[Resolved K] Google Redirects

[ooguyx]

When I go to Google, it takes forever to load the front page (though Bing loads fast, for comparison) and when I can do a search, clicking on a result will ofter result in a redirect to some crazy site. Norton didn't detect anything, but Malwarebytes found 2 trojans though it has been unable to remove them. My logs follow. Thank you for your kindness and help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Roy at 21:45:43 on 2012-03-28
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.16375.12916 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
-netsvcs
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
mRun: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Roy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D3C4313-C792-449E-B964-117FC28206CA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2514FB6-E424-43E3-B5D2-814CE9B9B8B5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F493A48A-9382-4C17-88B9-729FE8BA826F} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64:     SmartSelect - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
mRun-x64: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\sjmr92k7.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-27 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-11 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-3 2214504]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-6-6 435528]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-7-16 24992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-3-16 240232]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-4-24 127784]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-2-4 401920]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-3-11 21480]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-16 1038088]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe [2011-12-27 43848]
S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-7-16 27584]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-03-29 04:34:10   20480   ----a-w-   C:\Windows\svchost.exe
2012-03-28 06:16:30   --------   d-----w-   C:\Users\Roy\AppData\Roaming\Malwarebytes
2012-03-19 21:58:55   5120   ----a-w-   C:\ProgramData\Microsoft\Windows\DRM\101D.tmp
2012-03-19 21:58:55   5120   ----a-w-   C:\ProgramData\Microsoft\Windows\DRM\101C.tmp
2012-03-14 07:13:59   5504880   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:13:59   3957616   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:13:58   3902320   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 03:14:57   826368   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-03-14 03:14:57   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-03-14 03:14:56   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 03:14:56   204800   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-03-11 02:09:16   --------   d-----w-   C:\Users\Roy\AppData\Roaming\Intuit
2012-03-07 04:45:31   --------   d-----w-   C:\Users\Roy\AppData\Local\Microsoft Help
.
==================== Find3M  ====================
.
2012-02-10 06:24:01   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 06:23:43   1837568   ----a-w-   C:\Windows\System32\d3d10warp.dll
2012-02-10 06:23:42   902656   ----a-w-   C:\Windows\System32\d2d1.dll
2012-02-10 06:23:42   320512   ----a-w-   C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:23:42   197120   ----a-w-   C:\Windows\System32\d3d10_1.dll
2012-02-10 05:35:40   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:35:25   739840   ----a-w-   C:\Windows\SysWow64\d2d1.dll
2012-02-10 05:35:25   218624   ----a-w-   C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35:25   161792   ----a-w-   C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:35:25   1170944   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2012-02-03 04:16:03   3143168   ----a-w-   C:\Windows\System32\win32k.sys
2012-01-28 11:01:49   0   ----a-w-   C:\Windows\ativpsrm.bin
2012-01-25 06:27:11   76288   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-01-04 09:58:13   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24   478208   ----a-w-   C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 21:46:04.22 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2010 9:41:16 AM
System Uptime: 3/28/2012 9:32:39 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | P55-GD65 (MS-7583)  
Processor: Intel(R) Core(TM) i7 CPU         860  @ 2.80GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 831 GiB total, 584.049 GiB free.
D: is CDROM ()
M: is FIXED (NTFS) - 100 GiB total, 2.208 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP429: 3/13/2012 11:48:53 PM - Scheduled Checkpoint
RP430: 3/14/2012 12:05:23 AM - Windows Update
RP431: 3/21/2012 2:17:47 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.4 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe Captivate 4
Adobe Captivate Reviewer 1.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 5 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer 2
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Games & Software Downloader
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Bamboo
Batch Update
BeerSmith
Bible Data Type System Files
BibleWorks 6
BibleWorks 6 Supplemental
Book Collector
Buddy for Barry
BufferChm
C4700
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Clause Visualizer
Collectorz.com Book Collector
Common System Files
Connect
ControlCenter
Crystal Reports 2008 Runtime SP1
Crystal Reports for Visual Studio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition
Feedback Tool
Global Trading System Pro UK
Graphical Query Editor
gretl version 1.9.7cvs
Gtk+ Runtime Environment 2.6.10-rc1
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
HPPhotoGadget
hpWLPGInstaller
Intuit Statement Writer 2011
Java Auto Updater
Java(TM) 6 Update 26
kuler
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LightScribe System Software
LLS Resource Driver
Logos 4 Prerequisites
Logos Bible Software 4
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Studio 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2005
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft UI Engine
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Moneydance 2011.791
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
Nero 8 Essentials
neroxml
Network Recording Player
Norton Internet Security
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OEB Resource Driver
PC Wizard 2010.1.96
PDF Resource Driver
PDF Settings CS4
PDF Settings CS5
Peachtree Accounting 2012
Peachtree Signature Ready Forms
Pervasive PSQL v10 SP2 Workgroup (32-bit)
Photoshop Camera Raw
Pixel Bender Toolkit
PL-2303 USB-to-Serial
PS_AIO_06_C4700_SW_Min
Pure Networks Platform
PxMergeModule
QuickBooks
QuickBooks Enterprise Solutions: Accountant Edition 11.0
QuickBooks Premier: Accountant Edition 2011
QuickBooks Pro 2010
Quicken 2009
Quicken 2011
QuickTime
Realtek High Definition Audio Driver
Safari
Sage Integration Services
Samsung AllShare
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Expression Design 3 (KB2667727)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Sentence Diagramming
Sid Meier's Civilization 4
Simply Accounting by Sage 2009
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
Symantec Technical Support Web Controls
System Requirements Lab
TeleChart 2007
THE SETTLERS - Rise of an Empire
TiEmu 3.02a
Toolbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VCRedistSetup
VersaCheck Platinum 2010
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VitalSource Bookshelf
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Wolfram Notebook Indexer 2.0
WPF Toolkit June 2009 (Version 3.5.40619.1)
YNAB 3
Z 39.50 Library
.
==== Event Viewer Messages From Past Week ========
.
3/28/2012 9:40:47 PM, Error: Service Control Manager [7022]  - The HP Network Devices Support service hung on starting.
3/28/2012 9:38:42 PM, Error: Service Control Manager [7022]  - The Windows Font Cache Service service hung on starting.
3/28/2012 9:33:12 PM, Error: Service Control Manager [7000]  - The atksgt service failed to start due to the following error:  This driver has been blocked from loading
3/28/2012 9:33:12 PM, Error: Application Popup [875]  - Driver atksgt.sys has been blocked from loading.
3/28/2012 12:14:24 AM, Error: Service Control Manager [7016]  - The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
3/27/2012 11:37:01 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/25/2012 11:31:51 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.
3/25/2012 11:31:51 PM, Error: Service Control Manager [7000]  - The Pure Networks Platform Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/21/2012 12:27:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff8000369ff9a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-61199-01.
.
==== End Of File ===========================

[kevinf80]

Hello ooguyx and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

• Ensure that Combofix is saved directly to the Desktop <--- Very important
  
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  
  
• Close any open browsers and any other programs you might have running
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  
  
• Instructions for running Combofix available Here if required.
  
