess - ok

21:31:09.0393 5792 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:31:09.0398 5792 RemoteRegistry - ok

21:31:09.0418 5792 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:31:09.0418 5792 RpcEptMapper - ok

21:31:09.0438 5792 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

21:31:09.0438 5792 RpcLocator - ok

21:31:09.0463 5792 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

21:31:09.0473 5792 RpcSs - ok

21:31:09.0488 5792 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:31:09.0488 5792 rspndr - ok

21:31:09.0523 5792 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

21:31:09.0528 5792 RTL8167 - ok

21:31:09.0543 5792 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

21:31:09.0543 5792 s3cap - ok

21:31:09.0553 5792 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

21:31:09.0558 5792 SamSs - ok

21:31:09.0573 5792 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:31:09.0578 5792 sbp2port - ok

21:31:09.0598 5792 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:31:09.0598 5792 SCardSvr - ok

21:31:09.0613 5792 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:31:09.0613 5792 scfilter - ok

21:31:09.0638 5792 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

21:31:09.0653 5792 Schedule - ok

21:31:09.0683 5792 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

21:31:09.0688 5792 SCPolicySvc - ok

21:31:09.0698 5792 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:31:09.0703 5792 SDRSVC - ok

21:31:09.0718 5792 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:31:09.0718 5792 secdrv - ok

21:31:09.0733 5792 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

21:31:09.0733 5792 seclogon - ok

21:31:09.0743 5792 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

21:31:09.0743 5792 SENS - ok

21:31:09.0753 5792 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:31:09.0758 5792 SensrSvc - ok

21:31:09.0823 5792 [ 74885BDFF62E537F268EBF8E8CEC24BB ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

21:31:09.0823 5792 SepMasterService - ok

21:31:09.0833 5792 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

21:31:09.0833 5792 Serenum - ok

21:31:09.0838 5792 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

21:31:09.0838 5792 Serial - ok

21:31:09.0853 5792 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:31:09.0853 5792 sermouse - ok

21:31:09.0888 5792 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

21:31:09.0888 5792 SessionEnv - ok

21:31:09.0903 5792 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:31:09.0903 5792 sffdisk - ok

21:31:09.0918 5792 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:31:09.0918 5792 sffp_mmc - ok

21:31:09.0928 5792 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:31:09.0928 5792 sffp_sd - ok

21:31:09.0943 5792 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:31:09.0943 5792 sfloppy - ok

21:31:09.0983 5792 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:31:09.0993 5792 SharedAccess - ok

21:31:10.0013 5792 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:31:10.0018 5792 ShellHWDetection - ok

21:31:10.0033 5792 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

21:31:10.0033 5792 SiSRaid2 - ok

21:31:10.0048 5792 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:31:10.0048 5792 SiSRaid4 - ok

21:31:10.0168 5792 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

21:31:10.0193 5792 Skype C2C Service - ok

21:31:10.0238 5792 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

21:31:10.0243 5792 SkypeUpdate - ok

21:31:10.0268 5792 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:31:10.0273 5792 Smb - ok

21:31:10.0393 5792 [ B8EF6F1FAFBE89E24E152907605E7A25 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe

21:31:10.0403 5792 SmcService - ok

21:31:10.0428 5792 [ 89733DCC3817455FBC3AB4A3C19EE765 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe

21:31:10.0433 5792 SNAC - ok

21:31:10.0458 5792 [ B84440E7554FC85E900EEF0A7AABA228 ] snapman C:\Windows\system32\DRIVERS\snapman.sys

21:31:10.0458 5792 snapman - ok

21:31:10.0503 5792 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:31:10.0508 5792 SNMPTRAP - ok

21:31:10.0518 5792 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

21:31:10.0518 5792 spldr - ok

21:31:10.0563 5792 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

21:31:10.0573 5792 Spooler - ok

21:31:10.0668 5792 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

21:31:10.0738 5792 sppsvc - ok

21:31:10.0748 5792 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:31:10.0748 5792 sppuinotify - ok

21:31:10.0778 5792 [ 48FD53FED3C81726001E438A2201E9FF ] SRTSP C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS

21:31:10.0783 5792 SRTSP - ok

21:31:10.0803 5792 [ 63199A936D9BDEA578DFB8F5E9A40095 ] SRTSPX C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS

21:31:10.0803 5792 SRTSPX - ok

21:31:10.0823 5792 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

21:31:10.0828 5792 srv - ok

21:31:10.0848 5792 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:31:10.0853 5792 srv2 - ok

21:31:10.0868 5792 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:31:10.0868 5792 srvnet - ok

21:31:10.0893 5792 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:31:10.0898 5792 SSDPSRV - ok

21:31:10.0913 5792 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:31:10.0923 5792 SstpSvc - ok

21:31:10.0973 5792 Steam Client Service - ok

21:31:11.0038 5792 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

21:31:11.0043 5792 Stereo Service - ok

21:31:11.0078 5792 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

21:31:11.0078 5792 stexstor - ok

21:31:11.0113 5792 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

21:31:11.0123 5792 stisvc - ok

21:31:11.0153 5792 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

21:31:11.0158 5792 storflt - ok

21:31:11.0178 5792 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

21:31:11.0178 5792 StorSvc - ok

21:31:11.0188 5792 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

21:31:11.0188 5792 storvsc - ok

21:31:11.0203 5792 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:31:11.0203 5792 swenum - ok

21:31:11.0268 5792 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

21:31:11.0278 5792 SwitchBoard - ok

21:31:11.0313 5792 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

21:31:11.0328 5792 swprv - ok

21:31:11.0378 5792 [ F017987B177F7BBC989318D59309D091 ] SymDS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS

21:31:11.0388 5792 SymDS - ok

21:31:11.0433 5792 [ E7F25D768EE0CDF69D8B752398C262BB ] SymEFA C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS

21:31:11.0453 5792 SymEFA - ok

21:31:11.0478 5792 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

21:31:11.0478 5792 SymEvent - ok

21:31:11.0528 5792 [ 1611FA7A95A48387DF22757FA81B46A9 ] SymIRON C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS

21:31:11.0533 5792 SymIRON - ok

21:31:11.0558 5792 [ D41557715C1C792D1391DB5AA81A00DF ] SYMNETS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS

21:31:11.0563 5792 SYMNETS - ok

21:31:11.0623 5792 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

21:31:11.0668 5792 SysMain - ok

21:31:11.0693 5792 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:31:11.0698 5792 TabletInputService - ok

21:31:11.0743 5792 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:31:11.0748 5792 TapiSrv - ok

21:31:11.0768 5792 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

21:31:11.0768 5792 TBS - ok

21:31:11.0838 5792 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:31:11.0898 5792 Tcpip - ok

21:31:11.0988 5792 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:31:12.0018 5792 TCPIP6 - ok

21:31:12.0058 5792 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:31:12.0058 5792 tcpipreg - ok

21:31:12.0083 5792 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:31:12.0083 5792 TDPIPE - ok

21:31:12.0113 5792 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:31:12.0118 5792 TDTCP - ok

21:31:12.0133 5792 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:31:12.0133 5792 tdx - ok

21:31:12.0293 5792 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

21:31:12.0318 5792 TeamViewer8 - ok

21:31:12.0353 5792 [ 7DD4F26F73EFE8E0817E18D1D1B9B18A ] Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys

21:31:12.0358 5792 Teefer2 - ok

21:31:12.0373 5792 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:31:12.0373 5792 TermDD - ok

21:31:12.0403 5792 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

21:31:12.0408 5792 TermService - ok

21:31:12.0423 5792 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

21:31:12.0428 5792 Themes - ok

21:31:12.0458 5792 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

21:31:12.0458 5792 THREADORDER - ok

21:31:12.0473 5792 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

21:31:12.0478 5792 TrkWks - ok

21:31:12.0543 5792 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:31:12.0543 5792 TrustedInstaller - ok

21:31:12.0563 5792 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:31:12.0563 5792 tssecsrv - ok

21:31:12.0633 5792 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:31:12.0638 5792 TsUsbFlt - ok

21:31:12.0658 5792 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

21:31:12.0663 5792 TsUsbGD - ok

21:31:12.0688 5792 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:31:12.0693 5792 tunnel - ok

21:31:12.0708 5792 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:31:12.0708 5792 uagp35 - ok

21:31:12.0733 5792 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:31:12.0738 5792 udfs - ok

21:31:12.0778 5792 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:31:12.0783 5792 UI0Detect - ok

21:31:12.0803 5792 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:31:12.0808 5792 uliagpkx - ok

21:31:12.0823 5792 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:31:12.0823 5792 umbus - ok

21:31:12.0843 5792 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

21:31:12.0843 5792 UmPass - ok

21:31:12.0883 5792 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

21:31:12.0888 5792 UmRdpService - ok

21:31:12.0913 5792 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

21:31:12.0918 5792 upnphost - ok

21:31:12.0958 5792 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

21:31:12.0958 5792 USBAAPL64 - ok

21:31:13.0008 5792 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:31:13.0013 5792 usbaudio - ok

21:31:13.0033 5792 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:31:13.0038 5792 usbccgp - ok

21:31:13.0058 5792 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:31:13.0058 5792 usbcir - ok

21:31:13.0078 5792 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:31:13.0083 5792 usbehci - ok

21:31:13.0098 5792 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:31:13.0103 5792 usbhub - ok

21:31:13.0118 5792 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

21:31:13.0118 5792 usbohci - ok

21:31:13.0128 5792 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:31:13.0128 5792 usbprint - ok

21:31:13.0148 5792 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:31:13.0148 5792 USBSTOR - ok

21:31:13.0163 5792 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:31:13.0163 5792 usbuhci - ok

21:31:13.0178 5792 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

21:31:13.0178 5792 UxSms - ok

21:31:13.0183 5792 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

21:31:13.0183 5792 VaultSvc - ok

21:31:13.0193 5792 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:31:13.0193 5792 vdrvroot - ok

21:31:13.0208 5792 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

21:31:13.0213 5792 vds - ok

21:31:13.0223 5792 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:31:13.0223 5792 vga - ok

21:31:13.0233 5792 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

21:31:13.0238 5792 VgaSave - ok

21:31:13.0253 5792 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:31:13.0253 5792 vhdmp - ok

21:31:13.0268 5792 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

21:31:13.0268 5792 viaide - ok

21:31:13.0293 5792 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

21:31:13.0298 5792 vmbus - ok

21:31:13.0313 5792 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

21:31:13.0313 5792 VMBusHID - ok

21:31:13.0333 5792 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:31:13.0338 5792 volmgr - ok

21:31:13.0363 5792 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:31:13.0368 5792 volmgrx - ok

21:31:13.0393 5792 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:31:13.0398 5792 volsnap - ok

21:31:13.0423 5792 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:31:13.0428 5792 vsmraid - ok

21:31:13.0473 5792 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

21:31:13.0508 5792 VSS - ok

21:31:13.0523 5792 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

21:31:13.0523 5792 vwifibus - ok

21:31:13.0543 5792 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

21:31:13.0548 5792 W32Time - ok

21:31:13.0563 5792 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:31:13.0563 5792 WacomPen - ok

21:31:13.0628 5792 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:31:13.0633 5792 WANARP - ok

21:31:13.0658 5792 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:31:13.0658 5792 Wanarpv6 - ok

21:31:13.0713 5792 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:31:13.0733 5792 WatAdminSvc - ok

21:31:13.0808 5792 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

21:31:13.0858 5792 wbengine - ok

21:31:13.0873 5792 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:31:13.0878 5792 WbioSrvc - ok

21:31:13.0908 5792 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:31:13.0913 5792 wcncsvc - ok

21:31:13.0933 5792 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:31:13.0938 5792 WcsPlugInService - ok

21:31:13.0953 5792 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

21:31:13.0953 5792 Wd - ok

21:31:13.0998 5792 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:31:14.0008 5792 Wdf01000 - ok

21:31:14.0018 5792 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:31:14.0023 5792 WdiServiceHost - ok

21:31:14.0033 5792 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:31:14.0033 5792 WdiSystemHost - ok

21:31:14.0068 5792 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

21:31:14.0068 5792 WebClient - ok

21:31:14.0158 5792 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:31:14.0178 5792 Wecsvc - ok

21:31:14.0268 5792 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:31:14.0273 5792 wercplsupport - ok

