Help Removing svchost.exe trojan agent

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
Hello, I've been having some problems with my computer lately (BSoD/Random crashes. Disc space lowering randomly for no reason, and pretty rapidly.)
I've quick scanned with malwarebytes (I can post the logs if need be) and there were 2 objects detected called 'windows svchost.exe' trojan agent. After I rebooted with malwarebytes to remove it, I'm still having the same problems, and the 2 objects still come up when I scan. I'd really appreciate any help with this, so thanks in advance :)

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:10 PM, on 2/10/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Registry Mechanic\upgrade.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Users\Walker\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: Dropbox.lnk = Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Elvis Calendar Widget.lnk = C:\Program Files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc.. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13006 bytes

DDS Logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Walker at 20:09:49 on 2013-02-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3659 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
-netsvcs
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Registry Mechanic\upgrade.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Walker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Walker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ELVISC~1.LNK - C:\Program Files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe
StartupFolder: C:\Users\Walker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2A020CF5-DFEC-4FCE-A7EA-4028697FD5C4} : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}\7516C6B6562702E6564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{78B53DDB-3D6B-4D0A-8D83-1DAC44E39C0E} : DHCPNameServer = 69.78.134.231 69.78.80.231
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-1 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-6-11 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130208.004\IDSviA64.sys [2013-2-9 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-6-11 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-6-11 386168]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-26 203264]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-3-10 583640]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-26 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-3 138912]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-8-26 852256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-26 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-26 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\System32\drivers\htcusbnet.sys [2011-4-24 153600]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\System32\drivers\MAudioFastTrack.sys [2009-10-2 187912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-22 1255736]
.
=============== Created Last 30 ================
.
2013-02-09 20:57:18 20480 ----a-w- C:\Windows\svchost.exe
2013-02-02 21:25:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-02 21:25:37 -------- d-----w- C:\Program Files\iTunes
2013-02-02 21:25:37 -------- d-----w- C:\Program Files\iPod
2013-02-02 21:25:37 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-17 07:15:42 -------- d-----w- C:\Users\Walker\AppData\Local\{663B9014-75BE-4843-8E39-AB69F5DA8CF8}
2013-01-14 18:59:01 -------- d-----w- C:\Users\Walker\048298C9A4D3490B9FF9AB023A9238F3.TMP
.
==================== Find3M ====================
.
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:12:02.03 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 10:40:15 PM
System Uptime: 2/10/2013 2:56:12 PM (6 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom(tm) II X4 830 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 5.34 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
18 Wheels of Steel - American Long Haul
18 Wheels of Steel Extreme Trucker
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Catalyst Install Manager
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
Avid Pro Tools SE 8.0.3
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Blackhawk Striker 2
Bonjour
Build-a-lot 2
Bus Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
DivX Setup
Dora's Carnival Adventure
Driver Whiz
Dropbox
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
Eighteen Wheels of Steel Haulin'
EMC 10 Content
EMCGadgets64
Escape Rosecliff Island
Family Feud 3
FATE
ffdshow [rev 2527] [2008-12-19]
Final Drive Nitro
FreeKapture 2.00 - Freeware
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Interlok driver setup x64
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LAME v3.98.3 for Audacity
Lemonade Tycoon 2
LightScribe System Software
LimeWire 5.5.16
M-Audio FastTrack Driver 6.0.2 (x64)
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
MCEBrowser
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nate's Kentucky Rook 2.0.0
Norton 360
Norton Online Backup
Origin
Oval Office
PDF Complete Special Edition
Penguins!
PhotoNow!
Picasa 3
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Registry Mechanic 10.0
Registry Reviver
Romopolis
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinemaNow 2.0
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio PhotoShow
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shutter Island
Sonic CinePlayer Decoder Pack
SoulSeek 157 NS 13e
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Showtime
The Sims™ 3 World Adventures
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
VD64Inst
Virtual Families
Virtual Villagers - The Secret City
Watchtower Library 2009 - English
Watchtower Library 2010 - English
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WModem Driver Installer
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 6:13:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c5ef95, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\020913-39499-01.dmp. Report Id: 020913-39499-01.
2/9/2013 4:13:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Walker-HP\Walker SID (S-1-5-21-2394937029-579550273-2574859083-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/9/2013 12:34:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/9/2013 12:32:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/9/2013 12:32:40 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/2013 12:31:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
2/9/2013 12:31:34 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/2013 12:27:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fbd3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020913-37206-01.dmp. Report Id: 020913-37206-01.
2/9/2013 10:06:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9ef95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020913-36067-01.
2/3/2013 9:06:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c51f95). A dump was saved in: C:\Windows\Minidump\020313-31839-01.dmp. Report Id: 020313-31839-01.
2/3/2013 7:59:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f683fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020313-35381-01.dmp. Report Id: 020313-35381-01.
2/3/2013 6:52:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb63fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020313-60793-01.dmp. Report Id: 020313-60793-01.
2/3/2013 5:33:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f6f3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020313-37955-01.dmp. Report Id: 020313-37955-01.
2/3/2013 10:12:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000020e00000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c8463f). A dump was saved in: C:\Windows\Minidump\020313-30279-01.dmp. Report Id: 020313-30279-01.
2/10/2013 7:00:53 AM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/10/2013 6:33:38 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
2/10/2013 6:33:38 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
2/10/2013 6:33:38 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
2/10/2013 6:27:51 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/10/2013 6:27:08 AM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
2/10/2013 3:08:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
2/10/2013 3:08:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
2/10/2013 2:57:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
2/10/2013 2:56:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c59703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\Minidump\021013-41075-01.dmp. Report Id: 021013-41075-01.
2/10/2013 2:56:37 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/10/2013 2:17:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c5cf95). A dump was saved in: C:\Windows\Minidump\021013-53991-01.dmp. Report Id: 021013-53991-01.
2/10/2013 12:17:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/10/2013 12:09:10 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
GMER Log:
GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-10 22:55:42
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Hitachi_ rev.JP4O 931.51GB
Running: veqdg562.exe; Driver: C:\Users\Walker\AppData\Local\Temp\ufdcypoc.sys