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

[ooguyx]

ComboFix 12-03-29.02 - Roy 03/29/2012  20:10:21.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.16375.13336 [GMT -7:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Investments\AppData\Local\assembly\tmp
c:\users\Investments\g2mdlhlpx.exe
c:\users\R Roy\g2mdlhlpx.exe
c:\users\Roy\AppData\Local\assembly\tmp
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\1704JohnSRealtyQuickBooks2010Feb1220121056PMpffcenter.html
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\1704JohnSRealtyQuickBooks2010Feb1220121056PMreviewDialog.html
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\1704JohnSRealtyQuickBooks2010Feb1220121056PMreviewNotesPopUp.html
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\1704JohnSRealtyQuickBooks2010Feb1220121056PMtaskNotesDialog.html
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\1704JohnSRealtyQuickBooks2010Feb1220121056PMviewChanges.html
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\Roy\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\1144sampleservicebasedbusinesspffcenter.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\1144sampleservicebasedbusinessreviewDialog.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\1144sampleservicebasedbusinessreviewNotesPopUp.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\1144sampleservicebasedbusinesstaskNotesDialog.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\5600sampleservicebasedbusinesspffcenter.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\5600sampleservicebasedbusinessreviewDialog.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\5600sampleservicebasedbusinessreviewNotesPopUp.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\5600sampleservicebasedbusinesstaskNotesDialog.html
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\SS Bookkeeping\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\Stephanie\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-28 to 2012-03-30  )))))))))))))))))))))))))))))))
.
.
2012-03-30 03:39 . 2012-03-30 03:39   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 03:39 . 2012-03-30 03:39   --------   d-----w-   c:\users\R Roy\AppData\Local\temp
2012-03-30 03:37 . 2012-03-30 03:37   --------   d-----w-   c:\users\Stephanie\AppData\Local\temp
2012-03-30 03:37 . 2012-03-30 03:37   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-03-30 03:36 . 2012-03-30 03:36   --------   d-----w-   c:\users\SS Bookkeeping\AppData\Local\temp
2012-03-30 03:36 . 2012-03-30 03:36   --------   d-----w-   c:\users\Investments\AppData\Local\temp
2012-03-29 04:34 . 2009-07-14 01:14   20480   ----a-w-   c:\windows\svchost.exe
2012-03-28 06:16 . 2012-03-28 06:16   --------   d-----w-   c:\users\Roy\AppData\Roaming\Malwarebytes
2012-03-22 01:22 . 2012-03-22 01:22   --------   d-----w-   c:\users\Investments\AppData\Roaming\Intuit
2012-03-19 21:58 . 2012-03-19 21:58   5120   ----a-w-   c:\programdata\Microsoft\Windows\DRM\101D.tmp
2012-03-19 21:58 . 2012-03-19 21:58   5120   ----a-w-   c:\programdata\Microsoft\Windows\DRM\101C.tmp
2012-03-19 03:30 . 2012-03-30 03:36   --------   d-----w-   c:\users\Stephanie\AppData\Local\assembly
2012-03-14 07:13 . 2011-11-19 18:30   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-14 07:13 . 2011-11-19 14:25   3957616   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:13 . 2011-11-19 14:25   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 03:14 . 2012-02-15 06:27   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-14 03:14 . 2012-02-15 05:44   826368   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-14 03:14 . 2012-02-15 04:47   204800   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:14 . 2012-02-15 04:46   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-11 02:09 . 2012-03-11 02:09   --------   d-----w-   c:\users\Roy\AppData\Roaming\Intuit
2012-03-07 04:45 . 2012-03-07 04:45   --------   d-----w-   c:\users\Roy\AppData\Local\Microsoft Help
2012-03-05 04:36 . 2012-03-30 03:36   --------   d-----w-   c:\users\Investments\AppData\Local\assembly
2012-03-05 00:09 . 2012-03-05 00:09   --------   d-----w-   c:\users\Investments\AppData\Local\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 07:10 . 2010-04-23 08:30   2378112   ----a-w-   c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-04 09:58 . 2012-02-15 14:06   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 14:06   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 14:06   515584   ----a-w-   c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 14:06   478208   ----a-w-   c:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-02-25 2387968]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2011-07-16 282512]
"PeachtreePrefetcher.exe"="c:\program files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe" [2011-12-27 30024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [N/A]
.
c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-30 5828952]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE [2011-7-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-17 1038088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files (x86)\Sage\Peachtree\SmartPostingService2012.exe [2011-12-27 43848]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-07-16 27584]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120329.002\IDSvia64.sys [2012-03-07 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2011-12-29 435528]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-07-16 24992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 19:12   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1602122284-1893905979-354898507-1000Core.job
- c:\users\R Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-17 05:11]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1602122284-1893905979-354898507-1000UA.job
- c:\users\R Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-17 05:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\sjmr92k7.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ConnectionManager - c:\program files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
ShellIconOverlayIdentifiers-{D25B32FE-CB96-491A-98FF-AD59DA382D69} - c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
ShellIconOverlayIdentifiers-{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} - c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
ShellIconOverlayIdentifiers-{B3C78E40-6B64-47C3-AE34-60B770881EB8} - c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
ShellIconOverlayIdentifiers-{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} - c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
ShellIconOverlayIdentifiers-{855156F0-2A0F-11DE-8C30-0800200C9A66} - c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-03-29  20:57:50 - machine was rebooted
ComboFix-quarantined-files.txt  2012-03-30 03:57
.
Pre-Run: 626,814,693,376 bytes free
Post-Run: 663,094,411,264 bytes free
.
- - End Of File - - FC26BFD11447C5534ACDEFE65EDFC849

[kevinf80]

Hiya ooguyx,

Combofix has done a lot of work, it has not however killed off the rootkit, it does identify its presence. Run the following please:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Doubleclick on TDSSKiller.exe to run the application.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, then click OK
  
  
  
  
• Select “Scan”
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Next,

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those two logs, also give an update of issues/concerns...

Thanks,

Kevin... :t

[ooguyx]

Here are the logs. How can I be sure that this root kit is removed?

Both logs are too long so I will post the 1/2 TDS here then the other hald and the MWB one next.

