adware/chitka/redirects/multiple iexplore.exe processes

Rev_Katz · August 10, 2013

Greetings,

I've seen some similar problems on here, but it seems each case needs to be resolved individually, so I am requesting your help.

Seem to have gotten some virus/viruses with the following symptoms:

chitka ad pop-ups on lower right-hand side of screen that cannot be closed. More frequent however is adware that pops up on the lower left of screen that can be closed, but frequently contains semi-explicit images, which is super annoying because we often have our kids around the computer, and pornographic material is never viewed on this computer.

Frequent redirects when linking to a site. multiple iexplore.exe processes running. usually around 4 or 5 using between 100-300k memory. Symptoms occur in every browser (ie, chrome, firefox). Frequently the COM surrogate just slows the computer to a halt.

I'm running windows 7 home premium 64 bit.

I've run multiple times superantispyware and emisoft deep scans to no avail, they don't detect anything.

Your help would be sincerely appreciated!

Regards

D-FRED-BROWN · August 10, 2013

Hello Rev_Katz and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Rev_Katz · August 14, 2013

OK, so here's the logs sliced up into postable chunks:

14:59:45.0780 8708 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
14:59:46.0071 8708 ============================================================
14:59:46.0071 8708 Current date / time: 2013/08/14 14:59:46.0071
14:59:46.0071 8708 SystemInfo:
14:59:46.0071 8708
14:59:46.0071 8708 OS Version: 6.1.7601 ServicePack: 1.0
14:59:46.0071 8708 Product type: Workstation
14:59:46.0072 8708 ComputerName: WENDELOVI-PC
14:59:46.0072 8708 UserName: Cindy
14:59:46.0072 8708 Windows directory: C:\Windows
14:59:46.0072 8708 System windows directory: C:\Windows
14:59:46.0072 8708 Running under WOW64
14:59:46.0072 8708 Processor architecture: Intel x64
14:59:46.0072 8708 Number of processors: 4
14:59:46.0072 8708 Page size: 0x1000
14:59:46.0072 8708 Boot type: Normal boot
14:59:46.0072 8708 ============================================================
15:00:06.0661 8708 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:00:06.0695 8708 ============================================================
15:00:06.0695 8708 \Device\Harddisk0\DR0:
15:00:06.0695 8708 MBR partitions:
15:00:06.0695 8708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5594775F
15:00:06.0695 8708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x5594779E, BlocksNum 0x1BFDB63
15:00:06.0695 8708 ============================================================
15:00:06.0724 8708 C: <-> \Device\Harddisk0\DR0\Partition1
15:00:06.0762 8708 D: <-> \Device\Harddisk0\DR0\Partition2
15:00:06.0763 8708 ============================================================
15:00:06.0763 8708 Initialize success
15:00:06.0763 8708 ============================================================
15:00:19.0017 12392 ============================================================
15:00:19.0017 12392 Scan started
15:00:19.0017 12392 Mode: Manual;
15:00:19.0017 12392 ============================================================
15:00:19.0518 12392 ================ Scan system memory ========================
15:00:19.0518 12392 System memory - ok
15:00:19.0518 12392 ================ Scan services =============================
15:00:19.0675 12392 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:00:19.0677 12392 !SASCORE - ok
15:00:19.0851 12392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:00:19.0854 12392 1394ohci - ok
15:00:19.0881 12392 [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
15:00:19.0882 12392 61883 - ok
15:00:19.0953 12392 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
15:00:19.0954 12392 a2acc - ok
15:00:20.0012 12392 [ 4B9C5EEBEE862574CF794582104F0C91 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
15:00:20.0030 12392 a2AntiMalware - ok
15:00:20.0045 12392 [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
15:00:20.0045 12392 A2DDA - ok
15:00:20.0056 12392 [ 3D55CE53128C81E06CD6B024C3B9FAC3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
15:00:20.0056 12392 a2injectiondriver - ok
15:00:20.0070 12392 [ 0932B29AA1B9372FFE6D3AF8BA2ABA3A ] a2util          C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
15:00:20.0071 12392 a2util - ok
15:00:20.0089 12392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:00:20.0093 12392 ACPI - ok
15:00:20.0108 12392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:00:20.0108 12392 AcpiPmi - ok
15:00:20.0212 12392 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
15:00:20.0213 12392 AdobeActiveFileMonitor5.0 - ok
15:00:20.0339 12392 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:20.0341 12392 AdobeFlashPlayerUpdateSvc - ok
15:00:20.0401 12392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:20.0406 12392 adp94xx - ok
15:00:20.0431 12392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:00:20.0435 12392 adpahci - ok
15:00:20.0449 12392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:00:20.0452 12392 adpu320 - ok
15:00:20.0496 12392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:00:20.0498 12392 AeLookupSvc - ok
15:00:20.0567 12392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:00:20.0572 12392 AFD - ok
15:00:20.0586 12392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:00:20.0644 12392 agp440 - ok
15:00:20.0771 12392 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll
15:00:20.0771 12392 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
15:00:20.0779 12392 Akamai ( HiddenFile.Multi.Generic ) - warning
15:00:20.0780 12392 Akamai - detected HiddenFile.Multi.Generic (1)
15:00:20.0802 12392 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:00:20.0803 12392 ALG - ok
15:00:20.0817 12392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:00:20.0818 12392 aliide - ok
15:00:20.0874 12392 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:00:20.0875 12392 AMD External Events Utility - ok
15:00:20.0892 12392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:00:20.0893 12392 amdide - ok
15:00:20.0911 12392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:00:20.0914 12392 AmdK8 - ok
15:00:21.0094 12392 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:21.0241 12392 amdkmdag - ok
15:00:21.0269 12392 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:00:21.0272 12392 amdkmdap - ok
15:00:21.0289 12392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:00:21.0291 12392 AmdPPM - ok
15:00:21.0305 12392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:00:21.0307 12392 amdsata - ok
15:00:21.0325 12392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:21.0328 12392 amdsbs - ok
15:00:21.0346 12392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:00:21.0347 12392 amdxata - ok
15:00:21.0389 12392 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:00:21.0391 12392 AppID - ok
15:00:21.0403 12392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:00:21.0404 12392 AppIDSvc - ok
15:00:21.0457 12392 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:00:21.0458 12392 Appinfo - ok
15:00:21.0512 12392 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:00:21.0514 12392 Apple Mobile Device - ok
15:00:21.0532 12392 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:00:21.0534 12392 arc - ok
15:00:21.0547 12392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:00:21.0549 12392 arcsas - ok
15:00:21.0577 12392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:21.0578 12392 AsyncMac - ok
15:00:21.0596 12392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:00:21.0597 12392 atapi - ok
15:00:21.0653 12392 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:00:21.0687 12392 athr - ok
15:00:21.0719 12392 [ 04A5815DF7E8B037DF674D3CCACC0C31 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:00:21.0721 12392 AtiHdmiService - ok
15:00:21.0876 12392 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:21.0926 12392 atikmdag - ok
15:00:21.0986 12392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:21.0994 12392 AudioEndpointBuilder - ok
15:00:22.0004 12392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:00:22.0009 12392 AudioSrv - ok
15:00:22.0044 12392 [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
15:00:22.0045 12392 Avc - ok
15:00:22.0107 12392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:00:22.0109 12392 AxInstSV - ok
15:00:22.0136 12392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:00:22.0142 12392 b06bdrv - ok
15:00:22.0174 12392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:22.0177 12392 b57nd60a - ok
15:00:22.0266 12392 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:00:22.0268 12392 BBSvc - ok
15:00:22.0315 12392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:00:22.0317 12392 BDESVC - ok
15:00:22.0325 12392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:00:22.0326 12392 Beep - ok