21:31:14.0288 5792 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

21:31:14.0298 5792 WerSvc - ok

21:31:14.0313 5792 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:31:14.0313 5792 WfpLwf - ok

21:31:14.0333 5792 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:31:14.0333 5792 WIMMount - ok

21:31:14.0348 5792 WinDefend - ok

21:31:14.0373 5792 WinHttpAutoProxySvc - ok

21:31:14.0433 5792 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:31:14.0433 5792 Winmgmt - ok

21:31:14.0478 5792 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

21:31:14.0513 5792 WinRM - ok

21:31:14.0558 5792 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:31:14.0558 5792 WinUsb - ok

21:31:14.0613 5792 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

21:31:14.0633 5792 Wlansvc - ok

21:31:14.0738 5792 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:31:14.0773 5792 wlidsvc - ok

21:31:14.0793 5792 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

21:31:14.0798 5792 WmiAcpi - ok

21:31:14.0808 5792 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:31:14.0813 5792 wmiApSrv - ok

21:31:14.0818 5792 WMPNetworkSvc - ok

21:31:14.0833 5792 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:31:14.0838 5792 WPCSvc - ok

21:31:14.0853 5792 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:31:14.0858 5792 WPDBusEnum - ok

21:31:14.0868 5792 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:31:14.0868 5792 ws2ifsl - ok

21:31:14.0873 5792 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

21:31:14.0878 5792 wscsvc - ok

21:31:14.0883 5792 WSearch - ok

21:31:14.0968 5792 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

21:31:15.0023 5792 wuauserv - ok

21:31:15.0058 5792 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:31:15.0063 5792 WudfPf - ok

21:31:15.0078 5792 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:31:15.0083 5792 WUDFRd - ok

21:31:15.0098 5792 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:31:15.0098 5792 wudfsvc - ok

21:31:15.0133 5792 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

21:31:15.0133 5792 WwanSvc - ok

21:31:15.0188 5792 X6va011 - ok

21:31:15.0233 5792 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

21:31:15.0238 5792 xusb21 - ok

21:31:15.0263 5792 ================ Scan global ===============================

21:31:15.0298 5792 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:31:15.0338 5792 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

21:31:15.0353 5792 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

21:31:15.0408 5792 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:31:15.0453 5792 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:31:15.0458 5792 [Global] - ok

21:31:15.0458 5792 ================ Scan MBR ==================================

21:31:15.0468 5792 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0

21:31:15.0468 5792 Suspicious mbr (Forged): \Device\Harddisk0\DR0

21:31:15.0513 5792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected

21:31:15.0513 5792 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)

21:31:15.0518 5792 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

21:31:15.0733 5792 \Device\Harddisk1\DR1 - ok

21:31:15.0733 5792 ================ Scan VBR ==================================

21:31:15.0753 5792 [ 896CFF8FA85AF2A8898F077F182462D6 ] \Device\Harddisk0\DR0\Partition1

21:31:15.0753 5792 \Device\Harddisk0\DR0\Partition1 - ok

21:31:15.0768 5792 [ 2F730CCFBC94C50B9CA726695B90CF51 ] \Device\Harddisk0\DR0\Partition2

21:31:15.0773 5792 \Device\Harddisk0\DR0\Partition2 - ok

21:31:15.0773 5792 ============================================================

21:31:15.0773 5792 Scan finished

21:31:15.0773 5792 ============================================================

21:31:15.0833 6236 Detected object count: 1

21:31:15.0833 6236 Actual detected object count: 1

21:32:00.0984 6236 \Device\Harddisk0\DR0\# - copied to quarantine

21:32:00.0984 6236 \Device\Harddisk0\DR0 - copied to quarantine

21:32:01.0034 6236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot

21:32:01.0034 6236 \Device\Harddisk0\DR0 - ok

21:32:01.0044 6236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure

21:32:11.0930 4536 Deinitialize success

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.12.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

THMark :: THMARK-PC [administrator]

6/11/2013 9:42:21 PM

mbar-log-2013-06-11 (21-42-21).txt

Scan type: Quick scan

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 288152

Time elapsed: 22 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

dnahunter · June 12, 2013

ComboFix 13-06-08.02 - THMark 06/11/2013 22:35:19.1.6 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5790 [GMT -7:00]