18:58:29.0617 9044   TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:58:30.0257 9044   ============================================================
18:58:30.0257 9044   Current date / time: 2012/03/30 18:58:30.0257
18:58:30.0257 9044   SystemInfo:
18:58:30.0257 9044   
18:58:30.0257 9044   OS Version: 6.1.7600 ServicePack: 0.0
18:58:30.0257 9044   Product type: Workstation
18:58:30.0257 9044   ComputerName: MARTINFAMILYPC
18:58:30.0257 9044   UserName: Roy
18:58:30.0257 9044   Windows directory: C:\Windows
18:58:30.0257 9044   System windows directory: C:\Windows
18:58:30.0257 9044   Running under WOW64
18:58:30.0257 9044   Processor architecture: Intel x64
18:58:30.0257 9044   Number of processors: 8
18:58:30.0257 9044   Page size: 0x1000
18:58:30.0257 9044   Boot type: Normal boot
18:58:30.0257 9044   ============================================================
18:58:31.0737 9044   Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:31.0747 9044   \Device\Harddisk0\DR0:
18:58:31.0747 9044   MBR used
18:58:31.0747 9044   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:58:31.0747 9044   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x67ED3800
18:58:31.0747 9044   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x67F06000, BlocksNum 0xC7FF800
18:58:31.0807 9044   Initialize success
18:58:31.0807 9044   ============================================================
18:58:46.0438 7400   ============================================================
18:58:46.0438 7400   Scan started
18:58:46.0438 7400   Mode: Manual; SigCheck; TDLFS;
18:58:46.0438 7400   ============================================================
18:58:47.0638 7400   1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:58:47.0758 7400   1394ohci - ok
18:58:47.0788 7400   ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:58:47.0818 7400   ACPI - ok
18:58:47.0828 7400   AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:58:47.0878 7400   AcpiPmi - ok
18:58:47.0918 7400   adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
18:58:50.0989 7400   adfs - ok
18:58:51.0089 7400   Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:58:51.0109 7400   Adobe Version Cue CS4 - ok
18:58:51.0149 7400   adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:58:51.0179 7400   adp94xx - ok
18:58:51.0209 7400   adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:58:51.0229 7400   adpahci - ok
18:58:51.0399 7400   adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:58:51.0419 7400   adpu320 - ok
18:58:51.0449 7400   AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:58:51.0529 7400   AeLookupSvc - ok
18:58:51.0609 7400   AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:58:51.0659 7400   AFD - ok
18:58:51.0689 7400   agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:58:51.0699 7400   agp440 - ok
18:58:51.0719 7400   ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:58:51.0759 7400   ALG - ok
18:58:51.0769 7400   aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:58:51.0779 7400   aliide - ok
18:58:51.0849 7400   Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
18:58:51.0869 7400   Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning
18:58:51.0869 7400   Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)
18:58:51.0959 7400   AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
18:58:52.0019 7400   AMD External Events Utility - ok
18:58:52.0039 7400   amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:58:52.0049 7400   amdide - ok
18:58:52.0069 7400   AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:58:52.0119 7400   AmdK8 - ok
18:58:52.0329 7400   amdkmdag        (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
18:58:52.0559 7400   amdkmdag - ok
18:58:52.0579 7400   amdkmdap        (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:58:52.0599 7400   amdkmdap - ok
18:58:52.0629 7400   AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:58:52.0659 7400   AmdPPM - ok
18:58:52.0709 7400   amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:58:52.0729 7400   amdsata - ok
18:58:52.0739 7400   amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:58:52.0769 7400   amdsbs - ok
18:58:52.0779 7400   amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:58:52.0789 7400   amdxata - ok
18:58:52.0809 7400   AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:58:52.0829 7400   AppID - ok
18:58:52.0849 7400   AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:58:52.0899 7400   AppIDSvc - ok
18:58:52.0929 7400   Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:58:52.0939 7400   Appinfo - ok
18:58:52.0979 7400   Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:58:52.0999 7400   Apple Mobile Device - ok
18:58:53.0029 7400   AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:58:53.0069 7400   AppMgmt - ok
18:58:53.0129 7400   arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:58:53.0149 7400   arc - ok
18:58:53.0159 7400   arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:58:53.0179 7400   arcsas - ok
18:58:53.0279 7400   aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:58:53.0299 7400   aspnet_state - ok
18:58:53.0329 7400   AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:58:53.0399 7400   AsyncMac - ok
18:58:53.0409 7400   atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:58:53.0429 7400   atapi - ok
18:58:53.0479 7400   AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
18:58:53.0489 7400   AtiHDAudioService - ok
18:58:53.0549 7400   atksgt          (f88ef61bcd43addf2c9555430c16cd96) C:\Windows\system32\DRIVERS\atksgt.sys
18:58:53.0569 7400   atksgt - ok
18:58:53.0599 7400   AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:58:53.0679 7400   AudioEndpointBuilder - ok
18:58:53.0709 7400   AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:58:53.0739 7400   AudioSrv - ok
18:58:53.0749 7400   AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:58:53.0789 7400   AxInstSV - ok
18:58:53.0819 7400   b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:58:53.0849 7400   b06bdrv - ok
18:58:53.0869 7400   b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:58:53.0889 7400   b57nd60a - ok
18:58:53.0909 7400   BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:58:53.0919 7400   BDESVC - ok
18:58:53.0929 7400   Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:58:53.0969 7400   Beep - ok
18:58:54.0059 7400   BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:58:54.0119 7400   BFE - ok
18:58:54.0289 7400   BHDrvx64        (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
18:58:54.0319 7400   BHDrvx64 - ok
18:58:54.0349 7400   BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:58:54.0399 7400   BITS - ok
18:58:54.0409 7400   blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:58:54.0429 7400   blbdrive - ok
18:58:54.0519 7400   Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:58:54.0539 7400   Bonjour Service - ok
18:58:54.0579 7400   bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:58:54.0619 7400   bowser - ok
18:58:54.0629 7400   BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:58:54.0669 7400   BrFiltLo - ok
18:58:54.0689 7400   BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:58:54.0709 7400   BrFiltUp - ok
18:58:54.0739 7400   BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:58:54.0809 7400   BridgeMP - ok
18:58:54.0829 7400   Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:58:54.0869 7400   Browser - ok
18:58:54.0889 7400   Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:58:54.0919 7400   Brserid - ok
18:58:54.0929 7400   BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:58:54.0939 7400   BrSerWdm - ok
18:58:54.0949 7400   BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:58:54.0979 7400   BrUsbMdm - ok
18:58:54.0999 7400   BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:58:55.0009 7400   BrUsbSer - ok
18:58:55.0019 7400   BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:58:55.0049 7400   BTHMODEM - ok
18:58:55.0069 7400   bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:58:55.0149 7400   bthserv - ok
18:58:55.0169 7400   catchme - ok
18:58:55.0189 7400   cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:58:55.0219 7400   cdfs - ok
18:58:55.0249 7400   cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:58:55.0259 7400   cdrom - ok
18:58:55.0289 7400   CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:58:55.0339 7400   CertPropSvc - ok
18:58:55.0349 7400   circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:58:55.0369 7400   circlass - ok
18:58:55.0389 7400   CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:58:55.0409 7400   CLFS - ok
18:58:55.0459 7400   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:58:55.0479 7400   clr_optimization_v2.0.50727_32 - ok
18:58:55.0529 7400   clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:58:55.0539 7400   clr_optimization_v2.0.50727_64 - ok
18:58:55.0619 7400   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:58:55.0639 7400   clr_optimization_v4.0.30319_32 - ok
18:58:55.0649 7400   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:58:55.0669 7400   clr_optimization_v4.0.30319_64 - ok
18:58:55.0689 7400   CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:58:55.0729 7400   CmBatt - ok
18:58:55.0759 7400   cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:58:55.0769 7400   cmdide - ok
18:58:55.0809 7400   CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:58:55.0849 7400   CNG - ok
18:58:55.0849 7400   Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:58:55.0859 7400   Compbatt - ok
18:58:55.0879 7400   CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:58:55.0910 7400   CompositeBus - ok
18:58:55.0910 7400   COMSysApp - ok
18:58:55.0990 7400   cpuz134         (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
18:58:56.0000 7400   cpuz134 - ok
18:58:56.0060 7400   cpuz135         (ccb09eb78e047c931708149992c2e435) C:\Windows\system32\drivers\cpuz135_x64.sys
18:58:56.0070 7400   cpuz135 - ok
18:58:56.0090 7400   crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:58:56.0100 7400   crcdisk - ok
18:58:56.0130 7400   CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:58:56.0190 7400   CryptSvc - ok
18:58:56.0220 7400   CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
18:58:56.0240 7400   CSC - ok
18:58:56.0260 7400   CscService      (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
18:58:56.0320 7400   CscService - ok
18:58:56.0350 7400   ctxusbm         (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:58:56.0370 7400   ctxusbm - ok
18:58:56.0430 7400   DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:58:56.0490 7400   DcomLaunch - ok
18:58:56.0520 7400   defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:58:56.0550 7400   defragsvc - ok
18:58:56.0590 7400   DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:58:56.0620 7400   DfsC - ok
18:58:56.0660 7400   Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:58:56.0700 7400   Dhcp - ok
18:58:56.0710 7400   discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:58:56.0760 7400   discache - ok
18:58:56.0780 7400   Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:58:56.0780 7400   Disk - ok
18:58:56.0820 7400   Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:58:56.0850 7400   Dnscache - ok
18:58:56.0860 7400   dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:58:56.0900 7400   dot3svc - ok
18:58:56.0940 7400   Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:58:56.0970 7400   Dot4 - ok
18:58:57.0010 7400   Dot4Print       (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:58:57.0040 7400   Dot4Print - ok
18:58:57.0060 7400   dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:58:57.0090 7400   dot4usb - ok
18:58:57.0110 7400   DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:58:57.0150 7400   DPS - ok
18:58:57.0190 7400   drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:58:57.0200 7400   drmkaud - ok
18:58:57.0250 7400   DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:58:57.0270 7400   DXGKrnl - ok
18:58:57.0310 7400   EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:58:57.0340 7400   EapHost - ok
18:58:57.0410 7400   ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:58:57.0520 7400   ebdrv - ok
18:58:57.0590 7400   eeCtrl          (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:58:57.0610 7400   eeCtrl - ok
18:58:57.0650 7400   EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:58:57.0700 7400   EFS - ok
18:58:57.0750 7400   ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:58:57.0780 7400   ehRecvr - ok
18:58:57.0800 7400   ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:58:57.0830 7400   ehSched - ok
18:58:57.0850 7400   elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:58:57.0880 7400   elxstor - ok
18:58:57.0940 7400   EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:58:57.0950 7400   EraserUtilRebootDrv - ok
18:58:57.0960 7400   ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:58:57.0970 7400   ErrDev - ok
18:58:58.0000 7400   EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:58:58.0040 7400   EventSystem - ok
18:58:58.0070 7400   exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:58:58.0110 7400   exfat - ok