---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\kernel32.dll!WriteFile 00000000765c1262 5 bytes JMP 000000010011000a
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076f10e0d 5 bytes JMP 0000000100a2000a
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000076f12ddb 5 bytes JMP 0000000100a3000a
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\USER32.dll!GetForegroundWindow 0000000076f136c0 5 bytes JMP 0000000100a4000a
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ce590c 5 bytes JMP 00000001001d000a
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
---- Devices - GMER 2.0 ----
Device \Driver\amdsata \Device\00000064 fffffa80068725c4
---- Trace I/O - GMER 2.0 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys >>UNKNOWN [0xfffffa80068725c4]<< fffffa80068725c4
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f33790] fffffa8005f33790
Trace 3 CLASSPNP.SYS[fffff88001a9243f] -> nt!IofCallDriver -> [0xfffffa8004f23040] fffffa8004f23040
Trace 5 amdxata.sys[fffff880011057a8] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8005dd99c0] fffffa8005dd99c0
Trace \Driver\amdsata[0xfffffa800686e230] -> IRP_MJ_CREATE -> 0xfffffa80068725c4 fffffa80068725c4
---- Threads - GMER 2.0 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1804:1808] 000000000041009c
Thread C:\Windows\SysWOW64\ntdll.dll [1804:2696] 00000000608ae21c
Thread C:\Windows\SysWOW64\ntdll.dll [1804:2796] 000000006be03bf2
Thread C:\Windows\SysWOW64\ntdll.dll [1804:2808] 00000000723f7019
Thread C:\Windows\SysWOW64\ntdll.dll [1804:4868] 0000000070de1854
Thread \\.\globalroot\systemroot\svchost.exe [3784:4188] 0000000000012947
Thread \\.\globalroot\systemroot\svchost.exe [3784:4196] 0000000000012bc7
---- Processes - GMER 2.0 ----
Library \\.\globalroot\systemroot\svchost.exe (*** suspicious ***) @ \\.\globalroot\systemroot\svchost.exe [3784] 0000000000c30000
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
Hey, thanks alot for your help and such a quick reply! I disabled the windows firewall in control panel, and within the last couple of days my Norton subscription ran out. I couldnt think of anything else I would need to disable on my computer, but let me know if I'm wrong. When I ran combofix and it was scanning, it was in stage 4 im pretty sure, I got a BSoD. My computer restarted and is running ok, but I'm not really sure how to proceed now. Thanks again
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
run Combofix again please
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
Ok it worked after a couple of tries, thanks


ComboFix 13-02-07.02 - Walker 02/11/2013 16:16:53.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4203 [GMT -5:00]

Running from: c:\users\Walker\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Public\Documents\~WRL3865.tmp

c:\users\Walker\Documents\~WRL0442.tmp

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))

.

.

2013-02-11 21:31 . 2013-02-11 21:31 -------- d-----w- c:\users\Mcx1-WALKER-HP\AppData\Local\temp

2013-02-11 21:31 . 2013-02-11 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iTunes

2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files (x86)\iTunes

2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iPod

2013-01-14 18:59 . 2013-01-14 18:59 -------- d-----w- c:\users\Walker\048298C9A4D3490B9FF9AB023A9238F3.TMP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 16:52 . 2012-12-21 08:08 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:40 . 2012-12-21 08:08 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25 . 2012-12-21 08:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:25 . 2012-12-21 08:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 21:49 . 2012-02-07 02:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 05:41 . 2013-01-09 08:12 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 05:35 . 2013-01-09 08:12 2745856 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 05:04 . 2013-01-09 08:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 04:57 . 2013-01-09 08:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 03:45 . 2013-01-09 08:12 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 03:45 . 2013-01-09 08:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 03:45 . 2013-01-09 08:12 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 03:45 . 2013-01-09 08:12 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 03:45 . 2013-01-09 08:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 03:45 . 2013-01-09 08:12 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 03:45 . 2013-01-09 08:12 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 03:45 . 2013-01-09 08:12 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 03:45 . 2013-01-09 08:12 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 03:45 . 2013-01-09 08:12 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 03:45 . 2013-01-09 08:12 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 03:21 . 2013-01-09 08:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 03:21 . 2013-01-09 08:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 03:21 . 2013-01-09 08:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 03:21 . 2013-01-09 08:12 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 03:21 . 2013-01-09 08:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 03:21 . 2013-01-09 08:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 03:21 . 2013-01-09 08:12 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 03:21 . 2013-01-09 08:12 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 03:21 . 2013-01-09 08:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-12-07 03:21 . 2013-01-09 08:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 03:21 . 2013-01-09 08:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-11-30 05:50 . 2013-01-09 08:12 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:50 . 2013-01-09 08:12 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:50 . 2013-01-09 08:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:49 . 2013-01-09 08:12 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 05:46 . 2013-01-09 08:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:43 . 2013-01-09 08:12 424960 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:43 . 2013-01-09 08:12 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 05:06 . 2013-01-09 08:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-11-30 05:06 . 2013-01-09 08:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:56 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:56 . 2013-01-09 08:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-30 03:33 . 2013-01-09 08:12 338432 ----a-w- c:\windows\system32\conhost.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-19 39408]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\users\Walker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

Elvis Calendar Widget.lnk - c:\program files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe [N/A]

LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600]

R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130209.002\IDSvia64.sys [2012-12-27 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-02 20:35 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]

.

2013-01-31 c:\windows\Tasks\HPCeeScheduleForWalker.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2013-02-11 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-11 13:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 798216]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\SecuROM\License information*]

"datasecu"=hex:ff,62,eb,da,64,59,f3,3f,c9,d1,2a,63,d1,fd,09,82,7e,7c,c6,17,46,

3f,db,af,2f,44,90,9e,23,c1,09,1d,e2,b4,9c,d8,4f,6f,03,92,43,a4,38,d0,3d,0b,\

"rkeysecu"=hex:76,18,61,e7,64,32,a3,b3,91,3b,1d,c5,16,b2,e2,37

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-02-11 16:45:14

ComboFix-quarantined-files.txt 2013-02-11 21:45

.

Pre-Run: 1,106,939,904 bytes free

Post-Run: 963,457,024 bytes free

.

- - End Of File - - D3DB999D23F1CC582D8E79A877AD35AA
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
next

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
14:22:37.0970 5460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:22:38.0314 5460 ============================================================
14:22:38.0314 5460 Current date / time: 2013/02/12 14:22:38.0314
14:22:38.0314 5460 SystemInfo:
14:22:38.0314 5460
14:22:38.0314 5460 OS Version: 6.1.7600 ServicePack: 0.0
14:22:38.0314 5460 Product type: Workstation
14:22:38.0314 5460 ComputerName: WALKER-HP
14:22:38.0314 5460 UserName: Walker
14:22:38.0314 5460 Windows directory: C:\Windows
14:22:38.0314 5460 System windows directory: C:\Windows
14:22:38.0314 5460 Running under WOW64
14:22:38.0314 5460 Processor architecture: Intel x64
14:22:38.0314 5460 Number of processors: 4
14:22:38.0314 5460 Page size: 0x1000
14:22:38.0314 5460 Boot type: Normal boot
14:22:38.0314 5460 ============================================================
14:22:42.0136 5460 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:22:42.0167 5460 ============================================================
14:22:42.0167 5460 \Device\Harddisk0\DR0:
14:22:42.0167 5460 MBR partitions:
14:22:42.0167 5460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:22:42.0167 5460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EAB000
14:22:42.0167 5460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72EDD800, BlocksNum 0x1828800
14:22:42.0167 5460 ============================================================
14:22:42.0182 5460 C: <-> \Device\Harddisk0\DR0\Partition2
14:22:42.0229 5460 D: <-> \Device\Harddisk0\DR0\Partition3
14:22:42.0229 5460 ============================================================
14:22:42.0229 5460 Initialize success
14:22:42.0229 5460 ============================================================
14:22:56.0035 4372 ============================================================
14:22:56.0035 4372 Scan started
14:22:56.0035 4372 Mode: Manual;
14:22:56.0035 4372 ============================================================
14:22:58.0235 4372 ================ Scan system memory ========================
14:22:58.0235 4372 System memory - ok
14:22:58.0235 4372 ================ Scan services =============================
14:22:58.0391 4372 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:22:58.0391 4372 1394ohci - ok
14:22:58.0422 4372 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:22:58.0422 4372 ACPI - ok
14:22:58.0438 4372 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:22:58.0438 4372 AcpiPmi - ok
14:22:58.0469 4372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:22:58.0469 4372 adp94xx - ok
14:22:58.0484 4372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:22:58.0500 4372 adpahci - ok
14:22:58.0500 4372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:22:58.0500 4372 adpu320 - ok
14:22:58.0531 4372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:22:58.0531 4372 AeLookupSvc - ok
14:22:58.0578 4372 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
14:22:58.0578 4372 AFD - ok
14:22:58.0640 4372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:22:58.0640 4372 agp440 - ok
14:22:58.0656 4372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:22:58.0656 4372 ALG - ok
14:22:58.0672 4372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:22:58.0672 4372 aliide - ok
14:22:58.0703 4372 [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:22:58.0703 4372 AMD External Events Utility - ok
14:22:58.0718 4372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:22:58.0718 4372 amdide - ok
14:22:58.0734 4372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:22:58.0734 4372 AmdK8 - ok
14:22:58.0859 4372 [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:58.0952 4372 amdkmdag - ok
14:22:58.0968 4372 [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:22:58.0968 4372 amdkmdap - ok
14:22:58.0999 4372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:22:58.0999 4372 AmdPPM - ok
14:22:59.0015 4372 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:22:59.0030 4372 amdsata - ok
14:22:59.0046 4372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:22:59.0062 4372 amdsbs - ok
14:22:59.0077 4372 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:22:59.0077 4372 amdxata - ok
14:22:59.0093 4372 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:22:59.0108 4372 AppID - ok
14:22:59.0124 4372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:22:59.0124 4372 AppIDSvc - ok
14:22:59.0140 4372 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
14:22:59.0140 4372 Appinfo - ok
14:22:59.0249 4372 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:22:59.0249 4372 Apple Mobile Device - ok
14:22:59.0280 4372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:22:59.0280 4372 arc - ok
14:22:59.0296 4372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:22:59.0296 4372 arcsas - ok
14:22:59.0327 4372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:59.0327 4372 AsyncMac - ok
14:22:59.0342 4372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:22:59.0358 4372 atapi - ok
14:22:59.0389 4372 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:22:59.0389 4372 AtiPcie - ok
14:22:59.0420 4372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:22:59.0436 4372 AudioEndpointBuilder - ok
14:22:59.0452 4372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:22:59.0467 4372 AudioSrv - ok
14:22:59.0467 4372 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:22:59.0467 4372 AxInstSV - ok
14:22:59.0483 4372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:22:59.0498 4372 b06bdrv - ok
14:22:59.0530 4372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:59.0530 4372 b57nd60a - ok
14:22:59.0545 4372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:22:59.0545 4372 BDESVC - ok
14:22:59.0561 4372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:22:59.0561 4372 Beep - ok
14:22:59.0608 4372 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
14:22:59.0623 4372 BFE - ok
14:22:59.0826 4372 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
14:22:59.0842 4372 BHDrvx64 - ok
14:22:59.0873 4372 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
14:22:59.0888 4372 BITS - ok
14:22:59.0904 4372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:59.0904 4372 blbdrive - ok
14:22:59.0982 4372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:22:59.0998 4372 Bonjour Service - ok
14:23:00.0029 4372 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:23:00.0044 4372 bowser - ok
14:23:00.0060 4372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:23:00.0076 4372 BrFiltLo - ok
14:23:00.0091 4372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:23:00.0091 4372 BrFiltUp - ok
14:23:00.0122 4372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:23:00.0122 4372 BridgeMP - ok
14:23:00.0154 4372 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
14:23:00.0169 4372 Browser - ok
14:23:00.0200 4372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:23:00.0200 4372 Brserid - ok
14:23:00.0216 4372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:23:00.0232 4372 BrSerWdm - ok
14:23:00.0247 4372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:23:00.0247 4372 BrUsbMdm - ok
14:23:00.0247 4372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:23:00.0247 4372 BrUsbSer - ok
14:23:00.0263 4372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:23:00.0263 4372 BTHMODEM - ok
14:23:00.0310 4372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:23:00.0310 4372 bthserv - ok
14:23:00.0341 4372 catchme - ok
14:23:00.0372 4372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:23:00.0372 4372 cdfs - ok
14:23:00.0403 4372 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:23:00.0403 4372 cdrom - ok
14:23:00.0419 4372 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
14:23:00.0419 4372 CertPropSvc - ok
14:23:00.0466 4372 [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
14:23:00.0466 4372 CinemaNow Service - ok
14:23:00.0497 4372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:23:00.0497 4372 circlass - ok
14:23:00.0528 4372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:23:00.0544 4372 CLFS - ok
14:23:00.0590 4372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:23:00.0590 4372 clr_optimization_v2.0.50727_32 - ok
14:23:00.0668 4372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:23:00.0668 4372 clr_optimization_v2.0.50727_64 - ok
14:23:00.0715 4372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:23:00.0715 4372 clr_optimization_v4.0.30319_32 - ok
14:23:00.0746 4372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:23:00.0746 4372 clr_optimization_v4.0.30319_64 - ok
14:23:00.0778 4372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:23:00.0793 4372 CmBatt - ok
14:23:00.0793 4372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:23:00.0809 4372 cmdide - ok
14:23:00.0856 4372 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
14:23:00.0856 4372 CNG - ok
14:23:00.0871 4372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:23:00.0871 4372 Compbatt - ok
14:23:00.0887 4372 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:23:00.0887 4372 CompositeBus - ok
14:23:00.0902 4372 COMSysApp - ok
14:23:00.0918 4372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:23:00.0918 4372 crcdisk - ok