15:00:22.0402 12392 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:00:22.0410 12392 BFE - ok
15:00:22.0643 12392 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120919.001\BHDrvx64.sys
15:00:22.0669 12392 BHDrvx64 - ok
15:00:22.0698 12392 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:00:22.0708 12392 BITS - ok
15:00:22.0722 12392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:22.0723 12392 blbdrive - ok
15:00:22.0759 12392 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:00:22.0762 12392 Bonjour Service - ok
15:00:22.0808 12392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:00:22.0810 12392 bowser - ok
15:00:22.0838 12392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:22.0838 12392 BrFiltLo - ok
15:00:22.0854 12392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:22.0854 12392 BrFiltUp - ok
15:00:22.0879 12392 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:00:22.0881 12392 Browser - ok
15:00:22.0899 12392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:00:22.0902 12392 Brserid - ok
15:00:22.0925 12392 [ 34F6C504B150F99DAE69D7073D2A4DF4 ] BrSerIf         C:\Windows\system32\DRIVERS\BrSerIf.sys
15:00:22.0927 12392 BrSerIf - ok
15:00:22.0943 12392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:22.0944 12392 BrSerWdm - ok
15:00:22.0971 12392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:22.0972 12392 BrUsbMdm - ok
15:00:23.0003 12392 [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
15:00:23.0005 12392 BrUsbSer - ok
15:00:23.0022 12392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:23.0024 12392 BTHMODEM - ok
15:00:23.0063 12392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:00:23.0065 12392 bthserv - ok
15:00:23.0092 12392 btttxhzs - ok
15:00:23.0182 12392 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
15:00:23.0185 12392 ccSet_NIS - ok
15:00:23.0201 12392 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:00:23.0203 12392 cdfs - ok
15:00:23.0261 12392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:00:23.0263 12392 cdrom - ok
15:00:23.0304 12392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:00:23.0305 12392 CertPropSvc - ok
15:00:23.0319 12392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:00:23.0320 12392 circlass - ok
15:00:23.0367 12392 [ 3C6A8D415FF38AFEB03A6206213D9D96 ] cleanhlp        C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
15:00:23.0367 12392 cleanhlp - ok
15:00:23.0416 12392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:00:23.0421 12392 CLFS - ok
15:00:23.0516 12392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:23.0517 12392 clr_optimization_v2.0.50727_32 - ok
15:00:23.0614 12392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:23.0616 12392 clr_optimization_v2.0.50727_64 - ok
15:00:23.0699 12392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:23.0701 12392 clr_optimization_v4.0.30319_32 - ok
15:00:23.0732 12392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:23.0734 12392 clr_optimization_v4.0.30319_64 - ok
15:00:23.0753 12392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:23.0754 12392 CmBatt - ok
15:00:23.0792 12392 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:00:23.0793 12392 cmdide - ok
15:00:23.0842 12392 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:00:23.0846 12392 CNG - ok
15:00:23.0914 12392 [ 040FF3B09F26926A3792E047DB0F47DD ] cnnctfy2        C:\Windows\system32\DRIVERS\cnnctfy2.sys
15:00:23.0914 12392 cnnctfy2 - ok
15:00:23.0957 12392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:00:23.0958 12392 Compbatt - ok
15:00:23.0999 12392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:00:24.0000 12392 CompositeBus - ok
15:00:24.0005 12392 COMSysApp - ok
15:00:24.0056 12392 [ 27A6C0D6DF4734852A9065624F3580D4 ] Connectify      C:\Program Files (x86)\Connectify\ConnectifyService.exe
15:00:24.0058 12392 Connectify - ok
15:00:24.0072 12392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:24.0073 12392 crcdisk - ok
15:00:24.0124 12392 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:00:24.0127 12392 CryptSvc - ok
15:00:24.0176 12392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:00:24.0184 12392 DcomLaunch - ok
15:00:24.0231 12392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:00:24.0234 12392 defragsvc - ok
15:00:24.0277 12392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:00:24.0279 12392 DfsC - ok
15:00:24.0304 12392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:00:24.0308 12392 Dhcp - ok
15:00:24.0314 12392 dirlobdi - ok
15:00:24.0328 12392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:00:24.0329 12392 discache - ok
15:00:24.0343 12392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:00:24.0344 12392 Disk - ok
15:00:24.0391 12392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:00:24.0394 12392 Dnscache - ok
15:00:24.0438 12392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:00:24.0441 12392 dot3svc - ok
15:00:24.0483 12392 [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:00:24.0485 12392 Dot4 - ok
15:00:24.0514 12392 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
15:00:24.0516 12392 Dot4Print - ok
15:00:24.0538 12392 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:00:24.0539 12392 dot4usb - ok
15:00:24.0582 12392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:00:24.0585 12392 DPS - ok
15:00:24.0646 12392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:00:24.0647 12392 drmkaud - ok
15:00:24.0705 12392 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:00:24.0716 12392 DXGKrnl - ok
15:00:24.0734 12392 EagleX64 - ok
15:00:24.0787 12392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:00:24.0790 12392 EapHost - ok
15:00:24.0866 12392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:00:24.0925 12392 ebdrv - ok
15:00:24.0989 12392 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:00:24.0994 12392 eeCtrl - ok
15:00:25.0043 12392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:00:25.0044 12392 EFS - ok
15:00:25.0141 12392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:00:25.0149 12392 ehRecvr - ok
15:00:25.0189 12392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:00:25.0191 12392 ehSched - ok
15:00:25.0224 12392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:00:25.0230 12392 elxstor - ok
15:00:25.0264 12392 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:00:25.0266 12392 EraserUtilRebootDrv - ok
15:00:25.0308 12392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:00:25.0309 12392 ErrDev - ok
15:00:25.0336 12392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:00:25.0340 12392 EventSystem - ok
15:00:25.0360 12392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:00:25.0363 12392 exfat - ok
15:00:25.0382 12392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:00:25.0385 12392 fastfat - ok
15:00:25.0414 12392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:00:25.0422 12392 Fax - ok
15:00:25.0445 12392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:00:25.0446 12392 fdc - ok
15:00:25.0456 12392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:00:25.0457 12392 fdPHost - ok
15:00:25.0475 12392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:00:25.0477 12392 FDResPub - ok
15:00:25.0501 12392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:00:25.0502 12392 FileInfo - ok
15:00:25.0512 12392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:00:25.0513 12392 Filetrace - ok
15:00:25.0526 12392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:25.0527 12392 flpydisk - ok
15:00:25.0545 12392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:00:25.0549 12392 FltMgr - ok
15:00:25.0611 12392 [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:00:25.0638 12392 FontCache - ok
15:00:25.0723 12392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:25.0724 12392 FontCache3.0.0.0 - ok
15:00:25.0743 12392 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:00:25.0744 12392 FsDepends - ok
15:00:25.0794 12392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:00:25.0795 12392 Fs_Rec - ok
15:00:25.0857 12392 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:00:25.0860 12392 fvevol - ok
15:00:25.0881 12392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:25.0883 12392 gagp30kx - ok
15:00:25.0938 12392 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:00:25.0939 12392 GEARAspiWDM - ok
15:00:25.0994 12392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:00:26.0003 12392 gpsvc - ok
15:00:26.0088 12392 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:26.0090 12392 gupdate - ok
15:00:26.0108 12392 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:26.0110 12392 gupdatem - ok
15:00:26.0150 12392 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:00:26.0151 12392 gusvc - ok
15:00:26.0172 12392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:00:26.0173 12392 hcw85cir - ok
15:00:26.0214 12392 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:26.0218 12392 HdAudAddService - ok
15:00:26.0268 12392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:00:26.0270 12392 HDAudBus - ok
15:00:26.0295 12392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:26.0297 12392 HidBatt - ok
15:00:26.0318 12392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:00:26.0320 12392 HidBth - ok
15:00:26.0337 12392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:00:26.0339 12392 HidIr - ok
15:00:26.0384 12392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:00:26.0386 12392 hidserv - ok
15:00:26.0447 12392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:00:26.0449 12392 HidUsb - ok
15:00:26.0498 12392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:00:26.0501 12392 hkmsvc - ok
15:00:26.0552 12392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:26.0556 12392 HomeGroupListener - ok
15:00:26.0570 12392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:26.0573 12392 HomeGroupProvider - ok
15:00:26.0643 12392 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:00:26.0644 12392 HP Health Check Service - ok
15:00:26.0683 12392 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv        C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
15:00:26.0684 12392 HPBtnSrv - ok
15:00:26.0781 12392 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:00:26.0784 12392 hpqcxs08 - ok
15:00:26.0811 12392 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:00:26.0813 12392 hpqddsvc - ok
15:00:26.0832 12392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:00:26.0834 12392 HpSAMD - ok
15:00:26.0889 12392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:00:26.0897 12392 HTTP - ok
15:00:26.0938 12392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:00:26.0939 12392 hwpolicy - ok
15:00:26.0956 12392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:00:26.0958 12392 i8042prt - ok
15:00:26.0987 12392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:00:26.0992 12392 iaStorV - ok
15:00:27.0039 12392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:27.0048 12392 idsvc - ok
15:00:27.0135 12392 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120919.001\IDSvia64.sys
15:00:27.0141 12392 IDSVia64 - ok
15:00:27.0191 12392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:00:27.0192 12392 iirsp - ok
15:00:27.0223 12392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:00:27.0232 12392 IKEEXT - ok
15:00:27.0294 12392 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:00:27.0339 12392 IntcAzAudAddService - ok
15:00:27.0356 12392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:00:27.0357 12392 intelide - ok
15:00:27.0383 12392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:00:27.0385 12392 intelppm - ok
15:00:27.0431 12392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:00:27.0433 12392 IPBusEnum - ok
15:00:27.0477 12392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:27.0479 12392 IpFilterDriver - ok
15:00:27.0552 12392 [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
15:00:27.0559 12392 IpHlpSvc - ok
15:00:27.0579 12392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:00:27.0581 12392 IPMIDRV - ok
15:00:27.0598 12392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:00:27.0600 12392 IPNAT - ok
15:00:27.0638 12392 [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:00:27.0645 12392 iPod Service - ok
15:00:27.0663 12392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:00:27.0664 12392 IRENUM - ok
15:00:27.0685 12392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:00:27.0685 12392 isapnp - ok
15:00:27.0705 12392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:00:27.0708 12392 iScsiPrt - ok
15:00:27.0726 12392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:27.0728 12392 kbdclass - ok
15:00:27.0741 12392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:27.0742 12392 kbdhid - ok
15:00:27.0749 12392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:00:27.0751 12392 KeyIso - ok
15:00:27.0773 12392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:00:27.0774 12392 KSecDD - ok
15:00:27.0819 12392 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:00:27.0821 12392 KSecPkg - ok
15:00:27.0834 12392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:00:27.0835 12392 ksthunk - ok
15:00:27.0877 12392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:00:27.0883 12392 KtmRm - ok
15:00:27.0948 12392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:00:27.0953 12392 LanmanServer - ok
15:00:27.0997 12392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:28.0002 12392 LanmanWorkstation - ok
15:00:28.0082 12392 [ 549B88970B3CFD211A354A016EDF766E ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
15:00:28.0091 12392 LeapFrog Connect Device Service - ok
15:00:28.0158 12392 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:00:28.0159 12392 LightScribeService - ok
15:00:28.0183 12392 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:00:28.0185 12392 lltdio - ok
15:00:28.0235 12392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:00:28.0239 12392 lltdsvc - ok
15:00:28.0261 12392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:00:28.0263 12392 lmhosts - ok
15:00:28.0296 12392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:28.0298 12392 LSI_FC - ok
15:00:28.0317 12392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:28.0319 12392 LSI_SAS - ok
15:00:28.0330 12392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:28.0332 12392 LSI_SAS2 - ok
15:00:28.0350 12392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:28.0352 12392 LSI_SCSI - ok
15:00:28.0372 12392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:00:28.0374 12392 luafv - ok
15:00:28.0395 12392 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
15:00:28.0398 12392 MarvinBus - ok
15:00:28.0449 12392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:00:28.0452 12392 Mcx2Svc - ok
15:00:28.0476 12392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:00:28.0477 12392 megasas - ok
15:00:28.0498 12392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:28.0501 12392 MegaSR - ok
15:00:28.0541 12392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:00:28.0543 12392 MMCSS - ok
15:00:28.0563 12392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:00:28.0564 12392 Modem - ok
15:00:28.0598 12392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:00:28.0599 12392 monitor - ok
15:00:28.0649 12392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:00:28.0650 12392 mouclass - ok
15:00:28.0664 12392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:00:28.0665 12392 mouhid - ok
15:00:28.0710 12392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:00:28.0711 12392 mountmgr - ok
15:00:28.0780 12392 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:28.0781 12392 MozillaMaintenance - ok
15:00:28.0837 12392 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:00:28.0840 12392 MpFilter - ok
15:00:28.0859 12392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:00:28.0861 12392 mpio - ok
15:00:28.0888 12392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:00:28.0890 12392 mpsdrv - ok
15:00:28.0947 12392 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:00:28.0957 12392 MpsSvc - ok
15:00:29.0008 12392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:00:29.0010 12392 MRxDAV - ok
15:00:29.0057 12392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:29.0059 12392 mrxsmb - ok
15:00:29.0105 12392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:29.0108 12392 mrxsmb10 - ok
15:00:29.0121 12392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:29.0123 12392 mrxsmb20 - ok
15:00:29.0144 12392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:00:29.0145 12392 msahci - ok
15:00:29.0193 12392 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:00:29.0195 12392 msdsm - ok
15:00:29.0217 12392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:00:29.0220 12392 MSDTC - ok
15:00:29.0264 12392 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
15:00:29.0266 12392 MSDV - ok
15:00:29.0289 12392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:00:29.0289 12392 Msfs - ok
15:00:29.0300 12392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:00:29.0301 12392 mshidkmdf - ok
15:00:29.0311 12392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:00:29.0311 12392 msisadrv - ok
15:00:29.0366 12392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:00:29.0368 12392 MSiSCSI - ok
15:00:29.0377 12392 msiserver - ok
15:00:29.0409 12392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:00:29.0409 12392 MSKSSRV - ok
15:00:29.0495 12392 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:00:29.0495 12392 MsMpSvc - ok
15:00:29.0522 12392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:29.0523 12392 MSPCLOCK - ok
15:00:29.0544 12392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:00:29.0545 12392 MSPQM - ok
15:00:29.0564 12392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:00:29.0568 12392 MsRPC - ok
15:00:29.0588 12392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:00:29.0589 12392 mssmbios - ok
15:00:29.0607 12392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:00:29.0608 12392 MSTEE - ok
15:00:29.0621 12392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:29.0622 12392 MTConfig - ok
15:00:29.0639 12392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:00:29.0640 12392 Mup - ok
15:00:29.0692 12392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:00:29.0696 12392 napagent - ok
15:00:29.0733 12392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:00:29.0737 12392 NativeWifiP - ok
15:00:29.0848 12392 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\VirusDefs\20120920.002\ENG64.SYS
15:00:29.0850 12392 NAVENG - ok
15:00:29.0904 12392 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\VirusDefs\20120920.002\EX64.SYS
15:00:29.0947 12392 NAVEX15 - ok
15:00:29.0997 12392 [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:00:30.0008 12392 NDIS - ok
15:00:30.0023 12392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:30.0025 12392 NdisCap - ok
15:00:30.0061 12392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:30.0062 12392 NdisTapi - ok
15:00:30.0109 12392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:30.0110 12392 Ndisuio - ok
15:00:30.0159 12392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:30.0161 12392 NdisWan - ok
15:00:30.0207 12392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:00:30.0209 12392 NDProxy - ok
15:00:30.0262 12392 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:00:30.0264 12392 Net Driver HPZ12 - ok
15:00:30.0276 12392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:00:30.0278 12392 NetBIOS - ok
15:00:30.0303 12392 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:00:30.0306 12392 NetBT - ok
15:00:30.0320 12392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:00:30.0322 12392 Netlogon - ok
15:00:30.0380 12392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:00:30.0385 12392 Netman - ok
15:00:30.0403 12392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:00:30.0408 12392 netprofm - ok
15:00:30.0460 12392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:30.0461 12392 NetTcpPortSharing - ok
15:00:30.0496 12392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:30.0498 12392 nfrd960 - ok
15:00:30.0640 12392 [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
15:00:30.0642 12392 NIS - ok
15:00:30.0692 12392 [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:00:30.0694 12392 NisDrv - ok
15:00:30.0733 12392 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
15:00:30.0736 12392 NisSrv - ok
15:00:30.0795 12392 [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:00:30.0800 12392 NlaSvc - ok
15:00:30.0820 12392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:00:30.0821 12392 Npfs - ok
15:00:30.0852 12392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:00:30.0854 12392 nsi - ok
15:00:30.0887 12392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:00:30.0888 12392 nsiproxy - ok
15:00:30.0967 12392 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:00:31.0002 12392 Ntfs - ok
15:00:31.0015 12392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:00:31.0016 12392 Null - ok
15:00:31.0042 12392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:00:31.0044 12392 nvraid - ok
15:00:31.0106 12392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:00:31.0108 12392 nvstor - ok
15:00:31.0134 12392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:00:31.0136 12392 nv_agp - ok
15:00:31.0256 12392 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:00:31.0260 12392 odserv - ok
15:00:31.0327 12392 [ E52479B03A57DC3D4BABD9C5536C94D6 ] OEM05Afx        C:\Windows\system32\Drivers\OEM05Afx.sys
15:00:31.0330 12392 OEM05Afx - ok
15:00:31.0364 12392 [ 766F689564BC30E5A91F8621CE65AD68 ] OEM05Vfx        C:\Windows\system32\DRIVERS\OEM05Vfx.sys
15:00:31.0365 12392 OEM05Vfx - ok
15:00:31.0390 12392 [ 859F850A4FD021A66493D18CBA847792 ] OEM05Vid        C:\Windows\system32\DRIVERS\OEM05Vid.sys
15:00:31.0393 12392 OEM05Vid - ok
15:00:31.0440 12392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:00:31.0442 12392 ohci1394 - ok
15:00:31.0468 12392 [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:00:31.0470 12392 ose - ok
15:00:31.0501 12392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:00:31.0505 12392 p2pimsvc - ok
15:00:31.0528 12392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:00:31.0533 12392 p2psvc - ok
15:00:31.0558 12392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:00:31.0560 12392 Parport - ok
15:00:31.0608 12392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:00:31.0610 12392 partmgr - ok
15:00:31.0632 12392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:00:31.0635 12392 PcaSvc - ok
15:00:31.0653 12392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:00:31.0655 12392 pci - ok
15:00:31.0672 12392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:00:31.0673 12392 pciide - ok
15:00:31.0697 12392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:31.0700 12392 pcmcia - ok
15:00:31.0719 12392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:00:31.0720 12392 pcw - ok
15:00:31.0743 12392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:00:31.0750 12392 PEAUTH - ok
15:00:31.0854 12392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:00:31.0856 12392 PerfHost - ok
15:00:31.0947 12392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:00:31.0973 12392 pla - ok
15:00:32.0026 12392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:00:32.0032 12392 PlugPlay - ok
15:00:32.0079 12392 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:00:32.0081 12392 Pml Driver HPZ12 - ok
15:00:32.0099 12392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:00:32.0101 12392 PNRPAutoReg - ok
15:00:32.0114 12392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:00:32.0117 12392 PNRPsvc - ok
15:00:32.0145 12392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:00:32.0151 12392 PolicyAgent - ok
15:00:32.0205 12392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:00:32.0208 12392 Power - ok
15:00:32.0260 12392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:00:32.0262 12392 PptpMiniport - ok
15:00:32.0289 12392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:00:32.0290 12392 Processor - ok
15:00:32.0341 12392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:00:32.0345 12392 ProfSvc - ok
15:00:32.0360 12392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:32.0362 12392 ProtectedStorage - ok
15:00:32.0416 12392 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:00:32.0417 12392 Psched - ok
15:00:32.0444 12392 [ 452C20382DF763F966C12DC48259F34E ] PTUMWBus        C:\Windows\system32\DRIVERS\PTUMWBus.sys
15:00:32.0446 12392 PTUMWBus - ok
15:00:32.0484 12392 [ 3754C646BBDAEDAFC09F793C6B38E877 ] PTUMWCDF        C:\Windows\system32\DRIVERS\PTUMWCDF.sys
15:00:32.0485 12392 PTUMWCDF - ok
15:00:32.0504 12392 [ AC86BB916FBEA16B0005EFC3BA3ADB58 ] PTUMWFLT        C:\Windows\system32\DRIVERS\PTUMWFLT.sys
15:00:32.0505 12392 PTUMWFLT - ok
15:00:32.0525 12392 [ CB146794BC3B96661A32CBD68673B479 ] PTUMWMdm        C:\Windows\system32\DRIVERS\PTUMWMdm.sys
15:00:32.0527 12392 PTUMWMdm - ok
15:00:32.0547 12392 [ 329E77868A92BB6F97C119050D97E9EC ] PTUMWNET        C:\Windows\system32\DRIVERS\PTUMWNET.sys
15:00:32.0549 12392 PTUMWNET - ok
15:00:32.0573 12392 [ 4FFD7E6D2CB293849C1181D08717EA09 ] PTUMWVsp        C:\Windows\system32\DRIVERS\PTUMWVsp.sys
15:00:32.0576 12392 PTUMWVsp - ok
15:00:32.0618 12392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:00:32.0644 12392 ql2300 - ok
15:00:32.0672 12392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:32.0675 12392 ql40xx - ok
15:00:32.0725 12392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:00:32.0729 12392 QWAVE - ok
15:00:32.0749 12392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:00:32.0751 12392 QWAVEdrv - ok
15:00:32.0771 12392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:00:32.0771 12392 RasAcd - ok
15:00:32.0825 12392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:32.0827 12392 RasAgileVpn - ok
15:00:32.0852 12392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:00:32.0855 12392 RasAuto - ok
15:00:32.0905 12392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:32.0907 12392 Rasl2tp - ok
15:00:32.0963 12392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:00:32.0968 12392 RasMan - ok
15:00:32.0986 12392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:32.0988 12392 RasPppoe - ok
15:00:33.0002 12392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:00:33.0004 12392 RasSstp - ok
15:00:33.0051 12392 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:00:33.0054 12392 rdbss - ok
15:00:33.0079 12392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:33.0080 12392 rdpbus - ok
15:00:33.0104 12392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:33.0104 12392 RDPCDD - ok
15:00:33.0135 12392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:00:33.0136 12392 RDPENCDD - ok
15:00:33.0154 12392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:00:33.0155 12392 RDPREFMP - ok
15:00:33.0199 12392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:00:33.0202 12392 RDPWD - ok
15:00:33.0249 12392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:00:33.0251 12392 rdyboost - ok
15:00:33.0312 12392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:00:33.0315 12392 RemoteAccess - ok
15:00:33.0331 12392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:00:33.0335 12392 RemoteRegistry - ok
15:00:33.0361 12392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:00:33.0364 12392 RpcEptMapper - ok
15:00:33.0373 12392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:00:33.0374 12392 RpcLocator - ok
15:00:33.0425 12392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:00:33.0430 12392 RpcSs - ok
15:00:33.0455 12392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:00:33.0457 12392 rspndr - ok
15:00:33.0494 12392 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:00:33.0497 12392 RTL8167 - ok
15:00:33.0554 12392 [ D53C84EC99AB4D78A90001E5CE5386EC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
15:00:33.0557 12392 RTL8169 - ok
15:00:33.0583 12392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:00:33.0585 12392 SamSs - ok
15:00:33.0679 12392 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:00:33.0680 12392 SASDIFSV - ok
15:00:33.0712 12392 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:00:33.0713 12392 SASKUTIL - ok
15:00:33.0750 12392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:00:33.0752 12392 sbp2port - ok
15:00:33.0779 12392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:00:33.0783 12392 SCardSvr - ok
15:00:33.0836 12392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:00:33.0837 12392 scfilter - ok
15:00:33.0873 12392 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:00:33.0899 12392 Schedule - ok
15:00:33.0942 12392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:00:33.0943 12392 SCPolicySvc - ok
15:00:33.0992 12392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:00:33.0996 12392 SDRSVC - ok
15:00:34.0083 12392 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:00:34.0085 12392 SeaPort - ok
15:00:34.0141 12392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:00:34.0142 12392 secdrv - ok
15:00:34.0196 12392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:00:34.0199 12392 seclogon - ok
15:00:34.0220 12392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:00:34.0223 12392 SENS - ok
15:00:34.0234 12392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:00:34.0236 12392 SensrSvc - ok
15:00:34.0258 12392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:00:34.0259 12392 Serenum - ok
15:00:34.0295 12392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:00:34.0297 12392 Serial - ok
15:00:34.0318 12392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:00:34.0319 12392 sermouse - ok
15:00:34.0391 12392 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:00:34.0395 12392 SessionEnv - ok
15:00:34.0419 12392 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:00:34.0420 12392 sffdisk - ok
15:00:34.0442 12392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:00:34.0442 12392 sffp_mmc - ok
15:00:34.0457 12392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:00:34.0458 12392 sffp_sd - ok
15:00:34.0476 12392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:34.0477 12392 sfloppy - ok
15:00:34.0531 12392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:00:34.0536 12392 SharedAccess - ok
15:00:34.0562 12392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:34.0567 12392 ShellHWDetection - ok
15:00:34.0598 12392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:34.0599 12392 SiSRaid2 - ok
15:00:34.0616 12392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:34.0618 12392 SiSRaid4 - ok
15:00:34.0734 12392 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:00:34.0736 12392 SkypeUpdate - ok
15:00:34.0764 12392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:00:34.0766 12392 Smb - ok
15:00:34.0811 12392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:00:34.0814 12392 SNMPTRAP - ok
15:00:34.0835 12392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:00:34.0836 12392 spldr - ok
15:00:34.0868 12392 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:00:34.0873 12392 Spooler - ok
15:00:34.0965 12392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:00:34.0986 12392 sppsvc - ok
15:00:35.0006 12392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:00:35.0009 12392 sppuinotify - ok
15:00:35.0099 12392 [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
15:00:35.0107 12392 SRTSP - ok
15:00:35.0128 12392 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
15:00:35.0129 12392 SRTSPX - ok
15:00:35.0185 12392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:00:35.0190 12392 srv - ok
15:00:35.0215 12392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:00:35.0220 12392 srv2 - ok
15:00:35.0240 12392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:00:35.0243 12392 srvnet - ok
15:00:35.0269 12392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:00:35.0273 12392 SSDPSRV - ok
15:00:35.0289 12392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:00:35.0292 12392 SstpSvc - ok
15:00:35.0315 12392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:00:35.0316 12392 stexstor - ok
15:00:35.0352 12392 [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:00:35.0353 12392 StillCam - ok
15:00:35.0436 12392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:00:35.0444 12392 stisvc - ok
15:00:35.0491 12392 [ B6BAF8151060F07386C72BC5641290B3 ] StkTMini        C:\Windows\system32\Drivers\StkTMini.sys
15:00:35.0498 12392 StkTMini - ok
15:00:35.0546 12392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:00:35.0547 12392 swenum - ok
15:00:35.0567 12392 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:00:35.0572 12392 swprv - ok
15:00:35.0598 12392 [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
15:00:35.0603 12392 SymDS - ok
15:00:35.0643 12392 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
15:00:35.0668 12392 SymEFA - ok
15:00:35.0721 12392 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:00:35.0723 12392 SymEvent - ok
15:00:35.0773 12392 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
15:00:35.0776 12392 SymIRON - ok
15:00:35.0805 12392 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
15:00:35.0810 12392 SymNetS - ok
15:00:35.0881 12392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:00:35.0893 12392 SysMain - ok
15:00:35.0939 12392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:35.0942 12392 TabletInputService - ok
15:00:35.0999 12392 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
15:00:36.0001 12392 tap0901 - ok
15:00:36.0064 12392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:00:36.0069 12392 TapiSrv - ok
15:00:36.0084 12392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:00:36.0086 12392 TBS - ok
15:00:36.0165 12392 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:00:36.0200 12392 Tcpip - ok
15:00:36.0264 12392 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:00:36.0275 12392 TCPIP6 - ok
15:00:36.0329 12392 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:00:36.0331 12392 tcpipreg - ok
15:00:36.0392 12392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:00:36.0393 12392 TDPIPE - ok
15:00:36.0444 12392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:00:36.0445 12392 TDTCP - ok
15:00:36.0493 12392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:00:36.0496 12392 tdx - ok
15:00:36.0544 12392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:00:36.0545 12392 TermDD - ok
15:00:36.0603 12392 [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:00:36.0612 12392 TermService - ok
15:00:36.0629 12392 [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:00:36.0632 12392 Themes - ok
15:00:36.0682 12392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:00:36.0684 12392 THREADORDER - ok
15:00:36.0704 12392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:00:36.0707 12392 TrkWks - ok
15:00:36.0767 12392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:36.0769 12392 TrustedInstaller - ok
15:00:36.0795 12392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:36.0796 12392 tssecsrv - ok
15:00:36.0851 12392 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:00:36.0853 12392 TsUsbFlt - ok
15:00:36.0915 12392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:00:36.0918 12392 tunnel - ok
15:00:36.0944 12392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:00:36.0945 12392 uagp35 - ok
15:00:37.0000 12392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:00:37.0005 12392 udfs - ok
15:00:37.0051 12392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:00:37.0053 12392 UI0Detect - ok
15:00:37.0114 12392 [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:00:37.0115 12392 UleadBurningHelper - ok
15:00:37.0140 12392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:00:37.0141 12392 uliagpkx - ok
15:00:37.0193 12392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:00:37.0194 12392 umbus - ok
15:00:37.0215 12392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:00:37.0216 12392 UmPass - ok
15:00:37.0241 12392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:00:37.0246 12392 upnphost - ok
15:00:37.0298 12392 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:00:37.0300 12392 USBAAPL64 - ok
15:00:37.0361 12392 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:00:37.0363 12392 usbaudio - ok
15:00:37.0409 12392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:37.0411 12392 usbccgp - ok
15:00:37.0464 12392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:00:37.0466 12392 usbcir - ok
15:00:37.0510 12392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:00:37.0512 12392 usbehci - ok
15:00:37.0535 12392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:00:37.0539 12392 usbhub - ok
15:00:37.0590 12392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:00:37.0592 12392 usbohci - ok
15:00:37.0610 12392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:00:37.0611 12392 usbprint - ok
15:00:37.0662 12392 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:00:37.0663 12392 usbscan - ok
15:00:37.0685 12392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:37.0687 12392 USBSTOR - ok
15:00:37.0736 12392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:00:37.0737 12392 usbuhci - ok
15:00:37.0805 12392 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:00:37.0807 12392 usbvideo - ok
15:00:37.0831 12392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:00:37.0834 12392 UxSms - ok
15:00:37.0854 12392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:00:37.0855 12392 VaultSvc - ok
15:00:37.0870 12392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:00:37.0871 12392 vdrvroot - ok
15:00:37.0946 12392 [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:00:37.0955 12392 vds - ok
15:00:37.0994 12392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:37.0995 12392 vga - ok
15:00:38.0014 12392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:00:38.0015 12392 VgaSave - ok
15:00:38.0047 12392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:00:38.0050 12392 vhdmp - ok
15:00:38.0075 12392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:00:38.0076 12392 viaide - ok
15:00:38.0099 12392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:00:38.0100 12392 volmgr - ok
15:00:38.0156 12392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:00:38.0160 12392 volmgrx - ok
15:00:38.0187 12392 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:00:38.0190 12392 volsnap - ok
15:00:38.0227 12392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:00:38.0229 12392 vsmraid - ok
15:00:38.0300 12392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:00:38.0311 12392 VSS - ok
15:00:38.0331 12392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:00:38.0332 12392 vwifibus - ok
15:00:38.0351 12392 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:00:38.0352 12392 vwififlt - ok
15:00:38.0387 12392 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:00:38.0388 12392 vwifimp - ok
15:00:38.0444 12392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:00:38.0450 12392 W32Time - ok
15:00:38.0480 12392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:00:38.0481 12392 WacomPen - ok
15:00:38.0509 12392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:00:38.0510 12392 WANARP - ok
15:00:38.0522 12392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:00:38.0523 12392 Wanarpv6 - ok
15:00:38.0581 12392 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:00:38.0607 12392 WatAdminSvc - ok
15:00:38.0652 12392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:00:38.0678 12392 wbengine - ok
15:00:38.0730 12392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:00:38.0734 12392 WbioSrvc - ok
15:00:38.0787 12392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:00:38.0793 12392 wcncsvc - ok
15:00:38.0814 12392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:00:38.0817 12392 WcsPlugInService - ok
15:00:38.0838 12392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:00:38.0839 12392 Wd - ok
15:00:38.0898 12392 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:00:38.0906 12392 Wdf01000 - ok
15:00:38.0930 12392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:00:38.0932 12392 WdiServiceHost - ok
15:00:38.0944 12392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:00:38.0947 12392 WdiSystemHost - ok
15:00:38.0996 12392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:00:39.0000 12392 WebClient - ok
15:00:39.0025 12392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:00:39.0030 12392 Wecsvc - ok
15:00:39.0053 12392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:00:39.0056 12392 wercplsupport - ok
15:00:39.0085 12392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:00:39.0088 12392 WerSvc - ok
15:00:39.0105 12392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:39.0105 12392 WfpLwf - ok
15:00:39.0117 12392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:00:39.0118 12392 WIMMount - ok
15:00:39.0173 12392 WinDefend - ok
15:00:39.0197 12392 WinHttpAutoProxySvc - ok
15:00:39.0294 12392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:00:39.0297 12392 Winmgmt - ok
15:00:39.0379 12392 [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:00:39.0414 12392 WinRM - ok
15:00:39.0507 12392 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:00:39.0508 12392 WinUsb - ok
15:00:39.0571 12392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:00:39.0581 12392 Wlansvc - ok
15:00:39.0764 12392 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:00:39.0778 12392 wlidsvc - ok
15:00:39.0828 12392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:00:39.0829 12392 WmiAcpi - ok
15:00:39.0887 12392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:00:39.0890 12392 wmiApSrv - ok
15:00:39.0904 12392 WMPNetworkSvc - ok
15:00:39.0996 12392 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
15:00:39.0999 12392 WMZuneComm - ok
15:00:40.0023 12392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:00:40.0025 12392 WPCSvc - ok
15:00:40.0079 12392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:00:40.0082 12392 WPDBusEnum - ok
15:00:40.0098 12392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:00:40.0099 12392 ws2ifsl - ok
15:00:40.0128 12392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:00:40.0131 12392 wscsvc - ok
15:00:40.0143 12392 WSearch - ok
15:00:40.0249 12392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:00:40.0265 12392 wuauserv - ok
15:00:40.0317 12392 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:00:40.0319 12392 WudfPf - ok
15:00:40.0350 12392 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:40.0353 12392 WUDFRd - ok
15:00:40.0400 12392 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:00:40.0403 12392 wudfsvc - ok
15:00:40.0456 12392 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:00:40.0461 12392 WwanSvc - ok
15:00:40.0652 12392 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
15:00:40.0800 12392 ZuneNetworkSvc - ok
15:00:40.0883 12392 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:00:40.0887 12392 ZuneWlanCfgSvc - ok
15:00:40.0950 12392 ================ Scan global ===============================
15:00:40.0989 12392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:00:41.0032 12392 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:00:41.0040 12392 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:00:41.0084 12392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:00:41.0132 12392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:00:41.0136 12392 [Global] - ok
15:00:41.0136 12392 ================ Scan MBR ==================================
15:00:41.0143 12392 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
15:00:41.0292 12392 \Device\Harddisk0\DR0 - ok
15:00:41.0293 12392 ================ Scan VBR ==================================
15:00:41.0296 12392 [ 5B92C371829B3403019A397C3E823D2D ] \Device\Harddisk0\DR0\Partition1
15:00:41.0297 12392 \Device\Harddisk0\DR0\Partition1 - ok
15:00:41.0300 12392 [ 2BABACF7886D1F96FF1AE293A78BCB92 ] \Device\Harddisk0\DR0\Partition2
15:00:41.0302 12392 \Device\Harddisk0\DR0\Partition2 - ok
15:00:41.0303 12392 ============================================================
15:00:41.0303 12392 Scan finished
15:00:41.0303 12392 ============================================================
15:00:41.0347 13976 Detected object count: 1
15:00:41.0347 13976 Actual detected object count: 1
15:00:59.0750 13976 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:00:59.0750 13976 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:01:10.0797 16428 Deinitialize success

Rev_Katz · August 14, 2013

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Cindy :: WENDELOVI-PC [administrator]

8/14/2013 3:06:21 PM
mbar-log-2013-08-14 (15-06-21).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\U (Backdoor.0Access) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$c9e4a2def41197e216d27482c6f5d165\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-900751825-368943906-4065605529-1000\$c9e4a2def41197e216d27482c6f5d165\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$c9e4a2def41197e216d27482c6f5d165\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-900751825-368943906-4065605529-1000\$c9e4a2def41197e216d27482c6f5d165\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$c9e4a2def41197e216d27482c6f5d165 (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-900751825-368943906-4065605529-1000\$c9e4a2def41197e216d27482c6f5d165 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 5
c:\Users\Cindy\AppData\Local\Temp\dkfehoji.exe (Trojan.Inject) -> Delete on reboot.
c:\Users\Cindy\AppData\Local\Temp\lwcndvcgdtmrdmrsfoo.bfg (Trojan.FakeMS.Gen) -> Delete on reboot.
c:\Users\Cindy\AppData\Local\Temp\gbadkfeh.exe (Trojan.Downloader.ED) -> Delete on reboot.
c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Cindy :: WENDELOVI-PC [administrator]

8/14/2013 7:08:25 PM
mbar-log-2013-08-14 (19-08-25).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.327000 GHz
Memory total: 8589074432, free: 4847026176

Downloaded database version: v2013.08.14.03
Initializing...
------------ Kernel report ------------
08/14/2013 15:06:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cnnctfy2.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120919.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\MarvinBus64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
\??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\mrxdav.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80082a5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8009223b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80081a6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa800922eb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80082df060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xfffffa800922cb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80082de060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xfffffa800920cb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007ab2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007774060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007ab2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ab2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ab2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074cd520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007774060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1435793247
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1435793310 Numsec = 29350755

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80082de060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082deb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082de060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800920cb60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80082df060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082dfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082df060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800922cb60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80081a6060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80081a6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081a6060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800922eb60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80082a5060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082a5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082a5060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009223b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: c:\Users\Cindy\AppData\Local\Temp\dkfehoji.exe --> [Trojan.Inject]
Infected: c:\Users\Cindy\AppData\Local\Temp\lwcndvcgdtmrdmrsfoo.bfg --> [Trojan.FakeMS.Gen]
Infected: c:\Users\Cindy\AppData\Local\Temp\gbadkfeh.exe --> [Trojan.Downloader.ED]
Infected: c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\L --> [backdoor.0Access]
Infected: c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\L\201d3dde --> [backdoor.0Access]
Infected: c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\L\76603ac3 --> [backdoor.0Access]
Infected: c:\Windows\Installer\{c9e4a2de-f411-97e2-16d2-7482c6f5d165}\U --> [backdoor.0Access]
Infected: c:\$Recycle.Bin\S-1-5-18\$c9e4a2def41197e216d27482c6f5d165\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-900751825-368943906-4065605529-1000\$c9e4a2def41197e216d27482c6f5d165\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$c9e4a2def41197e216d27482c6f5d165\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-900751825-368943906-4065605529-1000\$c9e4a2def41197e216d27482c6f5d165\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$c9e4a2def41197e216d27482c6f5d165 --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-900751825-368943906-4065605529-1000\$c9e4a2def41197e216d27482c6f5d165 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------

D-FRED-BROWN · August 14, 2013

Please post the ComboFix and Security Check logs as well

Rev_Katz · August 14, 2013

_{Malwarebytes Anti-Rootkit BETA 1.06.1.1005}

_{OS version: 6.1.7601 Windows 7 Service Pack 1 x64}

_{Account is Administrative}

_{Internet Explorer version: 10.0.9200.16635}

_{Java version: 1.6.0_31}

_{File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.327000 GHz
Memory total: 8589074432, free: 6199156736}

_{Initializing...
------------ Kernel report ------------
08/14/2013 19:08:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
\SystemRoot\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cnnctfy2.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120919.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\MarvinBus64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80082c5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8009094b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80082c7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa80090a1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80082c9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xfffffa800909cb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80081c8790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xfffffa800907ab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007ad0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa80074c3060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007ad0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ad0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ad0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074bd520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074c3060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232}

_{Partition information:}

_{Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0}

_{Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1435793247
    Partition file system is NTFS
    Partition is bootable}

_{Partition 2 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 1435793310 Numsec = 29350755}

_{Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0}

_{Disk Size: 750156374016 bytes
Sector size: 512 bytes}

_{Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80081c8790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80081c82c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081c8790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800907ab60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80082c9060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082c9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082c9060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800909cb60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80082c7060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082c7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082c7060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80090a1b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80082c5060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082c5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80082c5060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009094b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================}

_{Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished}

_{ComboFix 13-08-14.01 - Cindy 08/14/2013 19:59:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6130 [GMT 2:00]
Running from: c:\users\Cindy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\UNWISE.EXE
c:\programdata\hpe87FC.dll
c:\users\Cindy\AppData\Roaming\.#
c:\users\Cindy\AppData\Roaming\967df285-18c7-42f0-b269-62fbffc706da
c:\users\Cindy\Documents\~WRL0962.tmp
c:\users\Cindy\Documents\pub846B.tmp
c:\windows\COUPon~1.ocx
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-14 to 2013-08-14 )))))))))))))))))))))))))))))))
.
.
2013-08-14 18:07 . 2013-08-14 18:07 -------- d-----w- c:\users\Steve\AppData\Local\temp
2013-08-14 18:07 . 2013-08-14 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 13:06 . 2013-08-14 17:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-14 01:00 . 2013-08-14 01:04 -------- d-----w- c:\windows\system32\MRT
2013-08-13 18:45 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76D0662D-D4B1-4871-9991-8B955C345144}\mpengine.dll
2013-08-12 18:46 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-10 05:12 . 2013-08-10 05:12 -------- d-----w- c:\users\Cindy\AppData\Roaming\Unity
2013-07-17 20:25 . 2013-07-17 20:25 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC546C3F-2BA2-42FE-B0ED-0B84A04AE7FE}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 14:39 . 2012-07-15 15:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 14:39 . 2011-05-21 01:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-23 22:57 . 2010-02-05 16:24 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 04:38 . 2013-03-16 19:07 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-12 08:31 . 2013-06-12 08:31 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 23:43 . 2013-07-12 01:09 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-12 01:09 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-12 01:09 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-12 01:09 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-12 01:09 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-12 01:09 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-12 01:09 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-12 01:09 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-12 01:09 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-12 01:09 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-12 01:09 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-12 01:09 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-12 01:09 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-12 01:09 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-12 01:09 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-12 01:09 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-12 01:09 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-12 01:09 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-12 01:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-12 01:09 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-12 01:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-12 01:09 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-11 03:12 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 03:12 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 03:12 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-25 01:06 . 2013-05-25 01:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-25 01:06 . 2013-05-25 01:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-25 01:06 . 2013-05-25 01:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-25 01:06 . 2013-05-25 01:06 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-25 01:06 . 2013-05-25 01:06 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-25 01:06 . 2013-05-25 01:06 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-25 01:06 . 2013-05-25 01:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-25 01:06 . 2013-05-25 01:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-25 01:06 . 2013-05-25 01:06 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-25 01:06 . 2013-05-25 01:06 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-25 01:06 . 2013-05-25 01:06 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-25 01:06 . 2013-05-25 01:06 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-25 01:06 . 2013-05-25 01:06 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-25 01:06 . 2013-05-25 01:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-25 01:06 . 2013-05-25 01:06 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-25 01:06 . 2013-05-25 01:06 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-25 01:06 . 2013-05-25 01:06 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-25 01:06 . 2013-05-25 01:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-25 01:06 . 2013-05-25 01:06 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-25 01:06 . 2013-05-25 01:06 441856 ----a-w- c:\windows\system32\html.iec
2013-05-25 01:06 . 2013-05-25 01:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-25 01:06 . 2013-05-25 01:06 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-25 01:06 . 2013-05-25 01:06 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-25 01:06 . 2013-05-25 01:06 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-25 01:06 . 2013-05-25 01:06 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-25 01:06 . 2013-05-25 01:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-25 01:06 . 2013-05-25 01:06 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-25 01:06 . 2013-05-25 01:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-25 01:06 . 2013-05-25 01:06 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-25 01:06 . 2013-05-25 01:06 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-25 01:06 . 2013-05-25 01:06 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-25 01:06 . 2013-05-25 01:06 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-25 01:06 . 2013-05-25 01:06 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-25 01:06 . 2013-05-25 01:06 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-25 01:06 . 2013-05-25 01:06 235008 ----a-w- c:\windows\system32\url.dll
2013-05-25 01:06 . 2013-05-25 01:06 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-25 01:06 . 2013-05-25 01:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-25 01:06 . 2013-05-25 01:06 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-25 01:06 . 2013-05-25 01:06 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-25 01:06 . 2013-05-25 01:06 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-25 01:06 . 2013-05-25 01:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-25 01:06 . 2013-05-25 01:06 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-25 01:06 . 2013-05-25 01:06 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-25 01:06 . 2013-05-25 01:06 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-25 01:06 . 2013-05-25 01:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-25 01:06 . 2013-05-25 01:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-25 01:06 . 2013-05-25 01:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-25 01:06 . 2013-05-25 01:06 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-25 01:06 . 2013-05-25 01:06 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-25 01:04 . 2013-05-25 01:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-25 01:04 . 2013-05-25 01:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-25 01:04 . 2013-05-25 01:04 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-25 01:04 . 2013-05-25 01:04 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 01:04 . 2013-05-25 01:04 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Drive"="c:\users\Cindy\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]
"Akamai NetSession Interface"="c:\users\Cindy\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-16 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-27 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"USBToolTip"="c:\program files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-21 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgA3ADAAQQAyAC0AVgBSADIAWgBGAC0AMgA2AFEAQwBSAC0AVwBUAFcANwBWAC0AQgBZADQATgBCAA&inst=NwA2AC0ANQAwADkANwA3ADEANQAxADgALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA∏=94&ver=9.0.894" [?]
.
c:\users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-10 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120919.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [x]
R1 btttxhzs;btttxhzs;c:\windows\system32\drivers\btttxhzs.sys;c:\windows\SYSNATIVE\drivers\btttxhzs.sys [x]
R1 dirlobdi;dirlobdi;c:\windows\system32\drivers\dirlobdi.sys;c:\windows\SYSNATIVE\drivers\dirlobdi.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys;c:\windows\SYSNATIVE\Drivers\OEM05Afx.sys [x]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys;c:\windows\SYSNATIVE\DRIVERS\OEM05Vfx.sys [x]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OEM05Vid.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWCDF.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMWVsp.sys [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys;c:\windows\SYSNATIVE\Drivers\StkTMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1308000.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1308000.00E\SYMEFA64.SYS [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1308000.00E\ccSetx64.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120919.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120919.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1308000.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1308000.00E\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ    Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 02:26 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 14:39]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 02:41]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\bqjqr782.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-14 20:15:09
ComboFix-quarantined-files.txt 2013-08-14 18:15
.
Pre-Run: 22,751,997,952 bytes free
Post-Run: 26,709,213,184 bytes free
.
- - End Of File - - 7B8C773ADA0E595670649A771A41BB3C
81CD5EC01DB0CE57EDD853F82462EF27}

_{Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Norton Internet Security
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 6 Update 31
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Emsisoft Anti-Malware a2service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````}

_{So it seems to have caught a lot of things...I've just pasted the logs. I'm going to reboot and surf around a bit to see if any of the popups come back. Thank you so much for your time! I'll report back if it's an all-clear or if something crops up...}

_{Kind Regards}

D-FRED-BROWN · August 14, 2013

We're making progress.

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
Save it to your desktop.
Double click on the OTL icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the Run Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

AdvancedSetup · August 22, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

adware/chitka/redirects/multiple iexplore.exe processes

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information