18:58:58.0130 7400   fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:58:58.0180 7400   fastfat - ok
18:58:58.0210 7400   Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:58:58.0220 7400   Fax - ok
18:58:58.0240 7400   fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:58:58.0250 7400   fdc - ok
18:58:58.0260 7400   fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:58:58.0290 7400   fdPHost - ok
18:58:58.0290 7400   FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:58:58.0330 7400   FDResPub - ok
18:58:58.0350 7400   FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:58:58.0360 7400   FileInfo - ok
18:58:58.0370 7400   Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:58:58.0390 7400   Filetrace - ok
18:58:58.0430 7400   FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:58:58.0440 7400   FLEXnet Licensing Service - ok
18:58:58.0500 7400   FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:58:58.0520 7400   FLEXnet Licensing Service 64 - ok
18:58:58.0530 7400   flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:58:58.0550 7400   flpydisk - ok
18:58:58.0580 7400   FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:58:58.0590 7400   FltMgr - ok
18:58:58.0640 7400   FontCache       (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
18:58:58.0660 7400   FontCache - ok
18:58:58.0710 7400   FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:58:58.0720 7400   FontCache3.0.0.0 - ok
18:58:58.0740 7400   FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:58:58.0760 7400   FsDepends - ok
18:58:58.0770 7400   Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:58:58.0780 7400   Fs_Rec - ok
18:58:58.0800 7400   fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:58:58.0820 7400   fvevol - ok
18:58:58.0840 7400   gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:58:58.0840 7400   gagp30kx - ok
18:58:58.0890 7400   GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:58:58.0890 7400   GEARAspiWDM - ok
18:58:58.0920 7400   gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:58:58.0940 7400   gpsvc - ok
18:58:58.0950 7400   hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:58:58.0970 7400   hcw85cir - ok
18:58:59.0020 7400   HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:58:59.0060 7400   HdAudAddService - ok
18:58:59.0090 7400   HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:58:59.0130 7400   HDAudBus - ok
18:58:59.0140 7400   HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:58:59.0170 7400   HidBatt - ok
18:58:59.0190 7400   HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:58:59.0220 7400   HidBth - ok
18:58:59.0250 7400   HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:58:59.0280 7400   HidIr - ok
18:58:59.0300 7400   hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:58:59.0330 7400   hidserv - ok
18:58:59.0340 7400   HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:58:59.0370 7400   HidUsb - ok
18:58:59.0400 7400   hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:58:59.0440 7400   hkmsvc - ok
18:58:59.0460 7400   HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:58:59.0470 7400   HomeGroupListener - ok
18:58:59.0510 7400   HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:58:59.0530 7400   HomeGroupProvider - ok
18:58:59.0550 7400   HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:58:59.0560 7400   HpSAMD - ok
18:58:59.0700 7400   HPSLPSVC        (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:58:59.0730 7400   HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
18:58:59.0730 7400   HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
18:58:59.0760 7400   HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:58:59.0820 7400   HTTP - ok
18:58:59.0840 7400   hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:58:59.0850 7400   hwpolicy - ok
18:58:59.0870 7400   i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:58:59.0890 7400   i8042prt - ok
18:58:59.0941 7400   iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:58:59.0971 7400   iaStorV - ok
18:59:00.0051 7400   idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:00.0091 7400   idsvc - ok
18:59:00.0211 7400   IDSVia64        (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120330.002\IDSvia64.sys
18:59:00.0231 7400   IDSVia64 - ok
18:59:00.0251 7400   iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:59:00.0251 7400   iirsp - ok
18:59:00.0281 7400   IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:59:00.0331 7400   IKEEXT - ok
18:59:00.0411 7400   IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
18:59:00.0451 7400   IntcAzAudAddService - ok
18:59:00.0461 7400   intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:59:00.0471 7400   intelide - ok
18:59:00.0491 7400   intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:59:00.0511 7400   intelppm - ok
18:59:00.0541 7400   IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:59:00.0581 7400   IPBusEnum - ok
18:59:00.0601 7400   IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:00.0661 7400   IpFilterDriver - ok
18:59:00.0701 7400   iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:59:00.0731 7400   iphlpsvc - ok
18:59:00.0751 7400   IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:59:00.0771 7400   IPMIDRV - ok
18:59:00.0771 7400   IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:59:00.0801 7400   IPNAT - ok
18:59:00.0881 7400   iPod Service    (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
18:59:00.0901 7400   iPod Service - ok
18:59:00.0921 7400   IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:59:00.0931 7400   IRENUM - ok
18:59:00.0941 7400   isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:59:00.0951 7400   isapnp - ok
18:59:00.0971 7400   iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:59:00.0991 7400   iScsiPrt - ok
18:59:01.0001 7400   kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:01.0011 7400   kbdclass - ok
18:59:01.0021 7400   kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:59:01.0031 7400   kbdhid - ok
18:59:01.0061 7400   KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:59:01.0071 7400   KeyIso - ok
18:59:01.0091 7400   KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:59:01.0101 7400   KSecDD - ok
18:59:01.0111 7400   KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:59:01.0121 7400   KSecPkg - ok
18:59:01.0131 7400   ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:59:01.0171 7400   ksthunk - ok
18:59:01.0201 7400   KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:59:01.0241 7400   KtmRm - ok
18:59:01.0291 7400   LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:59:01.0331 7400   LanmanServer - ok
18:59:01.0361 7400   LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:59:01.0421 7400   LanmanWorkstation - ok
18:59:01.0491 7400   LightScribeService (9dbafd6106ee59d548aa1b0c144799ef) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:59:01.0511 7400   LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:59:01.0511 7400   LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:59:01.0551 7400   lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
18:59:01.0561 7400   lirsgt - ok
18:59:01.0581 7400   lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:59:01.0651 7400   lltdio - ok
18:59:01.0681 7400   lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:59:01.0711 7400   lltdsvc - ok
18:59:01.0721 7400   lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:59:01.0741 7400   lmhosts - ok
18:59:01.0771 7400   LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:01.0781 7400   LSI_FC - ok
18:59:01.0801 7400   LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:01.0811 7400   LSI_SAS - ok
18:59:01.0841 7400   LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:01.0851 7400   LSI_SAS2 - ok
18:59:01.0871 7400   LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:01.0881 7400   LSI_SCSI - ok
18:59:01.0901 7400   luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:59:01.0951 7400   luafv - ok
18:59:02.0021 7400   MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:59:02.0041 7400   MBAMProtector - ok
18:59:02.0131 7400   MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:59:02.0161 7400   MBAMService - ok
18:59:02.0181 7400   MBfilt          (8d62ec55b413a2ed1ddfde1891993719) C:\Windows\system32\drivers\MBfilt64.sys
18:59:02.0191 7400   MBfilt - ok
18:59:02.0211 7400   Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:59:02.0221 7400   Mcx2Svc - ok
18:59:02.0251 7400   megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:59:02.0251 7400   megasas - ok
18:59:02.0281 7400   MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:02.0291 7400   MegaSR - ok
18:59:02.0331 7400   MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:59:02.0401 7400   MMCSS - ok
18:59:02.0421 7400   Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:59:02.0471 7400   Modem - ok
18:59:02.0541 7400   monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:59:02.0571 7400   monitor - ok
18:59:02.0591 7400   mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:59:02.0611 7400   mouclass - ok
18:59:02.0621 7400   mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:59:02.0641 7400   mouhid - ok
18:59:02.0661 7400   mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:59:02.0671 7400   mountmgr - ok
18:59:02.0691 7400   mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:59:02.0711 7400   mpio - ok
18:59:02.0731 7400   mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:59:02.0761 7400   mpsdrv - ok
18:59:02.0781 7400   MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:59:02.0831 7400   MpsSvc - ok
18:59:02.0851 7400   MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:59:02.0871 7400   MRxDAV - ok
18:59:02.0901 7400   mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:02.0941 7400   mrxsmb - ok
18:59:02.0981 7400   mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:03.0031 7400   mrxsmb10 - ok
18:59:03.0061 7400   mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:03.0091 7400   mrxsmb20 - ok
18:59:03.0111 7400   msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:59:03.0121 7400   msahci - ok
18:59:03.0131 7400   msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:59:03.0141 7400   msdsm - ok
18:59:03.0171 7400   MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:59:03.0181 7400   MSDTC - ok
18:59:03.0201 7400   Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:59:03.0221 7400   Msfs - ok
18:59:03.0241 7400   mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:59:03.0271 7400   mshidkmdf - ok
18:59:03.0291 7400   msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:59:03.0301 7400   msisadrv - ok
18:59:03.0341 7400   MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:59:03.0411 7400   MSiSCSI - ok
18:59:03.0421 7400   msiserver - ok
18:59:03.0451 7400   MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:59:03.0491 7400   MSKSSRV - ok
18:59:03.0521 7400   MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:03.0551 7400   MSPCLOCK - ok
18:59:03.0571 7400   MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:59:03.0611 7400   MSPQM - ok
18:59:03.0631 7400   MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:59:03.0641 7400   MsRPC - ok
18:59:03.0651 7400   mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:59:03.0661 7400   mssmbios - ok
18:59:03.0731 7400   MSSQL$SQLEXPRESS - ok
18:59:03.0791 7400   MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:59:03.0801 7400   MSSQLServerADHelper100 - ok
18:59:03.0821 7400   MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:59:03.0881 7400   MSTEE - ok
18:59:03.0901 7400   MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:03.0911 7400   MTConfig - ok
18:59:03.0941 7400   Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:59:03.0951 7400   Mup - ok
18:59:03.0981 7400   napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:59:04.0031 7400   napagent - ok
18:59:04.0071 7400   NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:59:04.0091 7400   NativeWifiP - ok
18:59:04.0231 7400   NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120330.002\ENG64.SYS
18:59:04.0241 7400   NAVENG - ok
18:59:04.0291 7400   NAVEX15         (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120330.002\EX64.SYS
18:59:04.0321 7400   NAVEX15 - ok
18:59:04.0361 7400   NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:59:04.0381 7400   NDIS - ok
18:59:04.0391 7400   NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:04.0421 7400   NdisCap - ok
18:59:04.0441 7400   NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:04.0461 7400   NdisTapi - ok
18:59:04.0471 7400   Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:04.0501 7400   Ndisuio - ok
18:59:04.0511 7400   NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:04.0541 7400   NdisWan - ok
18:59:04.0561 7400   NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:59:04.0591 7400   NDProxy - ok
18:59:04.0641 7400   Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
18:59:04.0651 7400   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:59:04.0651 7400   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:59:04.0661 7400   NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:59:04.0721 7400   NetBIOS - ok
18:59:04.0751 7400   NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

[ooguyx]

2nd half.....
18:59:04.0811 7400   NetBT - ok
18:59:04.0841 7400   Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:59:04.0851 7400   Netlogon - ok
18:59:04.0881 7400   Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:59:04.0921 7400   Netman - ok
18:59:05.0011 7400   NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:05.0021 7400   NetMsmqActivator - ok
18:59:05.0031 7400   NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:05.0051 7400   NetPipeActivator - ok
18:59:05.0081 7400   netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:59:05.0131 7400   netprofm - ok
18:59:05.0181 7400   netr28x         (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
18:59:05.0211 7400   netr28x - ok
18:59:05.0221 7400   NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:05.0221 7400   NetTcpActivator - ok
18:59:05.0231 7400   NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:05.0231 7400   NetTcpPortSharing - ok
18:59:05.0261 7400   nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:05.0271 7400   nfrd960 - ok
18:59:05.0341 7400   NIS             (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
18:59:05.0361 7400   NIS - ok
18:59:05.0391 7400   NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:59:05.0421 7400   NlaSvc - ok
18:59:05.0491 7400   NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
18:59:05.0521 7400   NMIndexingService - ok
18:59:05.0561 7400   nmservice       (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
18:59:05.0591 7400   nmservice - ok
18:59:05.0601 7400   Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:59:05.0651 7400   Npfs - ok
18:59:05.0671 7400   nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:59:05.0711 7400   nsi - ok
18:59:05.0721 7400   nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:59:05.0751 7400   nsiproxy - ok
18:59:05.0811 7400   Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:59:05.0881 7400   Ntfs - ok
18:59:05.0901 7400   Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:59:05.0971 7400   Null - ok
18:59:06.0001 7400   NVHDA           (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
18:59:06.0011 7400   NVHDA - ok
18:59:06.0241 7400   nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:59:06.0381 7400   nvlddmkm - ok
18:59:06.0421 7400   nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:59:06.0441 7400   nvraid - ok
18:59:06.0471 7400   nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:59:06.0491 7400   nvstor - ok
18:59:06.0531 7400   nvsvc           (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
18:59:06.0571 7400   nvsvc - ok
18:59:06.0661 7400   nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:59:06.0751 7400   nvUpdatusService - ok
18:59:06.0771 7400   nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:59:06.0781 7400   nv_agp - ok
18:59:06.0791 7400   ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:59:06.0801 7400   ohci1394 - ok
18:59:06.0871 7400   ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:06.0891 7400   ose - ok
18:59:07.0042 7400   osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:59:07.0192 7400   osppsvc - ok
18:59:07.0212 7400   p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:59:07.0232 7400   p2pimsvc - ok
18:59:07.0242 7400   p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:59:07.0262 7400   p2psvc - ok
18:59:07.0272 7400   Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:59:07.0272 7400   Parport - ok
18:59:07.0292 7400   partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:59:07.0302 7400   partmgr - ok
18:59:07.0322 7400   PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:59:07.0342 7400   PcaSvc - ok
18:59:07.0362 7400   pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:59:07.0372 7400   pci - ok
18:59:07.0392 7400   pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:59:07.0392 7400   pciide - ok
18:59:07.0422 7400   pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:07.0432 7400   pcmcia - ok
18:59:07.0442 7400   pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:59:07.0452 7400   pcw - ok
18:59:07.0512 7400   Peachtree SmartPosting 2012 (d87c58dd652df387c4e9a0f9ce595d69) C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe
18:59:07.0522 7400   Peachtree SmartPosting 2012 - ok
18:59:07.0552 7400   PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:59:07.0622 7400   PEAUTH - ok
18:59:07.0662 7400   PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:59:07.0682 7400   PeerDistSvc - ok
18:59:07.0732 7400   PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:59:07.0762 7400   PerfHost - ok
18:59:07.0812 7400   pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:59:07.0902 7400   pla - ok
18:59:07.0972 7400   PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:59:08.0002 7400   PlugPlay - ok
18:59:08.0092 7400   Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
18:59:08.0102 7400   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:59:08.0102 7400   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:59:08.0142 7400   pnarp           (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
18:59:08.0152 7400   pnarp - ok
18:59:08.0172 7400   PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:59:08.0202 7400   PNRPAutoReg - ok
18:59:08.0212 7400   PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:59:08.0232 7400   PNRPsvc - ok
18:59:08.0312 7400   PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:59:08.0362 7400   PolicyAgent - ok
18:59:08.0392 7400   Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:59:08.0432 7400   Power - ok
18:59:08.0462 7400   PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:59:08.0502 7400   PptpMiniport - ok
18:59:08.0522 7400   Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:59:08.0532 7400   Processor - ok
18:59:08.0562 7400   ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:59:08.0592 7400   ProfSvc - ok
18:59:08.0622 7400   ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:59:08.0632 7400   ProtectedStorage - ok
18:59:08.0652 7400   Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:59:08.0672 7400   Psched - ok
18:59:08.0732 7400   psqlWGE         (1ff50da96e12e243a70b5023cfe22d42) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
18:59:08.0752 7400   psqlWGE - ok
18:59:08.0772 7400   purendis        (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
18:59:08.0782 7400   purendis - ok
18:59:08.0822 7400   PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:59:08.0842 7400   PxHlpa64 - ok
18:59:08.0922 7400   QBCFMonitorService (c6df3ff18d6acb913c78c865dded17d3) c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:59:08.0942 7400   QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
18:59:08.0942 7400   QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
18:59:08.0992 7400   QBFCService     (6bee1814470dc12fa20c53dfc3c97ebb) c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:59:09.0002 7400   QBFCService ( UnsignedFile.Multi.Generic ) - warning
18:59:09.0002 7400   QBFCService - detected UnsignedFile.Multi.Generic (1)
18:59:09.0082 7400   QBVSS           (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
18:59:09.0142 7400   QBVSS ( UnsignedFile.Multi.Generic ) - warning
18:59:09.0142 7400   QBVSS - detected UnsignedFile.Multi.Generic (1)
18:59:09.0192 7400   ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:59:09.0242 7400   ql2300 - ok
18:59:09.0262 7400   ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:09.0272 7400   ql40xx - ok
18:59:09.0292 7400   QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:59:09.0312 7400   QWAVE - ok
18:59:09.0322 7400   QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:59:09.0342 7400   QWAVEdrv - ok
18:59:09.0362 7400   RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:59:09.0402 7400   RasAcd - ok
18:59:09.0432 7400   RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:09.0462 7400   RasAgileVpn - ok
18:59:09.0472 7400   RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:59:09.0502 7400   RasAuto - ok
18:59:09.0512 7400   Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:09.0552 7400   Rasl2tp - ok
18:59:09.0572 7400   RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:59:09.0612 7400   RasMan - ok
18:59:09.0622 7400   RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:09.0652 7400   RasPppoe - ok
18:59:09.0672 7400   RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:59:09.0732 7400   RasSstp - ok
18:59:09.0752 7400   rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:59:09.0792 7400   rdbss - ok
18:59:09.0822 7400   rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:09.0882 7400   rdpbus - ok
18:59:10.0002 7400   RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:10.0052 7400   RDPCDD - ok
18:59:10.0082 7400   RDPDISPM        (f56aed34ea2a292e92a3a09736c3648e) C:\Windows\system32\DRIVERS\rdpdispm.sys
18:59:10.0092 7400   RDPDISPM - ok
18:59:10.0122 7400   RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
18:59:10.0152 7400   RDPDR - ok
18:59:10.0182 7400   RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:59:10.0252 7400   RDPENCDD - ok
18:59:10.0262 7400   RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:59:10.0302 7400   RDPREFMP - ok
18:59:10.0342 7400   RDPWD           (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:59:10.0372 7400   RDPWD - ok
18:59:10.0422 7400   rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:59:10.0442 7400   rdyboost - ok
18:59:10.0462 7400   RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:59:10.0512 7400   RemoteAccess - ok
18:59:10.0532 7400   RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:59:10.0582 7400   RemoteRegistry - ok
18:59:10.0632 7400   RimUsb          (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:59:10.0642 7400   RimUsb - ok
18:59:10.0682 7400   RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:59:10.0752 7400   RpcEptMapper - ok
18:59:10.0782 7400   RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:59:10.0802 7400   RpcLocator - ok
18:59:10.0832 7400   RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:59:10.0862 7400   RpcSs - ok
18:59:10.0912 7400   RsFx0103        (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
18:59:10.0932 7400   RsFx0103 - ok
18:59:10.0962 7400   rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:59:11.0002 7400   rspndr - ok
18:59:11.0052 7400   RTL8167         (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:59:11.0072 7400   RTL8167 - ok
18:59:11.0102 7400   s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
18:59:11.0122 7400   s3cap - ok
18:59:11.0162 7400   SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:59:11.0182 7400   SamSs - ok
18:59:11.0282 7400   SamsungAllShareV2.0 (812e8f893e010dc871478d9cc8aa28ee) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
18:59:11.0292 7400   SamsungAllShareV2.0 - ok
18:59:11.0312 7400   sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:59:11.0332 7400   sbp2port - ok
18:59:11.0352 7400   SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:59:11.0392 7400   SCardSvr - ok
18:59:11.0402 7400   scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:59:11.0422 7400   scfilter - ok
18:59:11.0472 7400   Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:59:11.0532 7400   Schedule - ok
18:59:11.0612 7400   SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:59:11.0652 7400   SCPolicySvc - ok
18:59:11.0662 7400   SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:59:11.0682 7400   SDRSVC - ok
18:59:11.0702 7400   secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:59:11.0732 7400   secdrv - ok
18:59:11.0742 7400   seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:59:11.0782 7400   seclogon - ok
18:59:11.0802 7400   SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:59:11.0832 7400   SENS - ok
18:59:11.0832 7400   SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:59:11.0872 7400   SensrSvc - ok
18:59:11.0932 7400   Ser2pl          (9f6490423ac3271e84a90a0dd9d30a3b) C:\Windows\system32\DRIVERS\ser2pl64.sys
18:59:11.0952 7400   Ser2pl - ok
18:59:11.0992 7400   Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:59:12.0032 7400   Serenum - ok
18:59:12.0042 7400   Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:59:12.0062 7400   Serial - ok
18:59:12.0092 7400   sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:59:12.0122 7400   sermouse - ok
18:59:12.0152 7400   SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:59:12.0212 7400   SessionEnv - ok
18:59:12.0222 7400   sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:59:12.0262 7400   sffdisk - ok
18:59:12.0272 7400   sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:59:12.0282 7400   sffp_mmc - ok
18:59:12.0292 7400   sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:59:12.0302 7400   sffp_sd - ok
18:59:12.0322 7400   sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:12.0342 7400   sfloppy - ok
18:59:12.0402 7400   SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:59:12.0472 7400   SharedAccess - ok
18:59:12.0502 7400   ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:59:12.0542 7400   ShellHWDetection - ok
18:59:12.0572 7400   SimpleSlideShowServer (32c81a9157143da8ffafaf214084ae11) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
18:59:12.0582 7400   SimpleSlideShowServer - ok
18:59:12.0602 7400   SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:12.0622 7400   SiSRaid2 - ok
18:59:12.0642 7400   SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:12.0652 7400   SiSRaid4 - ok
18:59:12.0692 7400   Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:59:12.0742 7400   Smb - ok
18:59:12.0762 7400   SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:59:12.0802 7400   SNMPTRAP - ok
18:59:12.0802 7400   spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:59:12.0812 7400   spldr - ok
18:59:12.0852 7400   Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:59:12.0872 7400   Spooler - ok
18:59:12.0932 7400   sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:59:13.0012 7400   sppsvc - ok
18:59:13.0032 7400   sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:59:13.0092 7400   sppuinotify - ok
18:59:13.0182 7400   SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:59:13.0202 7400   SQLAgent$SQLEXPRESS - ok
18:59:13.0252 7400   SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:59:13.0272 7400   SQLBrowser - ok
18:59:13.0312 7400   SQLWriter       (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:59:13.0332 7400   SQLWriter - ok
18:59:13.0402 7400   SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
18:59:13.0442 7400   SRTSP - ok
18:59:13.0452 7400   SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
18:59:13.0462 7400   SRTSPX - ok
18:59:13.0492 7400   srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:59:13.0522 7400   srv - ok
18:59:13.0542 7400   srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:59:13.0582 7400   srv2 - ok
18:59:13.0632 7400   srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:59:13.0662 7400   srvnet - ok
18:59:13.0692 7400   SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:59:13.0742 7400   SSDPSRV - ok
18:59:13.0762 7400   SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:59:13.0792 7400   SstpSvc - ok
18:59:13.0832 7400   Stereo Service  (9d6de9a470eeb47207f413c58980f5fa) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:59:13.0842 7400   Stereo Service - ok
18:59:13.0862 7400   stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:59:13.0862 7400   stexstor - ok
18:59:13.0902 7400   StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:59:13.0922 7400   StillCam - ok
18:59:13.0952 7400   stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:59:13.0972 7400   stisvc - ok
18:59:14.0002 7400   storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:59:14.0012 7400   storflt - ok
18:59:14.0032 7400   storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
18:59:14.0032 7400   storvsc - ok
18:59:14.0052 7400   swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:59:14.0052 7400   swenum - ok
18:59:14.0172 7400   SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:59:14.0192 7400   SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:59:14.0192 7400   SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:59:14.0242 7400   swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:59:14.0292 7400   swprv - ok
18:59:14.0372 7400   Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
18:59:14.0402 7400   Symantec RemoteAssist - ok
18:59:14.0422 7400   SymDS           (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
18:59:14.0432 7400   SymDS - ok
18:59:14.0462 7400   SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
18:59:14.0482 7400   SymEFA - ok
18:59:14.0502 7400   SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:59:14.0512 7400   SymEvent - ok
18:59:14.0552 7400   SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
18:59:14.0562 7400   SymIRON - ok
18:59:14.0612 7400   SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
18:59:14.0632 7400   SymNetS - ok
18:59:14.0662 7400   SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:59:14.0742 7400   SysMain - ok
18:59:14.0762 7400   TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:59:14.0782 7400   TabletInputService - ok
18:59:14.0912 7400   TabletServicePen (b5b736216ff7c71d320bf493825752a1) C:\Windows\system32\Pen_Tablet.exe
18:59:15.0042 7400   TabletServicePen - ok
18:59:15.0072 7400   TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:59:15.0122 7400   TapiSrv - ok
18:59:15.0142 7400   TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:59:15.0172 7400   TBS - ok
18:59:15.0232 7400   Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:59:15.0292 7400   Tcpip - ok
18:59:15.0332 7400   TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:59:15.0362 7400   TCPIP6 - ok
18:59:15.0382 7400   tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:59:15.0402 7400   tcpipreg - ok
18:59:15.0422 7400   TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:59:15.0432 7400   TDPIPE - ok
18:59:15.0462 7400   TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:59:15.0492 7400   TDTCP - ok
18:59:15.0532 7400   tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:59:15.0602 7400   tdx - ok
18:59:15.0622 7400   TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:59:15.0632 7400   TermDD - ok
18:59:15.0652 7400   TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:59:15.0702 7400   TermService - ok
18:59:15.0722 7400   Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:59:15.0742 7400   Themes - ok
18:59:15.0772 7400   THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:59:15.0822 7400   THREADORDER - ok
18:59:15.0832 7400   TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:59:15.0882 7400   TrkWks - ok
18:59:15.0922 7400   TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:59:15.0942 7400   TrustedInstaller - ok
18:59:15.0962 7400   tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:16.0002 7400   tssecsrv - ok
18:59:16.0042 7400   tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:59:16.0072 7400   tunnel - ok
18:59:16.0092 7400   uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:59:16.0102 7400   uagp35 - ok
18:59:16.0122 7400   udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:59:16.0182 7400   udfs - ok
18:59:16.0192 7400   UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:59:16.0202 7400   UI0Detect - ok
18:59:16.0212 7400   uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:59:16.0222 7400   uliagpkx - ok
18:59:16.0242 7400   umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:59:16.0262 7400   umbus - ok
18:59:16.0272 7400   UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:59:16.0302 7400   UmPass - ok
18:59:16.0332 7400   UmRdpService    (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
18:59:16.0352 7400   UmRdpService - ok
18:59:16.0382 7400   upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:59:16.0462 7400   upnphost - ok
18:59:16.0512 7400   USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:59:16.0532 7400   USBAAPL64 - ok
18:59:16.0582 7400   usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:59:16.0602 7400   usbaudio - ok
18:59:16.0642 7400   usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:16.0652 7400   usbccgp - ok
18:59:16.0672 7400   usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:59:16.0682 7400   usbcir - ok
18:59:16.0722 7400   usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
18:59:16.0732 7400   usbehci - ok
18:59:16.0762 7400   usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:59:16.0792 7400   usbhub - ok
18:59:16.0832 7400   usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:59:16.0862 7400   usbohci - ok
18:59:16.0892 7400   usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:59:16.0932 7400   usbprint - ok
18:59:16.0982 7400   usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:59:17.0012 7400   usbscan - ok
18:59:17.0052 7400   USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:17.0072 7400   USBSTOR - ok
18:59:17.0102 7400   usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
18:59:17.0132 7400   usbuhci - ok
18:59:17.0142 7400   UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:59:17.0192 7400   UxSms - ok
18:59:17.0232 7400   VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:59:17.0242 7400   VaultSvc - ok
18:59:17.0252 7400   vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:59:17.0252 7400   vdrvroot - ok
18:59:17.0272 7400   vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:59:17.0292 7400   vds - ok
18:59:17.0302 7400   vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:17.0312 7400   vga - ok
18:59:17.0312 7400   VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:59:17.0352 7400   VgaSave - ok
18:59:17.0372 7400   vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:59:17.0382 7400   vhdmp - ok
18:59:17.0402 7400   viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:59:17.0412 7400   viaide - ok
18:59:17.0432 7400   vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
18:59:17.0442 7400   vmbus - ok
18:59:17.0462 7400   VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:59:17.0472 7400   VMBusHID - ok
18:59:17.0492 7400   volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:59:17.0502 7400   volmgr - ok
18:59:17.0522 7400   volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:59:17.0532 7400   volmgrx - ok
18:59:17.0552 7400   volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:59:17.0572 7400   volsnap - ok
18:59:17.0592 7400   vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:17.0602 7400   vsmraid - ok
18:59:17.0662 7400   VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:59:17.0732 7400   VSS - ok
18:59:17.0752 7400   vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:59:17.0772 7400   vwifibus - ok
18:59:17.0812 7400   vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:59:17.0842 7400   vwififlt - ok
18:59:17.0882 7400   vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:59:17.0912 7400   vwifimp - ok
18:59:17.0932 7400   W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:59:17.0982 7400   W32Time - ok
18:59:18.0032 7400   wacmoumonitor   (6b6718dc4b4597ec10f4f8c614282ee1) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
18:59:18.0042 7400   wacmoumonitor - ok
18:59:18.0082 7400   wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
18:59:18.0092 7400   wacommousefilter - ok
18:59:18.0142 7400   WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:59:18.0172 7400   WacomPen - ok
18:59:18.0212 7400   wacomvhid       (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
18:59:18.0222 7400   wacomvhid - ok
18:59:18.0242 7400   WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:59:18.0312 7400   WANARP - ok
18:59:18.0312 7400   Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:59:18.0332 7400   Wanarpv6 - ok
18:59:18.0392 7400   WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:18.0432 7400   WatAdminSvc - ok
18:59:18.0462 7400   wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:59:18.0492 7400   wbengine - ok
18:59:18.0522 7400   WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:59:18.0542 7400   WbioSrvc - ok
18:59:18.0572 7400   wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:59:18.0612 7400   wcncsvc - ok
18:59:18.0632 7400   WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:59:18.0652 7400   WcsPlugInService - ok
18:59:18.0662 7400   Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:59:18.0672 7400   Wd - ok
18:59:18.0712 7400   WDC_SAM         (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:59:18.0722 7400   WDC_SAM - ok
18:59:18.0742 7400   Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:59:18.0762 7400   Wdf01000 - ok
18:59:18.0772 7400   WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:59:18.0802 7400   WdiServiceHost - ok
18:59:18.0802 7400   WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:59:18.0812 7400   WdiSystemHost - ok
18:59:18.0852 7400   WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:59:18.0862 7400   WebClient - ok
18:59:18.0872 7400   Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:59:18.0912 7400   Wecsvc - ok
18:59:18.0922 7400   wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:59:18.0943 7400   wercplsupport - ok
18:59:18.0973 7400   WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:59:19.0003 7400   WerSvc - ok
18:59:19.0013 7400   WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:19.0033 7400   WfpLwf - ok
18:59:19.0043 7400   WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:59:19.0053 7400   WIMMount - ok
18:59:19.0073 7400   WinDefend - ok
18:59:19.0073 7400   WinHttpAutoProxySvc - ok
18:59:19.0123 7400   Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:59:19.0183 7400   Winmgmt - ok
18:59:19.0243 7400   WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:59:19.0353 7400   WinRM - ok
18:59:19.0423 7400   WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:59:19.0463 7400   WinUsb - ok
18:59:19.0493 7400   Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:59:19.0523 7400   Wlansvc - ok
18:59:19.0633 7400   wlidsvc         (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:59:19.0703 7400   wlidsvc - ok
18:59:19.0733 7400   WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:59:19.0743 7400   WmiAcpi - ok
18:59:19.0753 7400   wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:59:19.0763 7400   wmiApSrv - ok
18:59:19.0773 7400   WMPNetworkSvc - ok
18:59:19.0793 7400   WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:59:19.0803 7400   WPCSvc - ok
18:59:19.0813 7400   WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:59:19.0823 7400   WPDBusEnum - ok
18:59:19.0843 7400   ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:59:19.0863 7400   ws2ifsl - ok
18:59:19.0893 7400   wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:59:19.0913 7400   wscsvc - ok
18:59:19.0963 7400   WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:59:19.0983 7400   WSDPrintDevice - ok
18:59:19.0993 7400   WSearch - ok
18:59:20.0053 7400   WTouchService   (a2cc9a9bc30c6141ff99d85a4e26d7a7) C:\Program Files\WTouch\WTouchService.exe
18:59:20.0063 7400   WTouchService - ok
18:59:20.0123 7400   wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:59:20.0203 7400   wuauserv - ok
18:59:20.0213 7400   WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:59:20.0283 7400   WudfPf - ok
18:59:20.0333 7400   WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:20.0363 7400   WUDFRd - ok
18:59:20.0373 7400   wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:59:20.0413 7400   wudfsvc - ok
18:59:20.0433 7400   WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:59:20.0463 7400   WwanSvc - ok
18:59:20.0493 7400   MBR (0x1B8)     (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
18:59:20.0513 7400   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:59:20.0513 7400   \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:59:20.0533 7400   \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:59:20.0533 7400   \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:59:20.0563 7400   Boot (0x1200)   (c2976d6fb2bb7e018c11022236ba62ca) \Device\Harddisk0\DR0\Partition0
18:59:20.0563 7400   \Device\Harddisk0\DR0\Partition0 - ok
18:59:20.0583 7400   Boot (0x1200)   (19e08608f678adb2c7e6babecde7461e) \Device\Harddisk0\DR0\Partition1
18:59:20.0583 7400   \Device\Harddisk0\DR0\Partition1 - ok
18:59:20.0613 7400   Boot (0x1200)   (f8739ce04a2664767e7e8d2cf90cf291) \Device\Harddisk0\DR0\Partition2
18:59:20.0613 7400   \Device\Harddisk0\DR0\Partition2 - ok
18:59:20.0613 7400   ============================================================
18:59:20.0613 7400   Scan finished
18:59:20.0613 7400   ============================================================
18:59:20.0633 7616   Detected object count: 11
18:59:20.0633 7616   Actual detected object count: 11
19:06:40.0633 7616   Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0633 7616   Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0633 7616   HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0633 7616   HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0633 7616   LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0633 7616   LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0643 7616   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0643 7616   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0643 7616   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0643 7616   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0643 7616   QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0643 7616   QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0643 7616   QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0643 7616   QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0643 7616   QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0643 7616   QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0653 7616   SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:40.0653 7616   SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:40.0683 7616   \Device\Harddisk0\DR0\# - copied to quarantine
19:06:40.0683 7616   \Device\Harddisk0\DR0 - copied to quarantine
19:06:40.0713 7616   \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:06:40.0713 7616   \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:06:40.0713 7616   \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:06:40.0723 7616   \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:06:40.0733 7616   \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:06:40.0733 7616   \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:06:40.0743 7616   \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:06:40.0743 7616   \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:06:40.0743 7616   \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:06:40.0743 7616   \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:06:40.0743 7616   \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:06:40.0753 7616   \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:06:40.0773 7616   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:06:40.0773 7616   \Device\Harddisk0\DR0 - ok
19:06:40.0773 7616   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:06:40.0773 7616   \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:06:40.0773 7616   \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:06:47.0213 9052   Deinitialize success

[ooguyx]

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.13

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Roy :: MARTINFAMILYPC [administrator]

Protection: Disabled

3/30/2012 7:31:35 PM
mbam-log-2012-03-30 (19-31-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 467005
Time elapsed: 1 hour(s), 33 minute(s), 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\TiEmu\bin\tiemups.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[ooguyx]

I ran MWB again and it appears that it hasn't been removed.

[kevinf80]

Why do you say that "it hasn`t been removed"

[ooguyx]

Because when I ran a scan of malware bytes again after reboot, it found the same thing.

[kevinf80]

Do you mean you ran Malwarebytes after the re-boot from TDSSKiller, or a re-boot after Malwarebytes itself. meaning MB has been run twice...

[ooguyx]

Mb ran twice. I did everything exactly as asked in your previous post. Mb said to reboot, so I did.  Afterward I ran mb again and the virus showed up again.

[kevinf80]

Do you have a USB flash drive (memory stick) of minimum size 250MB and preferably, (but not essentially) a clean PC... The usb stick will be formatted in this process...

[ooguyx]

I have a clean PC. Not sure about a flash drive, but I do have an external HDD that is clean too.

[kevinf80]

Do this first,

Re-run TDSSKiller, when you see this entry Device\Harddisk0\DR0 ( TDSS File System ) Select Delete as the option.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Save to the Desktop and run as before let me see the new logs. What about a usb memory stick, also known as a flash drive, do you have one if necessary...

Kevin