14:23:00.0949 4372 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:23:00.0965 4372 CryptSvc - ok
14:23:01.0043 4372 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:23:01.0058 4372 cvhsvc - ok
14:23:01.0090 4372 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:23:01.0105 4372 DcomLaunch - ok
14:23:01.0121 4372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:23:01.0136 4372 defragsvc - ok
14:23:01.0168 4372 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:23:01.0168 4372 DfsC - ok
14:23:01.0183 4372 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
14:23:01.0183 4372 Dhcp - ok
14:23:01.0246 4372 DigiRefresh - ok
14:23:01.0277 4372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:23:01.0277 4372 discache - ok
14:23:01.0308 4372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:23:01.0308 4372 Disk - ok
14:23:01.0355 4372 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:23:01.0355 4372 Dnscache - ok
14:23:01.0402 4372 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
14:23:01.0402 4372 dot3svc - ok
14:23:01.0417 4372 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
14:23:01.0433 4372 DPS - ok
14:23:01.0433 4372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:23:01.0448 4372 drmkaud - ok
14:23:01.0480 4372 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:23:01.0495 4372 DXGKrnl - ok
14:23:01.0526 4372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:23:01.0526 4372 EapHost - ok
14:23:01.0620 4372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:23:01.0651 4372 ebdrv - ok
14:23:01.0714 4372 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:23:01.0729 4372 eeCtrl - ok
14:23:01.0760 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
14:23:01.0760 4372 EFS - ok
14:23:01.0838 4372 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:23:01.0854 4372 ehRecvr - ok
14:23:01.0885 4372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:23:01.0885 4372 ehSched - ok
14:23:01.0932 4372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:23:01.0948 4372 elxstor - ok
14:23:02.0010 4372 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:23:02.0010 4372 EraserUtilRebootDrv - ok
14:23:02.0026 4372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:23:02.0026 4372 ErrDev - ok
14:23:02.0072 4372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:23:02.0088 4372 EventSystem - ok
14:23:02.0104 4372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:23:02.0119 4372 exfat - ok
14:23:02.0150 4372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:23:02.0150 4372 fastfat - ok
14:23:02.0182 4372 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
14:23:02.0197 4372 Fax - ok
14:23:02.0213 4372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:23:02.0213 4372 fdc - ok
14:23:02.0228 4372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:23:02.0228 4372 fdPHost - ok
14:23:02.0228 4372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:23:02.0244 4372 FDResPub - ok
14:23:02.0260 4372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:23:02.0260 4372 FileInfo - ok
14:23:02.0260 4372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:23:02.0260 4372 Filetrace - ok
14:23:02.0291 4372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:23:02.0291 4372 flpydisk - ok
14:23:02.0306 4372 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:23:02.0306 4372 FltMgr - ok
14:23:02.0353 4372 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
14:23:02.0369 4372 FontCache - ok
14:23:02.0400 4372 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:23:02.0400 4372 FontCache3.0.0.0 - ok
14:23:02.0416 4372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:23:02.0416 4372 FsDepends - ok
14:23:02.0447 4372 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:23:02.0447 4372 Fs_Rec - ok
14:23:02.0478 4372 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:23:02.0478 4372 fvevol - ok
14:23:02.0494 4372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:23:02.0509 4372 gagp30kx - ok
14:23:02.0556 4372 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:23:02.0556 4372 GamesAppService - ok
14:23:02.0603 4372 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:23:02.0618 4372 GEARAspiWDM - ok
14:23:02.0665 4372 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
14:23:02.0681 4372 gpsvc - ok
14:23:02.0790 4372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:23:02.0806 4372 gupdate - ok
14:23:02.0837 4372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:23:02.0852 4372 gupdatem - ok
14:23:02.0915 4372 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:23:02.0915 4372 gusvc - ok
14:23:03.0008 4372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:23:03.0024 4372 hcw85cir - ok
14:23:03.0180 4372 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:23:03.0196 4372 HdAudAddService - ok
14:23:03.0227 4372 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:23:03.0227 4372 HDAudBus - ok
14:23:03.0243 4372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:23:03.0243 4372 HidBatt - ok
14:23:03.0258 4372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:23:03.0258 4372 HidBth - ok
14:23:03.0274 4372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:23:03.0289 4372 HidIr - ok
14:23:03.0305 4372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:23:03.0305 4372 hidserv - ok
14:23:03.0352 4372 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:23:03.0352 4372 HidUsb - ok
14:23:03.0367 4372 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:23:03.0383 4372 hkmsvc - ok
14:23:03.0399 4372 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:23:03.0399 4372 HomeGroupListener - ok
14:23:03.0430 4372 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:23:03.0445 4372 HomeGroupProvider - ok
14:23:03.0539 4372 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:23:03.0539 4372 HP Support Assistant Service - ok
14:23:03.0601 4372 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:23:03.0617 4372 hpqwmiex - ok
14:23:03.0648 4372 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:23:03.0648 4372 HpSAMD - ok
14:23:03.0664 4372 [ 6B2A1B01B79036A265734964CBA73AAB ] htcusbnet C:\Windows\system32\DRIVERS\htcusbnet.sys
14:23:03.0679 4372 htcusbnet - ok
14:23:03.0695 4372 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:23:03.0711 4372 HTTP - ok
14:23:03.0726 4372 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:23:03.0726 4372 hwpolicy - ok
14:23:03.0742 4372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:23:03.0742 4372 i8042prt - ok
14:23:03.0773 4372 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:23:03.0789 4372 iaStorV - ok
14:23:03.0820 4372 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:23:03.0835 4372 IDriverT - ok
14:23:03.0898 4372 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:23:03.0913 4372 idsvc - ok
14:23:04.0007 4372 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130209.002\IDSvia64.sys
14:23:04.0007 4372 IDSVia64 - ok
14:23:04.0038 4372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:23:04.0038 4372 iirsp - ok
14:23:04.0069 4372 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
14:23:04.0085 4372 IKEEXT - ok
14:23:04.0163 4372 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:23:04.0194 4372 IntcAzAudAddService - ok
14:23:04.0210 4372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:23:04.0225 4372 intelide - ok
14:23:04.0225 4372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:23:04.0225 4372 intelppm - ok
14:23:04.0241 4372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:23:04.0241 4372 IPBusEnum - ok
14:23:04.0241 4372 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:23:04.0241 4372 IpFilterDriver - ok
14:23:04.0288 4372 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:23:04.0303 4372 iphlpsvc - ok
14:23:04.0319 4372 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:23:04.0319 4372 IPMIDRV - ok
14:23:04.0335 4372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:23:04.0335 4372 IPNAT - ok
14:23:04.0366 4372 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:23:04.0381 4372 iPod Service - ok
14:23:04.0397 4372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:23:04.0397 4372 IRENUM - ok
14:23:04.0413 4372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:23:04.0413 4372 isapnp - ok
14:23:04.0444 4372 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:23:04.0444 4372 iScsiPrt - ok
14:23:04.0475 4372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:23:04.0475 4372 kbdclass - ok
14:23:04.0491 4372 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:23:04.0491 4372 kbdhid - ok
14:23:04.0506 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
14:23:04.0506 4372 KeyIso - ok
14:23:04.0537 4372 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:23:04.0537 4372 KSecDD - ok
14:23:04.0553 4372 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:23:04.0553 4372 KSecPkg - ok
14:23:04.0569 4372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:23:04.0569 4372 ksthunk - ok
14:23:04.0600 4372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:23:04.0600 4372 KtmRm - ok
14:23:04.0647 4372 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:23:04.0647 4372 LanmanServer - ok
14:23:04.0662 4372 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:23:04.0662 4372 LanmanWorkstation - ok
14:23:04.0725 4372 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:23:04.0725 4372 LightScribeService - ok
14:23:04.0756 4372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:23:04.0756 4372 lltdio - ok
14:23:04.0771 4372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:23:04.0787 4372 lltdsvc - ok
14:23:04.0803 4372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:23:04.0803 4372 lmhosts - ok
14:23:04.0818 4372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:23:04.0818 4372 LSI_FC - ok
14:23:04.0834 4372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:23:04.0834 4372 LSI_SAS - ok
14:23:04.0849 4372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:23:04.0849 4372 LSI_SAS2 - ok
14:23:04.0865 4372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:23:04.0865 4372 LSI_SCSI - ok
14:23:04.0881 4372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:23:04.0881 4372 luafv - ok
14:23:04.0927 4372 [ 1AC47DF9BAC9A893F57ECADC63CD20EE ] MAUSBFASTTRACK C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
14:23:04.0927 4372 MAUSBFASTTRACK - ok
14:23:05.0005 4372 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:23:05.0005 4372 McComponentHostService - ok
14:23:05.0037 4372 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:23:05.0037 4372 Mcx2Svc - ok
14:23:05.0068 4372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:23:05.0068 4372 megasas - ok
14:23:05.0099 4372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:23:05.0099 4372 MegaSR - ok
14:23:05.0130 4372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:23:05.0130 4372 MMCSS - ok
14:23:05.0146 4372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:23:05.0146 4372 Modem - ok
14:23:05.0161 4372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:23:05.0161 4372 monitor - ok
14:23:05.0193 4372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:23:05.0193 4372 mouclass - ok
14:23:05.0224 4372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:23:05.0224 4372 mouhid - ok
14:23:05.0239 4372 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:23:05.0255 4372 mountmgr - ok
14:23:05.0271 4372 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:23:05.0271 4372 mpio - ok
14:23:05.0302 4372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:23:05.0302 4372 mpsdrv - ok
14:23:05.0349 4372 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:23:05.0364 4372 MpsSvc - ok
14:23:05.0380 4372 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:23:05.0380 4372 MRxDAV - ok
14:23:05.0411 4372 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:23:05.0411 4372 mrxsmb - ok
14:23:05.0458 4372 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:23:05.0458 4372 mrxsmb10 - ok
14:23:05.0473 4372 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:23:05.0489 4372 mrxsmb20 - ok
14:23:05.0505 4372 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:23:05.0505 4372 msahci - ok
14:23:05.0520 4372 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:23:05.0520 4372 msdsm - ok
14:23:05.0536 4372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:23:05.0536 4372 MSDTC - ok
14:23:05.0567 4372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:23:05.0567 4372 Msfs - ok
14:23:05.0567 4372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:23:05.0567 4372 mshidkmdf - ok
14:23:05.0583 4372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:23:05.0583 4372 msisadrv - ok
14:23:05.0614 4372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:23:05.0614 4372 MSiSCSI - ok
14:23:05.0629 4372 msiserver - ok
14:23:05.0629 4372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:23:05.0629 4372 MSKSSRV - ok
14:23:05.0645 4372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:23:05.0645 4372 MSPCLOCK - ok
14:23:05.0645 4372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:23:05.0645 4372 MSPQM - ok
14:23:05.0661 4372 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:23:05.0661 4372 MsRPC - ok
14:23:05.0676 4372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:23:05.0676 4372 mssmbios - ok
14:23:05.0676 4372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:23:05.0676 4372 MSTEE - ok
14:23:05.0692 4372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:23:05.0692 4372 MTConfig - ok
14:23:05.0707 4372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:23:05.0707 4372 Mup - ok
14:23:05.0801 4372 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
14:23:05.0801 4372 N360 - ok
14:23:05.0848 4372 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
14:23:05.0863 4372 napagent - ok
14:23:05.0895 4372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:23:05.0910 4372 NativeWifiP - ok
14:23:05.0988 4372 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130209.009\ENG64.SYS
14:23:05.0988 4372 NAVENG - ok
14:23:06.0066 4372 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130209.009\EX64.SYS
14:23:06.0082 4372 NAVEX15 - ok
14:23:06.0113 4372 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:23:06.0129 4372 NDIS - ok
14:23:06.0144 4372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:23:06.0144 4372 NdisCap - ok
14:23:06.0160 4372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:23:06.0160 4372 NdisTapi - ok
14:23:06.0191 4372 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:23:06.0191 4372 Ndisuio - ok
14:23:06.0207 4372 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:23:06.0207 4372 NdisWan - ok
14:23:06.0222 4372 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:23:06.0222 4372 NDProxy - ok
14:23:06.0238 4372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:23:06.0253 4372 NetBIOS - ok
14:23:06.0269 4372 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:23:06.0269 4372 NetBT - ok
14:23:06.0269 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
14:23:06.0269 4372 Netlogon - ok
14:23:06.0300 4372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:23:06.0316 4372 Netman - ok
14:23:06.0331 4372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:23:06.0331 4372 netprofm - ok
14:23:06.0378 4372 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
14:23:06.0378 4372 netr28x - ok
14:23:06.0409 4372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:23:06.0409 4372 NetTcpPortSharing - ok
14:23:06.0441 4372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:23:06.0441 4372 nfrd960 - ok
14:23:06.0456 4372 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:23:06.0456 4372 NlaSvc - ok
14:23:06.0534 4372 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:23:06.0565 4372 NOBU - ok
14:23:06.0581 4372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:23:06.0581 4372 Npfs - ok
14:23:06.0597 4372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:23:06.0612 4372 nsi - ok
14:23:06.0612 4372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:23:06.0612 4372 nsiproxy - ok
14:23:06.0675 4372 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:23:06.0721 4372 Ntfs - ok
14:23:06.0737 4372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:23:06.0737 4372 Null - ok
14:23:06.0768 4372 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:23:06.0768 4372 nvraid - ok
14:23:06.0799 4372 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:23:06.0799 4372 nvstor - ok
14:23:06.0815 4372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:23:06.0815 4372 nv_agp - ok
14:23:06.0846 4372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:23:06.0846 4372 ohci1394 - ok
14:23:06.0877 4372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:23:06.0877 4372 ose - ok
14:23:07.0049 4372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:23:07.0096 4372 osppsvc - ok
14:23:07.0143 4372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:23:07.0143 4372 p2pimsvc - ok
14:23:07.0158 4372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:23:07.0158 4372 p2psvc - ok
14:23:07.0189 4372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:23:07.0189 4372 Parport - ok
14:23:07.0221 4372 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:23:07.0236 4372 partmgr - ok
14:23:07.0252 4372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:23:07.0252 4372 PcaSvc - ok
14:23:07.0283 4372 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
14:23:07.0283 4372 pci - ok
14:23:07.0314 4372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:23:07.0314 4372 pciide - ok
14:23:07.0345 4372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:23:07.0345 4372 pcmcia - ok
14:23:07.0501 4372 [ E6E503845208A148A9E3E7FAA63B97A4 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
14:23:07.0517 4372 PCToolsSSDMonitorSvc - ok
14:23:07.0548 4372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:23:07.0548 4372 pcw - ok
14:23:07.0564 4372 pdfcDispatcher - ok
14:23:07.0595 4372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:23:07.0611 4372 PEAUTH - ok
14:23:07.0689 4372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:23:07.0704 4372 PerfHost - ok
14:23:07.0751 4372 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
14:23:07.0782 4372 pla - ok
14:23:07.0813 4372 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:23:07.0813 4372 PlugPlay - ok
14:23:07.0829 4372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:23:07.0829 4372 PNRPAutoReg - ok
14:23:07.0845 4372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:23:07.0845 4372 PNRPsvc - ok
14:23:07.0876 4372 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:23:07.0876 4372 PolicyAgent - ok
14:23:07.0891 4372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:23:07.0891 4372 Power - ok
14:23:07.0923 4372 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:23:07.0923 4372 PptpMiniport - ok
14:23:07.0938 4372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:23:07.0938 4372 Processor - ok
14:23:07.0969 4372 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
14:23:07.0985 4372 ProfSvc - ok
14:23:08.0001 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:23:08.0001 4372 ProtectedStorage - ok
14:23:08.0016 4372 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:23:08.0016 4372 Psched - ok
14:23:08.0079 4372 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:23:08.0079 4372 PxHlpa64 - ok
14:23:08.0125 4372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:23:08.0157 4372 ql2300 - ok
14:23:08.0172 4372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:23:08.0172 4372 ql40xx - ok
14:23:08.0219 4372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:23:08.0266 4372 QWAVE - ok
14:23:08.0281 4372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:23:08.0281 4372 QWAVEdrv - ok
14:23:08.0344 4372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:23:08.0375 4372 RasAcd - ok
14:23:08.0437 4372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:23:08.0453 4372 RasAgileVpn - ok
14:23:08.0469 4372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:23:08.0469 4372 RasAuto - ok
14:23:08.0484 4372 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:23:08.0484 4372 Rasl2tp - ok
14:23:08.0515 4372 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
14:23:08.0531 4372 RasMan - ok
14:23:08.0547 4372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:23:08.0547 4372 RasPppoe - ok
14:23:08.0578 4372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:23:08.0578 4372 RasSstp - ok
14:23:08.0593 4372 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:23:08.0609 4372 rdbss - ok
14:23:08.0656 4372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:23:08.0656 4372 rdpbus - ok
14:23:08.0687 4372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:23:08.0687 4372 RDPCDD - ok
14:23:08.0703 4372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:23:08.0703 4372 RDPENCDD - ok
14:23:08.0718 4372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:23:08.0718 4372 RDPREFMP - ok
14:23:08.0765 4372 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:23:08.0765 4372 RDPWD - ok
14:23:08.0781 4372 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:23:08.0781 4372 rdyboost - ok
14:23:08.0812 4372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:23:08.0812 4372 RemoteAccess - ok
14:23:08.0843 4372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:23:08.0843 4372 RemoteRegistry - ok
14:23:08.0968 4372 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:23:08.0999 4372 RoxMediaDB10 - ok
14:23:09.0015 4372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:23:09.0015 4372 RpcEptMapper - ok
14:23:09.0015 4372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:23:09.0015 4372 RpcLocator - ok
14:23:09.0030 4372 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
14:23:09.0030 4372 RpcSs - ok
14:23:09.0061 4372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:23:09.0061 4372 rspndr - ok
14:23:09.0093 4372 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:23:09.0093 4372 RTL8167 - ok
14:23:09.0108 4372 RxFilter - ok
14:23:09.0108 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
14:23:09.0108 4372 SamSs - ok
14:23:09.0124 4372 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:23:09.0124 4372 sbp2port - ok
14:23:09.0155 4372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:23:09.0155 4372 SCardSvr - ok
14:23:09.0171 4372 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:23:09.0171 4372 scfilter - ok
14:23:09.0217 4372 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
14:23:09.0233 4372 Schedule - ok
14:23:09.0249 4372 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:23:09.0249 4372 SCPolicySvc - ok
14:23:09.0264 4372 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:23:09.0264 4372 SDRSVC - ok
14:23:09.0295 4372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:23:09.0295 4372 secdrv - ok
14:23:09.0311 4372 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
14:23:09.0311 4372 seclogon - ok
14:23:09.0327 4372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:23:09.0327 4372 SENS - ok
14:23:09.0327 4372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:23:09.0342 4372 SensrSvc - ok
14:23:09.0358 4372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:23:09.0358 4372 Serenum - ok
14:23:09.0373 4372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:23:09.0373 4372 Serial - ok
14:23:09.0389 4372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:23:09.0389 4372 sermouse - ok
14:23:09.0405 4372 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
14:23:09.0405 4372 SessionEnv - ok
14:23:09.0420 4372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:23:09.0420 4372 sffdisk - ok
14:23:09.0436 4372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:23:09.0436 4372 sffp_mmc - ok
14:23:09.0436 4372 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:23:09.0436 4372 sffp_sd - ok
14:23:09.0451 4372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:23:09.0451 4372 sfloppy - ok
14:23:09.0483 4372 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:23:09.0498 4372 Sftfs - ok
14:23:09.0576 4372 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:23:09.0576 4372 sftlist - ok
14:23:09.0607 4372 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:23:09.0607 4372 Sftplay - ok
14:23:09.0623 4372 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:23:09.0623 4372 Sftredir - ok
14:23:09.0639 4372 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:23:09.0639 4372 Sftvol - ok
14:23:09.0654 4372 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:23:09.0654 4372 sftvsa - ok
14:23:09.0701 4372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:23:09.0701 4372 SharedAccess - ok
14:23:09.0748 4372 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:23:09.0748 4372 ShellHWDetection - ok
14:23:09.0763 4372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:23:09.0763 4372 SiSRaid2 - ok
14:23:09.0795 4372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:23:09.0795 4372 SiSRaid4 - ok
14:23:09.0810 4372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:23:09.0810 4372 Smb - ok
14:23:09.0826 4372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:23:09.0841 4372 SNMPTRAP - ok
14:23:09.0841 4372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:23:09.0841 4372 spldr - ok
14:23:09.0873 4372 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
14:23:09.0888 4372 Spooler - ok
14:23:09.0951 4372 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
14:23:09.0982 4372 sppsvc - ok
14:23:09.0997 4372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:23:09.0997 4372 sppuinotify - ok
14:23:10.0060 4372 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
14:23:10.0075 4372 SRTSP - ok
14:23:10.0122 4372 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
14:23:10.0122 4372 SRTSPX - ok
14:23:10.0169 4372 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:23:10.0169 4372 srv - ok
14:23:10.0200 4372 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:23:10.0200 4372 srv2 - ok
14:23:10.0231 4372 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:23:10.0247 4372 srvnet - ok
14:23:10.0278 4372 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
14:23:10.0278 4372 sscdbus - ok
14:23:10.0356 4372 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:23:10.0356 4372 sscdmdfl - ok
14:23:10.0372 4372 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
14:23:10.0387 4372 sscdmdm - ok
14:23:10.0403 4372 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
14:23:10.0403 4372 sscdserd - ok
14:23:10.0450 4372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:23:10.0450 4372 SSDPSRV - ok
14:23:10.0465 4372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:23:10.0481 4372 SstpSvc - ok
14:23:10.0497 4372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:23:10.0512 4372 stexstor - ok
14:23:10.0543 4372 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
14:23:10.0559 4372 stisvc - ok
14:23:10.0621 4372 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:23:10.0621 4372 stllssvr - ok
14:23:10.0653 4372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:23:10.0653 4372 swenum - ok
14:23:10.0684 4372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:23:10.0699 4372 swprv - ok
14:23:10.0746 4372 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
14:23:10.0746 4372 SymDS - ok
14:23:10.0777 4372 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
14:23:10.0793 4372 SymEFA - ok
14:23:10.0840 4372 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:23:10.0840 4372 SymEvent - ok
14:23:10.0871 4372 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
14:23:10.0871 4372 SymIRON - ok
14:23:10.0902 4372 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
14:23:10.0918 4372 SymNetS - ok
14:23:10.0980 4372 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
14:23:11.0011 4372 SysMain - ok
14:23:11.0011 4372 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:23:11.0027 4372 TabletInputService - ok
14:23:11.0027 4372 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
14:23:11.0043 4372 TapiSrv - ok
14:23:11.0043 4372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:23:11.0043 4372 TBS - ok
14:23:11.0121 4372 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:23:11.0152 4372 Tcpip - ok
14:23:11.0183 4372 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:23:11.0199 4372 TCPIP6 - ok
14:23:11.0214 4372 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:23:11.0214 4372 tcpipreg - ok
14:23:11.0245 4372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:23:11.0245 4372 TDPIPE - ok
14:23:11.0277 4372 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:23:11.0277 4372 TDTCP - ok
14:23:11.0292 4372 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:23:11.0292 4372 tdx - ok
14:23:11.0323 4372 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:23:11.0323 4372 TermDD - ok
14:23:11.0355 4372 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
14:23:11.0355 4372 TermService - ok
14:23:11.0370 4372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:23:11.0370 4372 Themes - ok
14:23:11.0386 4372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:23:11.0386 4372 THREADORDER - ok
14:23:11.0448 4372 [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
14:23:11.0448 4372 Tpkd - ok
14:23:11.0464 4372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:23:11.0464 4372 TrkWks - ok
14:23:11.0526 4372 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:23:11.0526 4372 TrustedInstaller - ok
14:23:11.0542 4372 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:23:11.0542 4372 tssecsrv - ok
14:23:11.0573 4372 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:23:11.0573 4372 tunnel - ok
14:23:11.0604 4372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:23:11.0604 4372 uagp35 - ok
14:23:11.0635 4372 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:23:11.0635 4372 udfs - ok
14:23:11.0667 4372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:23:11.0682 4372 UI0Detect - ok
14:23:11.0698 4372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:23:11.0698 4372 uliagpkx - ok
14:23:11.0729 4372 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:23:11.0729 4372 umbus - ok
14:23:11.0745 4372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:23:11.0745 4372 UmPass - ok
14:23:11.0760 4372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:23:11.0760 4372 upnphost - ok
14:23:11.0791 4372 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:23:11.0791 4372 USBAAPL64 - ok
14:23:11.0823 4372 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:23:11.0823 4372 usbccgp - ok
14:23:11.0854 4372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:23:11.0854 4372 usbcir - ok
14:23:11.0885 4372 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:23:11.0901 4372 usbehci - ok
14:23:11.0932 4372 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:23:11.0932 4372 usbfilter - ok
14:23:11.0947 4372 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:23:11.0963 4372 usbhub - ok
14:23:11.0979 4372 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:23:11.0979 4372 usbohci - ok
14:23:11.0994 4372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:23:11.0994 4372 usbprint - ok
14:23:12.0041 4372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:23:12.0041 4372 usbscan - ok
14:23:12.0057 4372 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:23:12.0072 4372 USBSTOR - ok
14:23:12.0103 4372 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:23:12.0103 4372 usbuhci - ok
14:23:12.0119 4372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:23:12.0135 4372 UxSms - ok
14:23:12.0135 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
14:23:12.0135 4372 VaultSvc - ok
14:23:12.0181 4372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:23:12.0181 4372 vdrvroot - ok
14:23:12.0197 4372 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
14:23:12.0213 4372 vds - ok
14:23:12.0228 4372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:23:12.0228 4372 vga - ok
14:23:12.0259 4372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:23:12.0259 4372 VgaSave - ok
14:23:12.0275 4372 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:23:12.0291 4372 vhdmp - ok
14:23:12.0306 4372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:23:12.0306 4372 viaide - ok
14:23:12.0337 4372 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:23:12.0337 4372 volmgr - ok
14:23:12.0353 4372 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:23:12.0353 4372 volmgrx - ok
14:23:12.0384 4372 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:23:12.0384 4372 volsnap - ok
14:23:12.0415 4372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:23:12.0431 4372 vsmraid - ok
14:23:12.0462 4372 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
14:23:12.0478 4372 VSS - ok
14:23:12.0493 4372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:23:12.0493 4372 vwifibus - ok
14:23:12.0509 4372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:23:12.0525 4372 vwififlt - ok
14:23:12.0540 4372 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:23:12.0540 4372 vwifimp - ok
14:23:12.0556 4372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:23:12.0556 4372 W32Time - ok
14:23:12.0571 4372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:23:12.0571 4372 WacomPen - ok
14:23:12.0618 4372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:23:12.0618 4372 WANARP - ok
14:23:12.0618 4372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:23:12.0618 4372 Wanarpv6 - ok
14:23:12.0665 4372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:23:12.0681 4372 WatAdminSvc - ok
14:23:12.0743 4372 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
14:23:12.0759 4372 wbengine - ok
14:23:12.0774 4372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:23:12.0774 4372 WbioSrvc - ok
14:23:12.0821 4372 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:23:12.0821 4372 wcncsvc - ok
14:23:12.0837 4372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:23:12.0852 4372 WcsPlugInService - ok
14:23:12.0868 4372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:23:12.0868 4372 Wd - ok
14:23:12.0915 4372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:23:12.0915 4372 Wdf01000 - ok
14:23:12.0930 4372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:23:12.0946 4372 WdiServiceHost - ok
14:23:12.0946 4372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:23:12.0946 4372 WdiSystemHost - ok
14:23:12.0977 4372 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
14:23:12.0977 4372 WebClient - ok
14:23:13.0008 4372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:23:13.0008 4372 Wecsvc - ok
14:23:13.0024 4372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:23:13.0024 4372 wercplsupport - ok
14:23:13.0039 4372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:23:13.0039 4372 WerSvc - ok
14:23:13.0055 4372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:23:13.0055 4372 WfpLwf - ok
14:23:13.0071 4372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:23:13.0071 4372 WIMMount - ok
14:23:13.0071 4372 WinDefend - ok
14:23:13.0071 4372 WinHttpAutoProxySvc - ok
14:23:13.0117 4372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:23:13.0117 4372 Winmgmt - ok
14:23:13.0180 4372 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:23:13.0211 4372 WinRM - ok
14:23:13.0242 4372 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:23:13.0242 4372 WinUsb - ok
14:23:13.0258 4372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:23:13.0273 4372 Wlansvc - ok
14:23:13.0398 4372 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:23:13.0461 4372 wlidsvc - ok
14:23:13.0476 4372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:23:13.0476 4372 WmiAcpi - ok
14:23:13.0492 4372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:23:13.0492 4372 wmiApSrv - ok
14:23:13.0523 4372 WMPNetworkSvc - ok
14:23:13.0554 4372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:23:13.0554 4372 WPCSvc - ok
14:23:13.0570 4372 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:23:13.0585 4372 WPDBusEnum - ok
14:23:13.0601 4372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:23:13.0601 4372 ws2ifsl - ok
14:23:13.0632 4372 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
14:23:13.0632 4372 wscsvc - ok
14:23:13.0648 4372 WSearch - ok
14:23:13.0726 4372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:23:13.0757 4372 wuauserv - ok
14:23:13.0773 4372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:23:13.0788 4372 WudfPf - ok
14:23:13.0804 4372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:23:13.0804 4372 WUDFRd - ok
14:23:13.0835 4372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:23:13.0835 4372 wudfsvc - ok
14:23:13.0866 4372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:23:13.0882 4372 WwanSvc - ok
14:23:13.0913 4372 ================ Scan global ===============================
14:23:13.0929 4372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:23:13.0960 4372 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
14:23:13.0960 4372 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
14:23:13.0991 4372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:23:14.0007 4372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:23:14.0022 4372 [Global] - ok
14:23:14.0022 4372 ================ Scan MBR ==================================
14:23:14.0022 4372 [ 6C6FDFF834AA5D876C307BEE53974486 ] \Device\Harddisk0\DR0
14:23:14.0022 4372 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:23:14.0085 4372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:23:14.0085 4372 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:23:14.0085 4372 ================ Scan VBR ==================================
14:23:14.0085 4372 [ 7C515AE4B463EE2958ADC19C4F6064C8 ] \Device\Harddisk0\DR0\Partition1
14:23:14.0085 4372 \Device\Harddisk0\DR0\Partition1 - ok
14:23:14.0131 4372 [ 0CC704E8B83EA2A8BFAE49BF82E6DCB4 ] \Device\Harddisk0\DR0\Partition2
14:23:14.0131 4372 \Device\Harddisk0\DR0\Partition2 - ok
14:23:14.0163 4372 [ 076EDD9422ECC01D696B3D626001F0F2 ] \Device\Harddisk0\DR0\Partition3
14:23:14.0178 4372 \Device\Harddisk0\DR0\Partition3 - ok
14:23:14.0178 4372 ============================================================
14:23:14.0178 4372 Scan finished
14:23:14.0178 4372 ============================================================
14:23:14.0194 4140 Detected object count: 1
14:23:14.0194 4140 Actual detected object count: 1
14:23:40.0527 4140 \Device\Harddisk0\DR0\# - copied to quarantine
14:23:40.0527 4140 \Device\Harddisk0\DR0 - copied to quarantine
14:23:40.0573 4140 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:23:40.0573 4140 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:23:40.0917 4140 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:23:41.0026 4140 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:23:41.0057 4140 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:23:41.0088 4140 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:23:41.0166 4140 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:23:41.0244 4140 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:23:41.0400 4140 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:23:41.0447 4140 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:23:41.0712 4140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:23:41.0743 4140 \Device\Harddisk0\DR0 - ok
14:23:44.0473 4140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:24:11.0040 5920 Deinitialize success
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that fixed a very nasty boot/rootkit.
please run Combofix again and post its new log. hopefully it will find & fix any left overs now
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
ComboFix 13-02-12.01 - Walker 02/12/2013 15:07:19.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4032 [GMT -5:00]
Running from: c:\users\Walker\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-12 20:19 . 2013-02-12 20:19 -------- d-----w- c:\users\Mcx1-WALKER-HP\AppData\Local\temp
2013-02-12 20:19 . 2013-02-12 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-12 19:23 . 2013-02-12 19:23 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iTunes
2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files (x86)\iTunes
2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iPod
2013-01-14 18:59 . 2013-01-14 18:59 -------- d-----w- c:\users\Walker\048298C9A4D3490B9FF9AB023A9238F3.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 16:52 . 2012-12-21 08:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 08:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 08:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 08:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2012-02-07 02:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 05:41 . 2013-01-09 08:12 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 08:12 2745856 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 08:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 08:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 08:12 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 08:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 08:12 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 08:12 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 08:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 08:12 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 08:12 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 08:12 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 08:12 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 08:12 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 08:12 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 08:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 08:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 08:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 08:12 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 08:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 08:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 08:12 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 08:12 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 08:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 08:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 08:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-11-30 05:50 . 2013-01-09 08:12 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:50 . 2013-01-09 08:12 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:50 . 2013-01-09 08:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:49 . 2013-01-09 08:12 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:46 . 2013-01-09 08:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:43 . 2013-01-09 08:12 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:43 . 2013-01-09 08:12 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 05:06 . 2013-01-09 08:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 05:06 . 2013-01-09 08:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:56 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:56 . 2013-01-09 08:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-30 03:33 . 2013-01-09 08:12 338432 ----a-w- c:\windows\system32\conhost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-19 39408]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Walker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Elvis Calendar Widget.lnk - c:\program files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe [N/A]
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130209.002\IDSvia64.sys [2012-12-27 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43816047
*NewlyCreated* - 92295310
*Deregistered* - 43816047
*Deregistered* - 92295310
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 20:35 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]
.
2013-01-31 c:\windows\Tasks\HPCeeScheduleForWalker.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-02-12 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-11 13:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 798216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-43816047.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\SecuROM\License information*]
"datasecu"=hex:ff,62,eb,da,64,59,f3,3f,c9,d1,2a,63,d1,fd,09,82,7e,7c,c6,17,46,
3f,db,af,2f,44,90,9e,23,c1,09,1d,e2,b4,9c,d8,4f,6f,03,92,43,a4,38,d0,3d,0b,\
"rkeysecu"=hex:76,18,61,e7,64,32,a3,b3,91,3b,1d,c5,16,b2,e2,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-12 15:32:27
ComboFix-quarantined-files.txt 2013-02-12 20:32
ComboFix2.txt 2013-02-11 21:45
.
Pre-Run: 846,376,960 bytes free
Post-Run: 784,797,696 bytes free
.
- - End Of File - - 9310F8F1C7189C8C077CD641CECFF0B2
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that all looks clear now

Are you having any problems still?
If it has all cleared up then
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
I haven't gotten anymore blue screens, I uninstalled Combofix and rebooted, and then I ran Secunia, but I'm still losing disk space. Thanks alot for all of your help so far.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
you never mentioned losing disk space before
please give some details
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
Well I have 1TB of space on my computer, and I think even now I'm down to less than 1GB of space. I'm not sure how quickly it got that low because I don't use that computer very often. I had been getting low disk space warnings, and whenever I did a disk cleanup it didn't seem to do anything. I uninstalled some programs and deleted some files and that would clear it up for awhile but within a day or so it would go back to giving me low disk space warnings. It got so bad that when I would run iTunes for instance, there wasn't even enough disk space for that.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
ok lets see what this tells us & clears out

Download Temp File Cleaner to your desktop
Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

If you are using Vista or Windows 7 then right click the TFC.exe & select run as Admin to allow it to work.
 

kyledurgan87

Thread Starter
Joined
Feb 9, 2013
Messages
11
I ran the program and rebooted. Did you want me to post a log? If it made one I'm not sure where it is. I still have 977 MB free of 919 GB.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top