Running from: c:\users\THMark\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\CFLog

C:\install.exe

c:\users\THMark\AppData\Local\assembly\tmp

c:\users\THMark\AppData\Local\Microsoft\Windows\Temporary Internet Files\{086787C8-800B-4D50-955A-4422894F9326}.xps

c:\users\THMark\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1E7FD0E1-B88B-419D-82F0-0C321F6E2BA6}.xps

c:\users\THMark\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C9B2F4EC-5B07-4A68-B8D3-940D0156BB46}.xps

c:\users\THMark\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F994083F-F676-4768-AF1E-11802281FFB5}.xps

c:\users\THMark\AppData\Roaming\Mozilla\Firefox\Profiles\0qllv7u0.default\searchplugins\bing-zugo.xml

c:\users\THMark\Documents\~WRL0070.tmp

c:\windows\security\Database\tmp.edb

.

((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))

.

2013-06-12 05:45 . 2013-06-12 05:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-12 05:45 . 2013-06-12 05:45 -------- d-----w- c:\users\hedev\AppData\Local\temp

2013-06-12 05:45 . 2013-06-12 05:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-12 04:47 . 2013-06-12 04:47 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE81F950-7FAF-4341-A8D7-685562AEAE08}\offreg.dll

2013-06-12 04:42 . 2013-06-12 05:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-12 04:32 . 2013-06-12 04:32 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-11 16:31 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE81F950-7FAF-4341-A8D7-685562AEAE08}\mpengine.dll

2013-06-10 03:43 . 2013-06-10 21:06 -------- d-----w- c:\users\THMark\AppData\Local\Warframe

2013-06-09 03:39 . 2013-06-09 03:39 -------- d-----w- c:\users\THMark\AppData\Local\FreeOCR

2013-06-09 03:35 . 2013-06-12 05:41 -------- d-----w- c:\users\THMark\AppData\Local\assembly

2013-06-09 03:34 . 2007-03-10 16:11 2680320 ----a-w- c:\windows\SysWow64\ImageEnXLibrary.ocx

2013-06-09 03:34 . 2013-06-09 15:26 -------- d-----w- C:\FreeOCR

2013-06-09 03:32 . 2013-06-09 03:32 -------- d-----w- c:\program files (x86)\Temp

2013-06-05 10:01 . 2013-06-05 10:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-05 01:20 . 2013-06-05 01:20 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll

2013-05-27 04:02 . 2013-05-27 04:02 -------- d-----w- c:\users\THMark\AppData\Roaming\SystemRequirementsLab

2013-05-20 21:00 . 2013-05-20 21:00 -------- d-----w- c:\users\THMark\AppData\Roaming\Nitro PDF

2013-05-17 18:21 . 2013-06-09 22:34 -------- d-----w- c:\programdata\boost_interprocess

2013-05-15 22:59 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 22:59 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 22:59 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 22:59 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 22:59 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 22:59 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 22:59 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 22:59 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 22:59 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 22:58 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 22:58 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 22:58 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-14 20:31 . 2013-05-14 20:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-05-14 20:31 . 2013-05-14 20:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-03 03:04 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-16 10:05 . 2011-07-27 18:49 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 19:07 . 2012-05-10 16:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:07 . 2011-07-24 20:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-02 09:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-24 07:26 . 2012-07-06 16:47 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-04-24 07:26 . 2012-06-10 18:50 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-04-24 06:55 . 2012-06-10 18:50 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-04-13 05:49 . 2013-05-15 22:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 22:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 22:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 22:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 22:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 22:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 14:50 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-07 16:02 . 2012-06-10 18:50 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-04-04 21:50 . 2011-07-24 20:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 06:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 06:26 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 06:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 06:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 06:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 06:26 112640 ----a-w- c:\windows\system32\smss.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-18 911160]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-28 39408]

"Steam"="c:\program files (x86)\Steam 2\Steam.exe" [2013-06-06 1641896]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-08 3093624]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ALSysIO;ALSysIO;c:\users\THMark\AppData\Local\Temp\ALSysIO64.sys;c:\users\THMark\AppData\Local\Temp\ALSysIO64.sys [x]

R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130521.011\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130521.011\BHDrvx64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130611.001\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130611.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [x]

S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;e:\arrrghhh!!\HiPatchService.exe;e:\arrrghhh!!\HiPatchService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]

S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]

S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 59322389

*Deregistered* - 59322389

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 19:07]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 21:50]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 21:50]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050476716-2494318647-2019036779-1000Core.job

- c:\users\THMark\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-12 14:42]

.

2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050476716-2494318647-2019036779-1000UA.job

- c:\users\THMark\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-12 14:42]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all by FlashGet3 - c:\users\THMark\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\THMark\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\THMark\AppData\Roaming\Mozilla\Firefox\Profiles\0qllv7u0.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - google.com

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113933&tt=120812_bandext_3212_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - 1e666e7c00000000000002004c4f4f50

FF - user.js: extensions.BabylonToolbar.instlDay - 15564

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.615:48

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-FoodBuzzUpdate - c:\program files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe

Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll

SafeBoot-59322389.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-black-ops_folder - c:\program files (x86)\windows-7-themes.com\black-ops\uninstall.exe

AddRemove-FIFA 12 © EA_is1 - e:\fifa\game\FIFA 12\unins000.exe

AddRemove-Galactic Magnate_is1 - e:\new folder\Galactic Magnate\uninst\unins000.exe

AddRemove-Homefront_is1 - e:\hf\Homefront\Homefront\unins000.exe

AddRemove-MahjongWorldClient - c:\program files (x86)\MahjongWorldClient\uninstall.exe

AddRemove-Saints Row. The Third_is1 - e:\saints\Saints Row. The Third\uninstall\unins000.exe

AddRemove-{6D87CAD9-9B94-4421-A439-B25F8DE14575} - c:\program files (x86)\InstallShield Installation Information\{6D87CAD9-9B94-4421-A439-B25F8DE14575}\setup.exe

AddRemove-GameMaker81 - l:\game maker 8.1 lite\GameMaker 8.1\uninstall.exe

AddRemove-lotro_highres_en - e:\happycloud\Cache\The Lord of the Rings Online\hcuninstaller.exe

AddRemove-SOE-Pirates of the Burning Sea - e:\potbs\Uninstaller.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]

"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]

"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4050476716-2494318647-2019036779-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\e:\Battlefield 3\Bzmd\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]

"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"

"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"

"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"

.

[HKEY_USERS\S-1-5-21-4050476716-2494318647-2019036779-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\e:\Battlefield 3\Bzmd\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]

"qcncodecs4.dll"=multi:"2011-10-10T16:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"

"qkrcodecs4.dll"=multi:"2011-10-10T16:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"

"qtwcodecs4.dll"=multi:"2011-10-10T16:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"

.

[HKEY_USERS\S-1-5-21-4050476716-2494318647-2019036779-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\battlefield 3\Bzmd\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]

"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T16:42\00\00"

"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

.

[HKEY_USERS\S-1-5-21-4050476716-2494318647-2019036779-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\e:\battlefield 3\Bzmd\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]

"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"

"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"

"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-11 22:59:39

ComboFix-quarantined-files.txt 2013-06-12 05:59

.

Pre-Run: 35,085,447,168 bytes free

Post-Run: 38,239,043,584 bytes free

.

- - End Of File - - 6EDA89A74C0FAAF11B8E7AED47054769

A36C5E4F47E84449FF07ED3517B43A31 Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 39

Java version out of Date!

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.7 Adobe Reader out of Date!

Mozilla Firefox 20.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Thanks again.

D-FRED-BROWN · June 12, 2013

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
File::
C:\Windows\System32\Drivers\59322389.sys
Driver::
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

dnahunter · June 12, 2013

ComboFix 13-06-08.02 - THMark 06/12/2013 0:00.2.6 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5583 [GMT -7:00]

Running from: c:\users\THMark\Desktop\ComboFix.exe

Command switches used :: c:\users\THMark\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\System32\Drivers\59322389.sys"

.

((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))

.

2013-06-12 07:03 . 2013-06-12 07:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-12 07:03 . 2013-06-12 07:03 -------- d-----w- c:\users\hedev\AppData\Local\temp

2013-06-12 07:03 . 2013-06-12 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp