1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Removing svchost.exe trojan agent

Discussion in 'Virus & Other Malware Removal' started by kyledurgan87, Feb 10, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    Hello, I've been having some problems with my computer lately (BSoD/Random crashes. Disc space lowering randomly for no reason, and pretty rapidly.)
    I've quick scanned with malwarebytes (I can post the logs if need be) and there were 2 objects detected called 'windows svchost.exe' trojan agent. After I rebooted with malwarebytes to remove it, I'm still having the same problems, and the 2 objects still come up when I scan. I'd really appreciate any help with this, so thanks in advance :)

    HijackThis Log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:50:10 PM, on 2/10/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Registry Mechanic\upgrade.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
    C:\Users\Walker\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - Startup: Dropbox.lnk = Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Elvis Calendar Widget.lnk = C:\Program Files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc.. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 13006 bytes

    DDS Logs:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Walker at 20:09:49 on 2013-02-10
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3659 [GMT -5:00]
    .
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    -netsvcs
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Registry Mechanic\upgrade.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Walker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Walker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ELVISC~1.LNK - C:\Program Files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe
    StartupFolder: C:\Users\Walker\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2A020CF5-DFEC-4FCE-A7EA-4028697FD5C4} : DHCPNameServer = 68.87.73.246 68.87.71.230
    TCP: Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}\7516C6B6562702E6564777F627B6 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{78B53DDB-3D6B-4D0A-8D83-1DAC44E39C0E} : DHCPNameServer = 69.78.134.231 69.78.80.231
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-1 55856]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-6-11 450680]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-6-11 912504]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130208.004\IDSviA64.sys [2013-2-9 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-6-11 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-6-11 386168]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-26 203264]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-3-10 583640]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-26 635416]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-3 138912]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-8-26 852256]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-26 346144]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-26 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\System32\drivers\htcusbnet.sys [2011-4-24 153600]
    S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\System32\drivers\MAudioFastTrack.sys [2009-10-2 187912]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-22 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-09 20:57:18 20480 ----a-w- C:\Windows\svchost.exe
    2013-02-02 21:25:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-02-02 21:25:37 -------- d-----w- C:\Program Files\iTunes
    2013-02-02 21:25:37 -------- d-----w- C:\Program Files\iPod
    2013-02-02 21:25:37 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-01-17 07:15:42 -------- d-----w- C:\Users\Walker\AppData\Local\{663B9014-75BE-4843-8E39-AB69F5DA8CF8}
    2013-01-14 18:59:01 -------- d-----w- C:\Users\Walker\048298C9A4D3490B9FF9AB023A9238F3.TMP
    .
    ==================== Find3M ====================
    .
    2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 20:12:02.03 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/20/2010 10:40:15 PM
    System Uptime: 2/10/2013 2:56:12 PM (6 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Phenom(tm) II X4 830 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 919 GiB total, 5.34 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    18 Wheels of Steel - American Long Haul
    18 Wheels of Steel Extreme Trucker
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    ATI Catalyst Install Manager
    Audacity 1.2.6
    Audacity 1.3.12 (Unicode)
    Avid Pro Tools SE 8.0.3
    Bejeweled 2 Deluxe
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Bonjour
    Build-a-lot 2
    Bus Driver
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    CyberLink DVD Suite Deluxe
    D3DX10
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    DivX Setup
    Dora's Carnival Adventure
    Driver Whiz
    Dropbox
    DVD Decrypter (Remove Only)
    DVD Menu Pack for HP MediaSmart Video
    Eighteen Wheels of Steel Haulin'
    EMC 10 Content
    EMCGadgets64
    Escape Rosecliff Island
    Family Feud 3
    FATE
    ffdshow [rev 2527] [2008-12-19]
    Final Drive Nitro
    FreeKapture 2.00 - Freeware
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    Interlok driver setup x64
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LAME v3.98.3 for Audacity
    Lemonade Tycoon 2
    LightScribe System Software
    LimeWire 5.5.16
    M-Audio FastTrack Driver 6.0.2 (x64)
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    MCEBrowser
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nate's Kentucky Rook 2.0.0
    Norton 360
    Norton Online Backup
    Origin
    Oval Office
    PDF Complete Special Edition
    Penguins!
    PhotoNow!
    Picasa 3
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    QuickTime
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    Registry Mechanic 10.0
    Registry Reviver
    Romopolis
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio CinemaNow 2.0
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio File Backup
    Roxio PhotoShow
    Roxio Update Manager
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Shutter Island
    Sonic CinePlayer Decoder Pack
    SoulSeek 157 NS 13e
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Generations
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 Outdoor Living Stuff
    The Sims™ 3 Pets
    The Sims™ 3 Seasons
    The Sims™ 3 Showtime
    The Sims™ 3 World Adventures
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.6195
    VD64Inst
    Virtual Families
    Virtual Villagers - The Secret City
    Watchtower Library 2009 - English
    Watchtower Library 2010 - English
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    WModem Driver Installer
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2013 6:13:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c5ef95, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\020913-39499-01.dmp. Report Id: 020913-39499-01.
    2/9/2013 4:13:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Walker-HP\Walker SID (S-1-5-21-2394937029-579550273-2574859083-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/9/2013 12:34:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    2/9/2013 12:32:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    2/9/2013 12:32:40 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/9/2013 12:31:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    2/9/2013 12:31:34 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/9/2013 12:27:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fbd3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020913-37206-01.dmp. Report Id: 020913-37206-01.
    2/9/2013 10:06:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9ef95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020913-36067-01.
    2/3/2013 9:06:07 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c51f95). A dump was saved in: C:\Windows\Minidump\020313-31839-01.dmp. Report Id: 020313-31839-01.
    2/3/2013 7:59:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f683fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020313-35381-01.dmp. Report Id: 020313-35381-01.
    2/3/2013 6:52:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb63fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020313-60793-01.dmp. Report Id: 020313-60793-01.
    2/3/2013 5:33:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f6f3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\020313-37955-01.dmp. Report Id: 020313-37955-01.
    2/3/2013 10:12:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000020e00000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c8463f). A dump was saved in: C:\Windows\Minidump\020313-30279-01.dmp. Report Id: 020313-30279-01.
    2/10/2013 7:00:53 AM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/10/2013 6:33:38 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    2/10/2013 6:33:38 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    2/10/2013 6:33:38 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    2/10/2013 6:27:51 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    2/10/2013 6:27:08 AM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
    2/10/2013 3:08:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
    2/10/2013 3:08:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
    2/10/2013 2:57:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    2/10/2013 2:56:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c59703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\Minidump\021013-41075-01.dmp. Report Id: 021013-41075-01.
    2/10/2013 2:56:37 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2/10/2013 2:17:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c5cf95). A dump was saved in: C:\Windows\Minidump\021013-53991-01.dmp. Report Id: 021013-53991-01.
    2/10/2013 12:17:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/10/2013 12:09:10 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    .
    ==== End Of File ===========================
    GMER Log:
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-10 22:55:42
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Hitachi_ rev.JP4O 931.51GB
    Running: veqdg562.exe; Driver: C:\Users\Walker\AppData\Local\Temp\ufdcypoc.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\kernel32.dll!WriteFile 00000000765c1262 5 bytes JMP 000000010011000a
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076f10e0d 5 bytes JMP 0000000100a2000a
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000076f12ddb 5 bytes JMP 0000000100a3000a
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\USER32.dll!GetForegroundWindow 0000000076f136c0 5 bytes JMP 0000000100a4000a
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ce590c 5 bytes JMP 00000001001d000a
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text \\.\globalroot\systemroot\svchost.exe[3784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe[4376] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
    ---- Devices - GMER 2.0 ----
    Device \Driver\amdsata \Device\00000064 fffffa80068725c4
    ---- Trace I/O - GMER 2.0 ----
    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys >>UNKNOWN [0xfffffa80068725c4]<< fffffa80068725c4
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f33790] fffffa8005f33790
    Trace 3 CLASSPNP.SYS[fffff88001a9243f] -> nt!IofCallDriver -> [0xfffffa8004f23040] fffffa8004f23040
    Trace 5 amdxata.sys[fffff880011057a8] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8005dd99c0] fffffa8005dd99c0
    Trace \Driver\amdsata[0xfffffa800686e230] -> IRP_MJ_CREATE -> 0xfffffa80068725c4 fffffa80068725c4
    ---- Threads - GMER 2.0 ----
    Thread C:\Windows\SysWOW64\ntdll.dll [1804:1808] 000000000041009c
    Thread C:\Windows\SysWOW64\ntdll.dll [1804:2696] 00000000608ae21c
    Thread C:\Windows\SysWOW64\ntdll.dll [1804:2796] 000000006be03bf2
    Thread C:\Windows\SysWOW64\ntdll.dll [1804:2808] 00000000723f7019
    Thread C:\Windows\SysWOW64\ntdll.dll [1804:4868] 0000000070de1854
    Thread \\.\globalroot\systemroot\svchost.exe [3784:4188] 0000000000012947
    Thread \\.\globalroot\systemroot\svchost.exe [3784:4196] 0000000000012bc7
    ---- Processes - GMER 2.0 ----
    Library \\.\globalroot\systemroot\svchost.exe (*** suspicious ***) @ \\.\globalroot\systemroot\svchost.exe [3784] 0000000000c30000
    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 unknown MBR code
    ---- EOF - GMER 2.0 ----
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  3. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    Hey, thanks alot for your help and such a quick reply! I disabled the windows firewall in control panel, and within the last couple of days my Norton subscription ran out. I couldnt think of anything else I would need to disable on my computer, but let me know if I'm wrong. When I ran combofix and it was scanning, it was in stage 4 im pretty sure, I got a BSoD. My computer restarted and is running ok, but I'm not really sure how to proceed now. Thanks again
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    run Combofix again please
     
  5. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    Ok it worked after a couple of tries, thanks


    ComboFix 13-02-07.02 - Walker 02/11/2013 16:16:53.3.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4203 [GMT -5:00]

    Running from: c:\users\Walker\Desktop\ComboFix.exe

    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\Install.exe

    c:\users\Public\Documents\~WRL3865.tmp

    c:\users\Walker\Documents\~WRL0442.tmp

    c:\windows\svchost.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))

    .

    .

    2013-02-11 21:31 . 2013-02-11 21:31 -------- d-----w- c:\users\Mcx1-WALKER-HP\AppData\Local\temp

    2013-02-11 21:31 . 2013-02-11 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iTunes

    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files (x86)\iTunes

    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iPod

    2013-01-14 18:59 . 2013-01-14 18:59 -------- d-----w- c:\users\Walker\048298C9A4D3490B9FF9AB023A9238F3.TMP

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-16 16:52 . 2012-12-21 08:08 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-16 14:40 . 2012-12-21 08:08 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-16 14:25 . 2012-12-21 08:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-16 14:25 . 2012-12-21 08:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-14 21:49 . 2012-02-07 02:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-12-07 05:41 . 2013-01-09 08:12 441856 ----a-w- c:\windows\system32\Wpc.dll

    2012-12-07 05:35 . 2013-01-09 08:12 2745856 ----a-w- c:\windows\system32\gameux.dll

    2012-12-07 05:04 . 2013-01-09 08:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

    2012-12-07 04:57 . 2013-01-09 08:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

    2012-12-07 03:45 . 2013-01-09 08:12 43520 ----a-w- c:\windows\system32\csrr.rs

    2012-12-07 03:45 . 2013-01-09 08:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs

    2012-12-07 03:45 . 2013-01-09 08:12 30720 ----a-w- c:\windows\system32\usk.rs

    2012-12-07 03:45 . 2013-01-09 08:12 23552 ----a-w- c:\windows\system32\oflc.rs

    2012-12-07 03:45 . 2013-01-09 08:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs

    2012-12-07 03:45 . 2013-01-09 08:12 40960 ----a-w- c:\windows\system32\cob-au.rs

    2012-12-07 03:45 . 2013-01-09 08:12 21504 ----a-w- c:\windows\system32\grb.rs

    2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs

    2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs

    2012-12-07 03:45 . 2013-01-09 08:12 46592 ----a-w- c:\windows\system32\fpb.rs

    2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi.rs

    2012-12-07 03:45 . 2013-01-09 08:12 15360 ----a-w- c:\windows\system32\djctq.rs

    2012-12-07 03:45 . 2013-01-09 08:12 55296 ----a-w- c:\windows\system32\cero.rs

    2012-12-07 03:45 . 2013-01-09 08:12 51712 ----a-w- c:\windows\system32\esrb.rs

    2012-12-07 03:21 . 2013-01-09 08:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

    2012-12-07 03:21 . 2013-01-09 08:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

    2012-12-07 03:21 . 2013-01-09 08:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs

    2012-12-07 03:21 . 2013-01-09 08:12 30720 ----a-w- c:\windows\SysWow64\usk.rs

    2012-12-07 03:21 . 2013-01-09 08:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs

    2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

    2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs

    2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

    2012-12-07 03:21 . 2013-01-09 08:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs

    2012-12-07 03:21 . 2013-01-09 08:12 21504 ----a-w- c:\windows\SysWow64\grb.rs

    2012-12-07 03:21 . 2013-01-09 08:12 55296 ----a-w- c:\windows\SysWow64\cero.rs

    2012-12-07 03:21 . 2013-01-09 08:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs

    2012-12-07 03:21 . 2013-01-09 08:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

    2012-12-07 03:21 . 2013-01-09 08:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs

    2012-11-30 05:50 . 2013-01-09 08:12 362496 ----a-w- c:\windows\system32\wow64win.dll

    2012-11-30 05:50 . 2013-01-09 08:12 243200 ----a-w- c:\windows\system32\wow64.dll

    2012-11-30 05:50 . 2013-01-09 08:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll

    2012-11-30 05:49 . 2013-01-09 08:12 215040 ----a-w- c:\windows\system32\winsrv.dll

    2012-11-30 05:46 . 2013-01-09 08:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll

    2012-11-30 05:43 . 2013-01-09 08:12 424960 ----a-w- c:\windows\system32\KernelBase.dll

    2012-11-30 05:43 . 2013-01-09 08:12 1161216 ----a-w- c:\windows\system32\kernel32.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

    2012-11-30 05:06 . 2013-01-09 08:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll

    2012-11-30 05:06 . 2013-01-09 08:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

    2012-11-30 04:56 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

    2012-11-30 04:56 . 2013-01-09 08:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-11-30 03:33 . 2013-01-09 08:12 338432 ----a-w- c:\windows\system32\conhost.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]

    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-19 39408]

    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

    "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

    .

    c:\users\Walker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

    Elvis Calendar Widget.lnk - c:\program files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe [N/A]

    LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

    R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600]

    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]

    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1255736]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]

    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]

    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130209.002\IDSvia64.sys [2012-12-27 513184]

    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]

    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]

    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]

    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-02-02 20:35 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]

    .

    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]

    .

    2013-01-31 c:\windows\Tasks\HPCeeScheduleForWalker.job

    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

    .

    2013-02-11 c:\windows\Tasks\RMSchedule.job

    - c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-11 13:46]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 798216]

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uLocal Page = c:\windows\system32\blank.htm

    uDefault_Search_URL = hxxp://www.google.com/ie

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

    Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

    .

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

    --

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="WindowsLiveMail.Email.1"

    .

    [HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="WindowsLiveMail.VCard.1"

    .

    [HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\SecuROM\License information*]

    "datasecu"=hex:ff,62,eb,da,64,59,f3,3f,c9,d1,2a,63,d1,fd,09,82,7e,7c,c6,17,46,

    3f,db,af,2f,44,90,9e,23,c1,09,1d,e2,b4,9c,d8,4f,6f,03,92,43,a4,38,d0,3d,0b,\

    "rkeysecu"=hex:76,18,61,e7,64,32,a3,b3,91,3b,1d,c5,16,b2,e2,37

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2013-02-11 16:45:14

    ComboFix-quarantined-files.txt 2013-02-11 21:45

    .

    Pre-Run: 1,106,939,904 bytes free

    Post-Run: 963,457,024 bytes free

    .

    - - End Of File - - D3DB999D23F1CC582D8E79A877AD35AA
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    next

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  7. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    14:22:37.0970 5460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    14:22:38.0314 5460 ============================================================
    14:22:38.0314 5460 Current date / time: 2013/02/12 14:22:38.0314
    14:22:38.0314 5460 SystemInfo:
    14:22:38.0314 5460
    14:22:38.0314 5460 OS Version: 6.1.7600 ServicePack: 0.0
    14:22:38.0314 5460 Product type: Workstation
    14:22:38.0314 5460 ComputerName: WALKER-HP
    14:22:38.0314 5460 UserName: Walker
    14:22:38.0314 5460 Windows directory: C:\Windows
    14:22:38.0314 5460 System windows directory: C:\Windows
    14:22:38.0314 5460 Running under WOW64
    14:22:38.0314 5460 Processor architecture: Intel x64
    14:22:38.0314 5460 Number of processors: 4
    14:22:38.0314 5460 Page size: 0x1000
    14:22:38.0314 5460 Boot type: Normal boot
    14:22:38.0314 5460 ============================================================
    14:22:42.0136 5460 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:22:42.0167 5460 ============================================================
    14:22:42.0167 5460 \Device\Harddisk0\DR0:
    14:22:42.0167 5460 MBR partitions:
    14:22:42.0167 5460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    14:22:42.0167 5460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EAB000
    14:22:42.0167 5460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72EDD800, BlocksNum 0x1828800
    14:22:42.0167 5460 ============================================================
    14:22:42.0182 5460 C: <-> \Device\Harddisk0\DR0\Partition2
    14:22:42.0229 5460 D: <-> \Device\Harddisk0\DR0\Partition3
    14:22:42.0229 5460 ============================================================
    14:22:42.0229 5460 Initialize success
    14:22:42.0229 5460 ============================================================
    14:22:56.0035 4372 ============================================================
    14:22:56.0035 4372 Scan started
    14:22:56.0035 4372 Mode: Manual;
    14:22:56.0035 4372 ============================================================
    14:22:58.0235 4372 ================ Scan system memory ========================
    14:22:58.0235 4372 System memory - ok
    14:22:58.0235 4372 ================ Scan services =============================
    14:22:58.0391 4372 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    14:22:58.0391 4372 1394ohci - ok
    14:22:58.0422 4372 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    14:22:58.0422 4372 ACPI - ok
    14:22:58.0438 4372 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    14:22:58.0438 4372 AcpiPmi - ok
    14:22:58.0469 4372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    14:22:58.0469 4372 adp94xx - ok
    14:22:58.0484 4372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    14:22:58.0500 4372 adpahci - ok
    14:22:58.0500 4372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    14:22:58.0500 4372 adpu320 - ok
    14:22:58.0531 4372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    14:22:58.0531 4372 AeLookupSvc - ok
    14:22:58.0578 4372 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    14:22:58.0578 4372 AFD - ok
    14:22:58.0640 4372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    14:22:58.0640 4372 agp440 - ok
    14:22:58.0656 4372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    14:22:58.0656 4372 ALG - ok
    14:22:58.0672 4372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    14:22:58.0672 4372 aliide - ok
    14:22:58.0703 4372 [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    14:22:58.0703 4372 AMD External Events Utility - ok
    14:22:58.0718 4372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    14:22:58.0718 4372 amdide - ok
    14:22:58.0734 4372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    14:22:58.0734 4372 AmdK8 - ok
    14:22:58.0859 4372 [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    14:22:58.0952 4372 amdkmdag - ok
    14:22:58.0968 4372 [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    14:22:58.0968 4372 amdkmdap - ok
    14:22:58.0999 4372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    14:22:58.0999 4372 AmdPPM - ok
    14:22:59.0015 4372 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    14:22:59.0030 4372 amdsata - ok
    14:22:59.0046 4372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    14:22:59.0062 4372 amdsbs - ok
    14:22:59.0077 4372 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    14:22:59.0077 4372 amdxata - ok
    14:22:59.0093 4372 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    14:22:59.0108 4372 AppID - ok
    14:22:59.0124 4372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    14:22:59.0124 4372 AppIDSvc - ok
    14:22:59.0140 4372 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    14:22:59.0140 4372 Appinfo - ok
    14:22:59.0249 4372 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    14:22:59.0249 4372 Apple Mobile Device - ok
    14:22:59.0280 4372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    14:22:59.0280 4372 arc - ok
    14:22:59.0296 4372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    14:22:59.0296 4372 arcsas - ok
    14:22:59.0327 4372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    14:22:59.0327 4372 AsyncMac - ok
    14:22:59.0342 4372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    14:22:59.0358 4372 atapi - ok
    14:22:59.0389 4372 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
    14:22:59.0389 4372 AtiPcie - ok
    14:22:59.0420 4372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:22:59.0436 4372 AudioEndpointBuilder - ok
    14:22:59.0452 4372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    14:22:59.0467 4372 AudioSrv - ok
    14:22:59.0467 4372 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    14:22:59.0467 4372 AxInstSV - ok
    14:22:59.0483 4372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    14:22:59.0498 4372 b06bdrv - ok
    14:22:59.0530 4372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:22:59.0530 4372 b57nd60a - ok
    14:22:59.0545 4372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    14:22:59.0545 4372 BDESVC - ok
    14:22:59.0561 4372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    14:22:59.0561 4372 Beep - ok
    14:22:59.0608 4372 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    14:22:59.0623 4372 BFE - ok
    14:22:59.0826 4372 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
    14:22:59.0842 4372 BHDrvx64 - ok
    14:22:59.0873 4372 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
    14:22:59.0888 4372 BITS - ok
    14:22:59.0904 4372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    14:22:59.0904 4372 blbdrive - ok
    14:22:59.0982 4372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    14:22:59.0998 4372 Bonjour Service - ok
    14:23:00.0029 4372 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    14:23:00.0044 4372 bowser - ok
    14:23:00.0060 4372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:23:00.0076 4372 BrFiltLo - ok
    14:23:00.0091 4372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:23:00.0091 4372 BrFiltUp - ok
    14:23:00.0122 4372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    14:23:00.0122 4372 BridgeMP - ok
    14:23:00.0154 4372 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    14:23:00.0169 4372 Browser - ok
    14:23:00.0200 4372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    14:23:00.0200 4372 Brserid - ok
    14:23:00.0216 4372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    14:23:00.0232 4372 BrSerWdm - ok
    14:23:00.0247 4372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:23:00.0247 4372 BrUsbMdm - ok
    14:23:00.0247 4372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    14:23:00.0247 4372 BrUsbSer - ok
    14:23:00.0263 4372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    14:23:00.0263 4372 BTHMODEM - ok
    14:23:00.0310 4372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    14:23:00.0310 4372 bthserv - ok
    14:23:00.0341 4372 catchme - ok
    14:23:00.0372 4372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    14:23:00.0372 4372 cdfs - ok
    14:23:00.0403 4372 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    14:23:00.0403 4372 cdrom - ok
    14:23:00.0419 4372 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    14:23:00.0419 4372 CertPropSvc - ok
    14:23:00.0466 4372 [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    14:23:00.0466 4372 CinemaNow Service - ok
    14:23:00.0497 4372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    14:23:00.0497 4372 circlass - ok
    14:23:00.0528 4372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    14:23:00.0544 4372 CLFS - ok
    14:23:00.0590 4372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:23:00.0590 4372 clr_optimization_v2.0.50727_32 - ok
    14:23:00.0668 4372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    14:23:00.0668 4372 clr_optimization_v2.0.50727_64 - ok
    14:23:00.0715 4372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:23:00.0715 4372 clr_optimization_v4.0.30319_32 - ok
    14:23:00.0746 4372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    14:23:00.0746 4372 clr_optimization_v4.0.30319_64 - ok
    14:23:00.0778 4372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    14:23:00.0793 4372 CmBatt - ok
    14:23:00.0793 4372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    14:23:00.0809 4372 cmdide - ok
    14:23:00.0856 4372 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    14:23:00.0856 4372 CNG - ok
    14:23:00.0871 4372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    14:23:00.0871 4372 Compbatt - ok
    14:23:00.0887 4372 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:23:00.0887 4372 CompositeBus - ok
    14:23:00.0902 4372 COMSysApp - ok
    14:23:00.0918 4372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    14:23:00.0918 4372 crcdisk - ok
    14:23:00.0949 4372 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    14:23:00.0965 4372 CryptSvc - ok
    14:23:01.0043 4372 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    14:23:01.0058 4372 cvhsvc - ok
    14:23:01.0090 4372 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    14:23:01.0105 4372 DcomLaunch - ok
    14:23:01.0121 4372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    14:23:01.0136 4372 defragsvc - ok
    14:23:01.0168 4372 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    14:23:01.0168 4372 DfsC - ok
    14:23:01.0183 4372 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    14:23:01.0183 4372 Dhcp - ok
    14:23:01.0246 4372 DigiRefresh - ok
    14:23:01.0277 4372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    14:23:01.0277 4372 discache - ok
    14:23:01.0308 4372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    14:23:01.0308 4372 Disk - ok
    14:23:01.0355 4372 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    14:23:01.0355 4372 Dnscache - ok
    14:23:01.0402 4372 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    14:23:01.0402 4372 dot3svc - ok
    14:23:01.0417 4372 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    14:23:01.0433 4372 DPS - ok
    14:23:01.0433 4372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    14:23:01.0448 4372 drmkaud - ok
    14:23:01.0480 4372 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    14:23:01.0495 4372 DXGKrnl - ok
    14:23:01.0526 4372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    14:23:01.0526 4372 EapHost - ok
    14:23:01.0620 4372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    14:23:01.0651 4372 ebdrv - ok
    14:23:01.0714 4372 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    14:23:01.0729 4372 eeCtrl - ok
    14:23:01.0760 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    14:23:01.0760 4372 EFS - ok
    14:23:01.0838 4372 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    14:23:01.0854 4372 ehRecvr - ok
    14:23:01.0885 4372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    14:23:01.0885 4372 ehSched - ok
    14:23:01.0932 4372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    14:23:01.0948 4372 elxstor - ok
    14:23:02.0010 4372 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    14:23:02.0010 4372 EraserUtilRebootDrv - ok
    14:23:02.0026 4372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    14:23:02.0026 4372 ErrDev - ok
    14:23:02.0072 4372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    14:23:02.0088 4372 EventSystem - ok
    14:23:02.0104 4372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    14:23:02.0119 4372 exfat - ok
    14:23:02.0150 4372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    14:23:02.0150 4372 fastfat - ok
    14:23:02.0182 4372 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    14:23:02.0197 4372 Fax - ok
    14:23:02.0213 4372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    14:23:02.0213 4372 fdc - ok
    14:23:02.0228 4372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    14:23:02.0228 4372 fdPHost - ok
    14:23:02.0228 4372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    14:23:02.0244 4372 FDResPub - ok
    14:23:02.0260 4372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    14:23:02.0260 4372 FileInfo - ok
    14:23:02.0260 4372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    14:23:02.0260 4372 Filetrace - ok
    14:23:02.0291 4372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    14:23:02.0291 4372 flpydisk - ok
    14:23:02.0306 4372 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    14:23:02.0306 4372 FltMgr - ok
    14:23:02.0353 4372 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    14:23:02.0369 4372 FontCache - ok
    14:23:02.0400 4372 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:23:02.0400 4372 FontCache3.0.0.0 - ok
    14:23:02.0416 4372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    14:23:02.0416 4372 FsDepends - ok
    14:23:02.0447 4372 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    14:23:02.0447 4372 Fs_Rec - ok
    14:23:02.0478 4372 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    14:23:02.0478 4372 fvevol - ok
    14:23:02.0494 4372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:23:02.0509 4372 gagp30kx - ok
    14:23:02.0556 4372 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    14:23:02.0556 4372 GamesAppService - ok
    14:23:02.0603 4372 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:23:02.0618 4372 GEARAspiWDM - ok
    14:23:02.0665 4372 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    14:23:02.0681 4372 gpsvc - ok
    14:23:02.0790 4372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    14:23:02.0806 4372 gupdate - ok
    14:23:02.0837 4372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    14:23:02.0852 4372 gupdatem - ok
    14:23:02.0915 4372 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    14:23:02.0915 4372 gusvc - ok
    14:23:03.0008 4372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    14:23:03.0024 4372 hcw85cir - ok
    14:23:03.0180 4372 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    14:23:03.0196 4372 HdAudAddService - ok
    14:23:03.0227 4372 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:23:03.0227 4372 HDAudBus - ok
    14:23:03.0243 4372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    14:23:03.0243 4372 HidBatt - ok
    14:23:03.0258 4372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    14:23:03.0258 4372 HidBth - ok
    14:23:03.0274 4372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    14:23:03.0289 4372 HidIr - ok
    14:23:03.0305 4372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    14:23:03.0305 4372 hidserv - ok
    14:23:03.0352 4372 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    14:23:03.0352 4372 HidUsb - ok
    14:23:03.0367 4372 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    14:23:03.0383 4372 hkmsvc - ok
    14:23:03.0399 4372 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    14:23:03.0399 4372 HomeGroupListener - ok
    14:23:03.0430 4372 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    14:23:03.0445 4372 HomeGroupProvider - ok
    14:23:03.0539 4372 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    14:23:03.0539 4372 HP Support Assistant Service - ok
    14:23:03.0601 4372 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    14:23:03.0617 4372 hpqwmiex - ok
    14:23:03.0648 4372 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    14:23:03.0648 4372 HpSAMD - ok
    14:23:03.0664 4372 [ 6B2A1B01B79036A265734964CBA73AAB ] htcusbnet C:\Windows\system32\DRIVERS\htcusbnet.sys
    14:23:03.0679 4372 htcusbnet - ok
    14:23:03.0695 4372 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    14:23:03.0711 4372 HTTP - ok
    14:23:03.0726 4372 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    14:23:03.0726 4372 hwpolicy - ok
    14:23:03.0742 4372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    14:23:03.0742 4372 i8042prt - ok
    14:23:03.0773 4372 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    14:23:03.0789 4372 iaStorV - ok
    14:23:03.0820 4372 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:23:03.0835 4372 IDriverT - ok
    14:23:03.0898 4372 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:23:03.0913 4372 idsvc - ok
    14:23:04.0007 4372 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130209.002\IDSvia64.sys
    14:23:04.0007 4372 IDSVia64 - ok
    14:23:04.0038 4372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    14:23:04.0038 4372 iirsp - ok
    14:23:04.0069 4372 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    14:23:04.0085 4372 IKEEXT - ok
    14:23:04.0163 4372 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    14:23:04.0194 4372 IntcAzAudAddService - ok
    14:23:04.0210 4372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    14:23:04.0225 4372 intelide - ok
    14:23:04.0225 4372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    14:23:04.0225 4372 intelppm - ok
    14:23:04.0241 4372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    14:23:04.0241 4372 IPBusEnum - ok
    14:23:04.0241 4372 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:23:04.0241 4372 IpFilterDriver - ok
    14:23:04.0288 4372 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    14:23:04.0303 4372 iphlpsvc - ok
    14:23:04.0319 4372 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    14:23:04.0319 4372 IPMIDRV - ok
    14:23:04.0335 4372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    14:23:04.0335 4372 IPNAT - ok
    14:23:04.0366 4372 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    14:23:04.0381 4372 iPod Service - ok
    14:23:04.0397 4372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    14:23:04.0397 4372 IRENUM - ok
    14:23:04.0413 4372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    14:23:04.0413 4372 isapnp - ok
    14:23:04.0444 4372 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    14:23:04.0444 4372 iScsiPrt - ok
    14:23:04.0475 4372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    14:23:04.0475 4372 kbdclass - ok
    14:23:04.0491 4372 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    14:23:04.0491 4372 kbdhid - ok
    14:23:04.0506 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    14:23:04.0506 4372 KeyIso - ok
    14:23:04.0537 4372 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    14:23:04.0537 4372 KSecDD - ok
    14:23:04.0553 4372 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    14:23:04.0553 4372 KSecPkg - ok
    14:23:04.0569 4372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    14:23:04.0569 4372 ksthunk - ok
    14:23:04.0600 4372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    14:23:04.0600 4372 KtmRm - ok
    14:23:04.0647 4372 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
    14:23:04.0647 4372 LanmanServer - ok
    14:23:04.0662 4372 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:23:04.0662 4372 LanmanWorkstation - ok
    14:23:04.0725 4372 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    14:23:04.0725 4372 LightScribeService - ok
    14:23:04.0756 4372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    14:23:04.0756 4372 lltdio - ok
    14:23:04.0771 4372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    14:23:04.0787 4372 lltdsvc - ok
    14:23:04.0803 4372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    14:23:04.0803 4372 lmhosts - ok
    14:23:04.0818 4372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:23:04.0818 4372 LSI_FC - ok
    14:23:04.0834 4372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:23:04.0834 4372 LSI_SAS - ok
    14:23:04.0849 4372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:23:04.0849 4372 LSI_SAS2 - ok
    14:23:04.0865 4372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:23:04.0865 4372 LSI_SCSI - ok
    14:23:04.0881 4372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    14:23:04.0881 4372 luafv - ok
    14:23:04.0927 4372 [ 1AC47DF9BAC9A893F57ECADC63CD20EE ] MAUSBFASTTRACK C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
    14:23:04.0927 4372 MAUSBFASTTRACK - ok
    14:23:05.0005 4372 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    14:23:05.0005 4372 McComponentHostService - ok
    14:23:05.0037 4372 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    14:23:05.0037 4372 Mcx2Svc - ok
    14:23:05.0068 4372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    14:23:05.0068 4372 megasas - ok
    14:23:05.0099 4372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    14:23:05.0099 4372 MegaSR - ok
    14:23:05.0130 4372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    14:23:05.0130 4372 MMCSS - ok
    14:23:05.0146 4372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    14:23:05.0146 4372 Modem - ok
    14:23:05.0161 4372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    14:23:05.0161 4372 monitor - ok
    14:23:05.0193 4372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    14:23:05.0193 4372 mouclass - ok
    14:23:05.0224 4372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    14:23:05.0224 4372 mouhid - ok
    14:23:05.0239 4372 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    14:23:05.0255 4372 mountmgr - ok
    14:23:05.0271 4372 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    14:23:05.0271 4372 mpio - ok
    14:23:05.0302 4372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    14:23:05.0302 4372 mpsdrv - ok
    14:23:05.0349 4372 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    14:23:05.0364 4372 MpsSvc - ok
    14:23:05.0380 4372 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    14:23:05.0380 4372 MRxDAV - ok
    14:23:05.0411 4372 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:23:05.0411 4372 mrxsmb - ok
    14:23:05.0458 4372 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:23:05.0458 4372 mrxsmb10 - ok
    14:23:05.0473 4372 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:23:05.0489 4372 mrxsmb20 - ok
    14:23:05.0505 4372 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    14:23:05.0505 4372 msahci - ok
    14:23:05.0520 4372 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    14:23:05.0520 4372 msdsm - ok
    14:23:05.0536 4372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    14:23:05.0536 4372 MSDTC - ok
    14:23:05.0567 4372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    14:23:05.0567 4372 Msfs - ok
    14:23:05.0567 4372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    14:23:05.0567 4372 mshidkmdf - ok
    14:23:05.0583 4372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    14:23:05.0583 4372 msisadrv - ok
    14:23:05.0614 4372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    14:23:05.0614 4372 MSiSCSI - ok
    14:23:05.0629 4372 msiserver - ok
    14:23:05.0629 4372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    14:23:05.0629 4372 MSKSSRV - ok
    14:23:05.0645 4372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    14:23:05.0645 4372 MSPCLOCK - ok
    14:23:05.0645 4372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    14:23:05.0645 4372 MSPQM - ok
    14:23:05.0661 4372 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    14:23:05.0661 4372 MsRPC - ok
    14:23:05.0676 4372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    14:23:05.0676 4372 mssmbios - ok
    14:23:05.0676 4372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    14:23:05.0676 4372 MSTEE - ok
    14:23:05.0692 4372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    14:23:05.0692 4372 MTConfig - ok
    14:23:05.0707 4372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    14:23:05.0707 4372 Mup - ok
    14:23:05.0801 4372 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    14:23:05.0801 4372 N360 - ok
    14:23:05.0848 4372 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    14:23:05.0863 4372 napagent - ok
    14:23:05.0895 4372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    14:23:05.0910 4372 NativeWifiP - ok
    14:23:05.0988 4372 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130209.009\ENG64.SYS
    14:23:05.0988 4372 NAVENG - ok
    14:23:06.0066 4372 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130209.009\EX64.SYS
    14:23:06.0082 4372 NAVEX15 - ok
    14:23:06.0113 4372 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    14:23:06.0129 4372 NDIS - ok
    14:23:06.0144 4372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    14:23:06.0144 4372 NdisCap - ok
    14:23:06.0160 4372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    14:23:06.0160 4372 NdisTapi - ok
    14:23:06.0191 4372 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    14:23:06.0191 4372 Ndisuio - ok
    14:23:06.0207 4372 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    14:23:06.0207 4372 NdisWan - ok
    14:23:06.0222 4372 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    14:23:06.0222 4372 NDProxy - ok
    14:23:06.0238 4372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    14:23:06.0253 4372 NetBIOS - ok
    14:23:06.0269 4372 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    14:23:06.0269 4372 NetBT - ok
    14:23:06.0269 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    14:23:06.0269 4372 Netlogon - ok
    14:23:06.0300 4372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    14:23:06.0316 4372 Netman - ok
    14:23:06.0331 4372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    14:23:06.0331 4372 netprofm - ok
    14:23:06.0378 4372 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    14:23:06.0378 4372 netr28x - ok
    14:23:06.0409 4372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:23:06.0409 4372 NetTcpPortSharing - ok
    14:23:06.0441 4372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    14:23:06.0441 4372 nfrd960 - ok
    14:23:06.0456 4372 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    14:23:06.0456 4372 NlaSvc - ok
    14:23:06.0534 4372 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    14:23:06.0565 4372 NOBU - ok
    14:23:06.0581 4372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    14:23:06.0581 4372 Npfs - ok
    14:23:06.0597 4372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    14:23:06.0612 4372 nsi - ok
    14:23:06.0612 4372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    14:23:06.0612 4372 nsiproxy - ok
    14:23:06.0675 4372 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    14:23:06.0721 4372 Ntfs - ok
    14:23:06.0737 4372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    14:23:06.0737 4372 Null - ok
    14:23:06.0768 4372 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    14:23:06.0768 4372 nvraid - ok
    14:23:06.0799 4372 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    14:23:06.0799 4372 nvstor - ok
    14:23:06.0815 4372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    14:23:06.0815 4372 nv_agp - ok
    14:23:06.0846 4372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    14:23:06.0846 4372 ohci1394 - ok
    14:23:06.0877 4372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:23:06.0877 4372 ose - ok
    14:23:07.0049 4372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    14:23:07.0096 4372 osppsvc - ok
    14:23:07.0143 4372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    14:23:07.0143 4372 p2pimsvc - ok
    14:23:07.0158 4372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    14:23:07.0158 4372 p2psvc - ok
    14:23:07.0189 4372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    14:23:07.0189 4372 Parport - ok
    14:23:07.0221 4372 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    14:23:07.0236 4372 partmgr - ok
    14:23:07.0252 4372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    14:23:07.0252 4372 PcaSvc - ok
    14:23:07.0283 4372 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    14:23:07.0283 4372 pci - ok
    14:23:07.0314 4372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    14:23:07.0314 4372 pciide - ok
    14:23:07.0345 4372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    14:23:07.0345 4372 pcmcia - ok
    14:23:07.0501 4372 [ E6E503845208A148A9E3E7FAA63B97A4 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    14:23:07.0517 4372 PCToolsSSDMonitorSvc - ok
    14:23:07.0548 4372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    14:23:07.0548 4372 pcw - ok
    14:23:07.0564 4372 pdfcDispatcher - ok
    14:23:07.0595 4372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    14:23:07.0611 4372 PEAUTH - ok
    14:23:07.0689 4372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    14:23:07.0704 4372 PerfHost - ok
    14:23:07.0751 4372 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    14:23:07.0782 4372 pla - ok
    14:23:07.0813 4372 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    14:23:07.0813 4372 PlugPlay - ok
    14:23:07.0829 4372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    14:23:07.0829 4372 PNRPAutoReg - ok
    14:23:07.0845 4372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    14:23:07.0845 4372 PNRPsvc - ok
    14:23:07.0876 4372 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    14:23:07.0876 4372 PolicyAgent - ok
    14:23:07.0891 4372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    14:23:07.0891 4372 Power - ok
    14:23:07.0923 4372 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    14:23:07.0923 4372 PptpMiniport - ok
    14:23:07.0938 4372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    14:23:07.0938 4372 Processor - ok
    14:23:07.0969 4372 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    14:23:07.0985 4372 ProfSvc - ok
    14:23:08.0001 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:23:08.0001 4372 ProtectedStorage - ok
    14:23:08.0016 4372 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    14:23:08.0016 4372 Psched - ok
    14:23:08.0079 4372 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    14:23:08.0079 4372 PxHlpa64 - ok
    14:23:08.0125 4372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    14:23:08.0157 4372 ql2300 - ok
    14:23:08.0172 4372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    14:23:08.0172 4372 ql40xx - ok
    14:23:08.0219 4372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    14:23:08.0266 4372 QWAVE - ok
    14:23:08.0281 4372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    14:23:08.0281 4372 QWAVEdrv - ok
    14:23:08.0344 4372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    14:23:08.0375 4372 RasAcd - ok
    14:23:08.0437 4372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:23:08.0453 4372 RasAgileVpn - ok
    14:23:08.0469 4372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    14:23:08.0469 4372 RasAuto - ok
    14:23:08.0484 4372 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:23:08.0484 4372 Rasl2tp - ok
    14:23:08.0515 4372 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    14:23:08.0531 4372 RasMan - ok
    14:23:08.0547 4372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    14:23:08.0547 4372 RasPppoe - ok
    14:23:08.0578 4372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    14:23:08.0578 4372 RasSstp - ok
    14:23:08.0593 4372 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    14:23:08.0609 4372 rdbss - ok
    14:23:08.0656 4372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    14:23:08.0656 4372 rdpbus - ok
    14:23:08.0687 4372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:23:08.0687 4372 RDPCDD - ok
    14:23:08.0703 4372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    14:23:08.0703 4372 RDPENCDD - ok
    14:23:08.0718 4372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    14:23:08.0718 4372 RDPREFMP - ok
    14:23:08.0765 4372 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    14:23:08.0765 4372 RDPWD - ok
    14:23:08.0781 4372 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    14:23:08.0781 4372 rdyboost - ok
    14:23:08.0812 4372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    14:23:08.0812 4372 RemoteAccess - ok
    14:23:08.0843 4372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    14:23:08.0843 4372 RemoteRegistry - ok
    14:23:08.0968 4372 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    14:23:08.0999 4372 RoxMediaDB10 - ok
    14:23:09.0015 4372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    14:23:09.0015 4372 RpcEptMapper - ok
    14:23:09.0015 4372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    14:23:09.0015 4372 RpcLocator - ok
    14:23:09.0030 4372 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    14:23:09.0030 4372 RpcSs - ok
    14:23:09.0061 4372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    14:23:09.0061 4372 rspndr - ok
    14:23:09.0093 4372 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:23:09.0093 4372 RTL8167 - ok
    14:23:09.0108 4372 RxFilter - ok
    14:23:09.0108 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    14:23:09.0108 4372 SamSs - ok
    14:23:09.0124 4372 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    14:23:09.0124 4372 sbp2port - ok
    14:23:09.0155 4372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    14:23:09.0155 4372 SCardSvr - ok
    14:23:09.0171 4372 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    14:23:09.0171 4372 scfilter - ok
    14:23:09.0217 4372 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    14:23:09.0233 4372 Schedule - ok
    14:23:09.0249 4372 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    14:23:09.0249 4372 SCPolicySvc - ok
    14:23:09.0264 4372 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    14:23:09.0264 4372 SDRSVC - ok
    14:23:09.0295 4372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    14:23:09.0295 4372 secdrv - ok
    14:23:09.0311 4372 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    14:23:09.0311 4372 seclogon - ok
    14:23:09.0327 4372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    14:23:09.0327 4372 SENS - ok
    14:23:09.0327 4372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    14:23:09.0342 4372 SensrSvc - ok
    14:23:09.0358 4372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    14:23:09.0358 4372 Serenum - ok
    14:23:09.0373 4372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    14:23:09.0373 4372 Serial - ok
    14:23:09.0389 4372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    14:23:09.0389 4372 sermouse - ok
    14:23:09.0405 4372 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    14:23:09.0405 4372 SessionEnv - ok
    14:23:09.0420 4372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    14:23:09.0420 4372 sffdisk - ok
    14:23:09.0436 4372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    14:23:09.0436 4372 sffp_mmc - ok
    14:23:09.0436 4372 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    14:23:09.0436 4372 sffp_sd - ok
    14:23:09.0451 4372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    14:23:09.0451 4372 sfloppy - ok
    14:23:09.0483 4372 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    14:23:09.0498 4372 Sftfs - ok
    14:23:09.0576 4372 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    14:23:09.0576 4372 sftlist - ok
    14:23:09.0607 4372 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    14:23:09.0607 4372 Sftplay - ok
    14:23:09.0623 4372 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    14:23:09.0623 4372 Sftredir - ok
    14:23:09.0639 4372 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    14:23:09.0639 4372 Sftvol - ok
    14:23:09.0654 4372 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    14:23:09.0654 4372 sftvsa - ok
    14:23:09.0701 4372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    14:23:09.0701 4372 SharedAccess - ok
    14:23:09.0748 4372 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:23:09.0748 4372 ShellHWDetection - ok
    14:23:09.0763 4372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:23:09.0763 4372 SiSRaid2 - ok
    14:23:09.0795 4372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    14:23:09.0795 4372 SiSRaid4 - ok
    14:23:09.0810 4372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    14:23:09.0810 4372 Smb - ok
    14:23:09.0826 4372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    14:23:09.0841 4372 SNMPTRAP - ok
    14:23:09.0841 4372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    14:23:09.0841 4372 spldr - ok
    14:23:09.0873 4372 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    14:23:09.0888 4372 Spooler - ok
    14:23:09.0951 4372 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    14:23:09.0982 4372 sppsvc - ok
    14:23:09.0997 4372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    14:23:09.0997 4372 sppuinotify - ok
    14:23:10.0060 4372 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
    14:23:10.0075 4372 SRTSP - ok
    14:23:10.0122 4372 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
    14:23:10.0122 4372 SRTSPX - ok
    14:23:10.0169 4372 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    14:23:10.0169 4372 srv - ok
    14:23:10.0200 4372 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    14:23:10.0200 4372 srv2 - ok
    14:23:10.0231 4372 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    14:23:10.0247 4372 srvnet - ok
    14:23:10.0278 4372 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
    14:23:10.0278 4372 sscdbus - ok
    14:23:10.0356 4372 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
    14:23:10.0356 4372 sscdmdfl - ok
    14:23:10.0372 4372 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
    14:23:10.0387 4372 sscdmdm - ok
    14:23:10.0403 4372 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
    14:23:10.0403 4372 sscdserd - ok
    14:23:10.0450 4372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    14:23:10.0450 4372 SSDPSRV - ok
    14:23:10.0465 4372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    14:23:10.0481 4372 SstpSvc - ok
    14:23:10.0497 4372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    14:23:10.0512 4372 stexstor - ok
    14:23:10.0543 4372 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    14:23:10.0559 4372 stisvc - ok
    14:23:10.0621 4372 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    14:23:10.0621 4372 stllssvr - ok
    14:23:10.0653 4372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    14:23:10.0653 4372 swenum - ok
    14:23:10.0684 4372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    14:23:10.0699 4372 swprv - ok
    14:23:10.0746 4372 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
    14:23:10.0746 4372 SymDS - ok
    14:23:10.0777 4372 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
    14:23:10.0793 4372 SymEFA - ok
    14:23:10.0840 4372 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    14:23:10.0840 4372 SymEvent - ok
    14:23:10.0871 4372 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
    14:23:10.0871 4372 SymIRON - ok
    14:23:10.0902 4372 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
    14:23:10.0918 4372 SymNetS - ok
    14:23:10.0980 4372 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    14:23:11.0011 4372 SysMain - ok
    14:23:11.0011 4372 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:23:11.0027 4372 TabletInputService - ok
    14:23:11.0027 4372 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    14:23:11.0043 4372 TapiSrv - ok
    14:23:11.0043 4372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    14:23:11.0043 4372 TBS - ok
    14:23:11.0121 4372 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    14:23:11.0152 4372 Tcpip - ok
    14:23:11.0183 4372 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    14:23:11.0199 4372 TCPIP6 - ok
    14:23:11.0214 4372 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    14:23:11.0214 4372 tcpipreg - ok
    14:23:11.0245 4372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    14:23:11.0245 4372 TDPIPE - ok
    14:23:11.0277 4372 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    14:23:11.0277 4372 TDTCP - ok
    14:23:11.0292 4372 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    14:23:11.0292 4372 tdx - ok
    14:23:11.0323 4372 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    14:23:11.0323 4372 TermDD - ok
    14:23:11.0355 4372 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    14:23:11.0355 4372 TermService - ok
    14:23:11.0370 4372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    14:23:11.0370 4372 Themes - ok
    14:23:11.0386 4372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    14:23:11.0386 4372 THREADORDER - ok
    14:23:11.0448 4372 [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
    14:23:11.0448 4372 Tpkd - ok
    14:23:11.0464 4372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    14:23:11.0464 4372 TrkWks - ok
    14:23:11.0526 4372 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:23:11.0526 4372 TrustedInstaller - ok
    14:23:11.0542 4372 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:23:11.0542 4372 tssecsrv - ok
    14:23:11.0573 4372 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    14:23:11.0573 4372 tunnel - ok
    14:23:11.0604 4372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    14:23:11.0604 4372 uagp35 - ok
    14:23:11.0635 4372 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    14:23:11.0635 4372 udfs - ok
    14:23:11.0667 4372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    14:23:11.0682 4372 UI0Detect - ok
    14:23:11.0698 4372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    14:23:11.0698 4372 uliagpkx - ok
    14:23:11.0729 4372 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    14:23:11.0729 4372 umbus - ok
    14:23:11.0745 4372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    14:23:11.0745 4372 UmPass - ok
    14:23:11.0760 4372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    14:23:11.0760 4372 upnphost - ok
    14:23:11.0791 4372 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    14:23:11.0791 4372 USBAAPL64 - ok
    14:23:11.0823 4372 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    14:23:11.0823 4372 usbccgp - ok
    14:23:11.0854 4372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    14:23:11.0854 4372 usbcir - ok
    14:23:11.0885 4372 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    14:23:11.0901 4372 usbehci - ok
    14:23:11.0932 4372 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    14:23:11.0932 4372 usbfilter - ok
    14:23:11.0947 4372 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    14:23:11.0963 4372 usbhub - ok
    14:23:11.0979 4372 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    14:23:11.0979 4372 usbohci - ok
    14:23:11.0994 4372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    14:23:11.0994 4372 usbprint - ok
    14:23:12.0041 4372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    14:23:12.0041 4372 usbscan - ok
    14:23:12.0057 4372 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:23:12.0072 4372 USBSTOR - ok
    14:23:12.0103 4372 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    14:23:12.0103 4372 usbuhci - ok
    14:23:12.0119 4372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    14:23:12.0135 4372 UxSms - ok
    14:23:12.0135 4372 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    14:23:12.0135 4372 VaultSvc - ok
    14:23:12.0181 4372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    14:23:12.0181 4372 vdrvroot - ok
    14:23:12.0197 4372 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    14:23:12.0213 4372 vds - ok
    14:23:12.0228 4372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    14:23:12.0228 4372 vga - ok
    14:23:12.0259 4372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    14:23:12.0259 4372 VgaSave - ok
    14:23:12.0275 4372 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    14:23:12.0291 4372 vhdmp - ok
    14:23:12.0306 4372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    14:23:12.0306 4372 viaide - ok
    14:23:12.0337 4372 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    14:23:12.0337 4372 volmgr - ok
    14:23:12.0353 4372 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    14:23:12.0353 4372 volmgrx - ok
    14:23:12.0384 4372 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    14:23:12.0384 4372 volsnap - ok
    14:23:12.0415 4372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    14:23:12.0431 4372 vsmraid - ok
    14:23:12.0462 4372 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    14:23:12.0478 4372 VSS - ok
    14:23:12.0493 4372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    14:23:12.0493 4372 vwifibus - ok
    14:23:12.0509 4372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    14:23:12.0525 4372 vwififlt - ok
    14:23:12.0540 4372 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    14:23:12.0540 4372 vwifimp - ok
    14:23:12.0556 4372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    14:23:12.0556 4372 W32Time - ok
    14:23:12.0571 4372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    14:23:12.0571 4372 WacomPen - ok
    14:23:12.0618 4372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    14:23:12.0618 4372 WANARP - ok
    14:23:12.0618 4372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    14:23:12.0618 4372 Wanarpv6 - ok
    14:23:12.0665 4372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    14:23:12.0681 4372 WatAdminSvc - ok
    14:23:12.0743 4372 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    14:23:12.0759 4372 wbengine - ok
    14:23:12.0774 4372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    14:23:12.0774 4372 WbioSrvc - ok
    14:23:12.0821 4372 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    14:23:12.0821 4372 wcncsvc - ok
    14:23:12.0837 4372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:23:12.0852 4372 WcsPlugInService - ok
    14:23:12.0868 4372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    14:23:12.0868 4372 Wd - ok
    14:23:12.0915 4372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    14:23:12.0915 4372 Wdf01000 - ok
    14:23:12.0930 4372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    14:23:12.0946 4372 WdiServiceHost - ok
    14:23:12.0946 4372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    14:23:12.0946 4372 WdiSystemHost - ok
    14:23:12.0977 4372 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    14:23:12.0977 4372 WebClient - ok
    14:23:13.0008 4372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    14:23:13.0008 4372 Wecsvc - ok
    14:23:13.0024 4372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    14:23:13.0024 4372 wercplsupport - ok
    14:23:13.0039 4372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    14:23:13.0039 4372 WerSvc - ok
    14:23:13.0055 4372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    14:23:13.0055 4372 WfpLwf - ok
    14:23:13.0071 4372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    14:23:13.0071 4372 WIMMount - ok
    14:23:13.0071 4372 WinDefend - ok
    14:23:13.0071 4372 WinHttpAutoProxySvc - ok
    14:23:13.0117 4372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    14:23:13.0117 4372 Winmgmt - ok
    14:23:13.0180 4372 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    14:23:13.0211 4372 WinRM - ok
    14:23:13.0242 4372 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    14:23:13.0242 4372 WinUsb - ok
    14:23:13.0258 4372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    14:23:13.0273 4372 Wlansvc - ok
    14:23:13.0398 4372 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    14:23:13.0461 4372 wlidsvc - ok
    14:23:13.0476 4372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:23:13.0476 4372 WmiAcpi - ok
    14:23:13.0492 4372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    14:23:13.0492 4372 wmiApSrv - ok
    14:23:13.0523 4372 WMPNetworkSvc - ok
    14:23:13.0554 4372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    14:23:13.0554 4372 WPCSvc - ok
    14:23:13.0570 4372 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    14:23:13.0585 4372 WPDBusEnum - ok
    14:23:13.0601 4372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    14:23:13.0601 4372 ws2ifsl - ok
    14:23:13.0632 4372 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
    14:23:13.0632 4372 wscsvc - ok
    14:23:13.0648 4372 WSearch - ok
    14:23:13.0726 4372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    14:23:13.0757 4372 wuauserv - ok
    14:23:13.0773 4372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    14:23:13.0788 4372 WudfPf - ok
    14:23:13.0804 4372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:23:13.0804 4372 WUDFRd - ok
    14:23:13.0835 4372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    14:23:13.0835 4372 wudfsvc - ok
    14:23:13.0866 4372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    14:23:13.0882 4372 WwanSvc - ok
    14:23:13.0913 4372 ================ Scan global ===============================
    14:23:13.0929 4372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    14:23:13.0960 4372 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
    14:23:13.0960 4372 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
    14:23:13.0991 4372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    14:23:14.0007 4372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    14:23:14.0022 4372 [Global] - ok
    14:23:14.0022 4372 ================ Scan MBR ==================================
    14:23:14.0022 4372 [ 6C6FDFF834AA5D876C307BEE53974486 ] \Device\Harddisk0\DR0
    14:23:14.0022 4372 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    14:23:14.0085 4372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    14:23:14.0085 4372 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    14:23:14.0085 4372 ================ Scan VBR ==================================
    14:23:14.0085 4372 [ 7C515AE4B463EE2958ADC19C4F6064C8 ] \Device\Harddisk0\DR0\Partition1
    14:23:14.0085 4372 \Device\Harddisk0\DR0\Partition1 - ok
    14:23:14.0131 4372 [ 0CC704E8B83EA2A8BFAE49BF82E6DCB4 ] \Device\Harddisk0\DR0\Partition2
    14:23:14.0131 4372 \Device\Harddisk0\DR0\Partition2 - ok
    14:23:14.0163 4372 [ 076EDD9422ECC01D696B3D626001F0F2 ] \Device\Harddisk0\DR0\Partition3
    14:23:14.0178 4372 \Device\Harddisk0\DR0\Partition3 - ok
    14:23:14.0178 4372 ============================================================
    14:23:14.0178 4372 Scan finished
    14:23:14.0178 4372 ============================================================
    14:23:14.0194 4140 Detected object count: 1
    14:23:14.0194 4140 Actual detected object count: 1
    14:23:40.0527 4140 \Device\Harddisk0\DR0\# - copied to quarantine
    14:23:40.0527 4140 \Device\Harddisk0\DR0 - copied to quarantine
    14:23:40.0573 4140 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    14:23:40.0573 4140 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    14:23:40.0917 4140 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    14:23:41.0026 4140 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    14:23:41.0057 4140 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    14:23:41.0088 4140 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    14:23:41.0166 4140 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    14:23:41.0244 4140 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    14:23:41.0400 4140 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    14:23:41.0447 4140 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    14:23:41.0712 4140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    14:23:41.0743 4140 \Device\Harddisk0\DR0 - ok
    14:23:44.0473 4140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    14:24:11.0040 5920 Deinitialize success
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that fixed a very nasty boot/rootkit.
    please run Combofix again and post its new log. hopefully it will find & fix any left overs now
     
  9. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    ComboFix 13-02-12.01 - Walker 02/12/2013 15:07:19.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4032 [GMT -5:00]
    Running from: c:\users\Walker\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-12 20:19 . 2013-02-12 20:19 -------- d-----w- c:\users\Mcx1-WALKER-HP\AppData\Local\temp
    2013-02-12 20:19 . 2013-02-12 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-12 19:23 . 2013-02-12 19:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iTunes
    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files (x86)\iTunes
    2013-02-02 21:25 . 2013-02-02 21:25 -------- d-----w- c:\program files\iPod
    2013-01-14 18:59 . 2013-01-14 18:59 -------- d-----w- c:\users\Walker\048298C9A4D3490B9FF9AB023A9238F3.TMP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 16:52 . 2012-12-21 08:08 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-21 08:08 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 08:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 08:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 21:49 . 2012-02-07 02:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-07 05:41 . 2013-01-09 08:12 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 05:35 . 2013-01-09 08:12 2745856 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 05:04 . 2013-01-09 08:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 04:57 . 2013-01-09 08:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 03:45 . 2013-01-09 08:12 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 03:45 . 2013-01-09 08:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 03:45 . 2013-01-09 08:12 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 03:45 . 2013-01-09 08:12 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 03:45 . 2013-01-09 08:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 03:45 . 2013-01-09 08:12 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 03:45 . 2013-01-09 08:12 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 03:45 . 2013-01-09 08:12 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 03:45 . 2013-01-09 08:12 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 03:45 . 2013-01-09 08:12 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 03:45 . 2013-01-09 08:12 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 03:45 . 2013-01-09 08:12 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 03:21 . 2013-01-09 08:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 03:21 . 2013-01-09 08:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 03:21 . 2013-01-09 08:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 03:21 . 2013-01-09 08:12 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 03:21 . 2013-01-09 08:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 03:21 . 2013-01-09 08:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 03:21 . 2013-01-09 08:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 03:21 . 2013-01-09 08:12 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 03:21 . 2013-01-09 08:12 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 03:21 . 2013-01-09 08:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 03:21 . 2013-01-09 08:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 03:21 . 2013-01-09 08:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-11-30 05:50 . 2013-01-09 08:12 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:50 . 2013-01-09 08:12 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:50 . 2013-01-09 08:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:49 . 2013-01-09 08:12 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 05:46 . 2013-01-09 08:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:43 . 2013-01-09 08:12 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:43 . 2013-01-09 08:12 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:41 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 05:06 . 2013-01-09 08:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-11-30 05:06 . 2013-01-09 08:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:56 . 2013-01-09 08:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:56 . 2013-01-09 08:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-30 03:33 . 2013-01-09 08:12 338432 ----a-w- c:\windows\system32\conhost.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-19 39408]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    c:\users\Walker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Walker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    Elvis Calendar Widget.lnk - c:\program files (x86)\Elvis Calendar Widget\Elvis Calendar Widget.exe [N/A]
    LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600]
    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130209.002\IDSvia64.sys [2012-12-27 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 43816047
    *NewlyCreated* - 92295310
    *Deregistered* - 43816047
    *Deregistered* - 92295310
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-02 20:35 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 12:37]
    .
    2013-01-31 c:\windows\Tasks\HPCeeScheduleForWalker.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2013-02-12 c:\windows\Tasks\RMSchedule.job
    - c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-11 13:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Walker\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
    "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 798216]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-43816047.sys
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-2394937029-579550273-2574859083-1001\Software\SecuROM\License information*]
    "datasecu"=hex:ff,62,eb,da,64,59,f3,3f,c9,d1,2a,63,d1,fd,09,82,7e,7c,c6,17,46,
    3f,db,af,2f,44,90,9e,23,c1,09,1d,e2,b4,9c,d8,4f,6f,03,92,43,a4,38,d0,3d,0b,\
    "rkeysecu"=hex:76,18,61,e7,64,32,a3,b3,91,3b,1d,c5,16,b2,e2,37
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-12 15:32:27
    ComboFix-quarantined-files.txt 2013-02-12 20:32
    ComboFix2.txt 2013-02-11 21:45
    .
    Pre-Run: 846,376,960 bytes free
    Post-Run: 784,797,696 bytes free
    .
    - - End Of File - - 9310F8F1C7189C8C077CD641CECFF0B2
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that all looks clear now

    Are you having any problems still?
    If it has all cleared up then
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  11. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    I haven't gotten anymore blue screens, I uninstalled Combofix and rebooted, and then I ran Secunia, but I'm still losing disk space. Thanks alot for all of your help so far.
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    you never mentioned losing disk space before
    please give some details
     
  13. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    Well I have 1TB of space on my computer, and I think even now I'm down to less than 1GB of space. I'm not sure how quickly it got that low because I don't use that computer very often. I had been getting low disk space warnings, and whenever I did a disk cleanup it didn't seem to do anything. I uninstalled some programs and deleted some files and that would clear it up for awhile but within a day or so it would go back to giving me low disk space warnings. It got so bad that when I would run iTunes for instance, there wasn't even enough disk space for that.
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    ok lets see what this tells us & clears out

    Download Temp File Cleaner to your desktop
    Open the file and close any other windows.
    It will close all programs itself when run, make sure to let it run uninterrupted.
    Click the Start button to begin the process. The program should not take long to finish its job
    Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    If you are using Vista or Windows 7 then right click the TFC.exe & select run as Admin to allow it to work.
     
  15. kyledurgan87

    kyledurgan87 Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    11
    I ran the program and rebooted. Did you want me to post a log? If it made one I'm not sure where it is. I still have 977 MB free of 919 GB.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089031

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice