Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bluescreen crash [Closed]

Started by j5iscool , Nov 18 2012 08:41 PM

  • This topic is locked This topic is locked

#1
j5iscool
Posted 18 November 2012 - 08:41 PM

j5iscool

    New Member

  • Member
  • Pip
  • 6 posts
I am getting bluescreens frequently. Bluescreen dumplog reader said the driver responsible for crash was ntoskrnl.exe I seem to get bluescreen when I'm watching videos on vlc.player and downloading music/videos simultaneously. system restored to a month ago helped some but i still got a bluescreen after the restore. here is the log from OTL.

OTL logfile created on: 11/18/2012 6:30:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\J5iscool\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.19 Gb Available Physical Memory | 58.31% Memory free
10.96 Gb Paging File | 8.28 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673.83 Gb Total Space | 502.55 Gb Free Space | 74.58% Space Free | Partition Type: NTFS
Drive D: | 20.65 Gb Total Space | 2.22 Gb Free Space | 10.76% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.26% Space Free | Partition Type: FAT32

Computer Name: J5ISCOOL-HP | User Name: J5iscool | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 18:18:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J5iscool\Desktop\OTL.exe
PRC - [2012/11/18 16:30:35 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/11/18 07:42:08 | 000,878,480 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/11/03 09:09:54 | 000,843,208 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/10/11 08:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/10/11 08:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/10/09 08:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/18 13:09:03 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/10/07 19:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/28 14:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/12 17:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/26 02:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 02:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 02:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/08/10 04:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\tools\BitCometService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 16:30:34 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/11/18 16:30:34 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/11/18 16:30:34 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/11/18 16:30:34 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/11/18 16:30:34 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/18 07:42:09 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012/11/18 07:42:09 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/11/18 07:42:09 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/11/18 07:42:09 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/11/18 07:42:09 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/11/18 07:42:09 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/11/18 07:42:09 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/11/18 07:42:09 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/11/18 07:42:09 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/11/18 07:42:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/11/18 07:42:09 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/11/18 07:42:09 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/11/03 13:33:15 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/11/03 13:33:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012/11/03 13:32:30 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/11/03 08:55:10 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/11/03 08:54:53 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/11/03 08:54:43 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/11/03 08:54:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/11/03 08:54:38 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/11/03 08:54:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/11/03 08:54:33 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/11/03 08:54:27 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/10/20 21:16:14 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/20 09:56:16 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/08/24 17:20:03 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/08/19 08:57:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/19 08:57:45 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/06 00:44:31 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/10/06 00:44:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/28 18:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 05:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/20 10:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/05/27 10:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/18 16:30:35 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/20 21:16:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/12 17:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/26 02:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/10 04:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/28 17:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/06 00:44:32 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/10/06 00:43:09 | 004,747,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/09/19 20:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/19 20:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/07/23 09:11:53 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/08 10:05:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/08 10:05:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/28 18:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 17:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/20 17:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 17:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/20 17:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 17:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 17:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 17:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 17:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/08 07:38:06 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 10:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 10:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/07/28 11:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/07/25 10:18:40 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 10:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 10:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/07/16 04:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/07/16 04:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/06/09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/30 16:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 10:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 10:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 02:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 02:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/17 08:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 09:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/18 07:38:51 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121117.005_5b4\ex64.sys -- (NAVEX15)
DRV - [2012/11/18 07:38:51 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121117.005_5b4\eng64.sys -- (NAVENG)
DRV - [2012/11/16 17:09:34 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121116.001_5d5\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/06 23:54:56 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001_5a4\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/17 17:38:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/17 17:38:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...tB&cr=478637292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=478637292
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...tB&cr=478637292
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=478637292
IE - HKLM\..\SearchScopes\{224F61EC-22E6-5725-4735-6939CFEA695C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://movies.netflix.com/WiHome
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=478637292
IE - HKCU\..\SearchScopes\{224F61EC-22E6-5725-4735-6939CFEA695C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/18 17:51:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/18 17:50:51 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Simple Pass 2012 (Enabled) = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Funmoods = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: SpeedDial = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: Website Logon = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Norton Identity Protection = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
CHR - Extension: Yontoo = C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3B5E3F8-3C84-4BEE-89CC-D16535C30943}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD041238-E337-44AA-816C-83758249AE6C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 18:18:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\J5iscool\Desktop\OTL.exe
[2012/11/18 07:35:57 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Roaming\SpeedMaxPc
[2012/11/18 07:35:57 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Roaming\DriverCure
[2012/11/18 07:35:40 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
[2012/11/18 07:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedMaxPc
[2012/11/18 07:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/11/18 07:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedMaxPc
[2012/11/03 10:04:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/11/03 09:55:44 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\Desktop\Misc
[2012/11/03 09:40:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/03 09:09:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/11/03 09:09:10 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Local\Samsung
[2012/11/03 09:09:09 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Roaming\Samsung
[2012/11/03 09:09:07 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\Documents\samsung
[2012/11/03 09:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/11/03 08:58:35 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/11/03 08:58:35 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/11/03 08:57:34 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/11/03 08:57:13 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/11/03 08:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/11/03 08:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/11/03 08:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/11/03 08:51:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/03 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Local\Downloaded Installations
[2012/10/20 09:56:24 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Roaming\Opera
[2012/10/20 09:56:24 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Local\Opera
[2012/10/20 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012/10/20 09:20:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/20 08:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/10/19 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\J5iscool\AppData\Local\Ilivid Player
[2012/10/19 22:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/10/19 22:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar

========== Files - Modified Within 30 Days ==========

[2012/11/18 18:20:38 | 000,002,107 | ---- | M] () -- C:\Users\J5iscool\Desktop\BlueScreenView - Shortcut.lnk
[2012/11/18 18:18:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J5iscool\Desktop\OTL.exe
[2012/11/18 18:00:05 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/11/18 17:58:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 17:58:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 17:54:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/18 17:54:33 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/18 17:54:33 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/18 17:47:10 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/11/18 17:47:10 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/11/18 17:47:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJ5iscool.job
[2012/11/18 17:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 17:47:02 | 756,515,491 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/18 17:47:01 | 116,842,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/18 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/03 09:09:06 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/11/03 09:06:39 | 000,002,020 | ---- | M] () -- C:\Users\J5iscool\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/11/03 08:56:03 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/20 09:56:17 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

========== Files Created - No Company Name ==========

[2012/11/18 18:20:38 | 000,002,107 | ---- | C] () -- C:\Users\J5iscool\Desktop\BlueScreenView - Shortcut.lnk
[2012/11/18 07:36:00 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/11/18 07:35:35 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/11/18 07:35:34 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/11/03 09:09:06 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/11/03 09:06:38 | 000,002,020 | ---- | C] () -- C:\Users\J5iscool\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/10/20 09:56:17 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/10/20 09:56:17 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/10/20 09:20:05 | 756,515,491 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/09/18 18:54:55 | 000,384,844 | ---- | C] () -- C:\Users\J5iscool\AppData\Local\funmoods-speeddial.crx
[2012/09/18 18:54:51 | 000,031,465 | ---- | C] () -- C:\Users\J5iscool\AppData\Local\funmoods.crx
[2012/08/18 07:53:36 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/23 09:06:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/23 08:57:48 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/28 05:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/06 11:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/09 18:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/18 01:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/18 18:37:51 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\BitComet
[2012/09/04 01:11:32 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\Blio
[2012/11/18 07:35:57 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\DriverCure
[2012/08/16 18:35:58 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\IDT
[2012/10/20 09:56:24 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\Opera
[2012/11/03 09:09:09 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\Samsung
[2012/11/18 07:35:57 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\SpeedMaxPc
[2012/08/16 17:58:21 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\Synaptics
[2012/08/18 08:33:35 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\TeamViewer
[2012/09/30 12:24:56 | 000,000,000 | ---D | M] -- C:\Users\J5iscool\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 18 November 2012 - 10:20 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
j5iscool
Posted 20 November 2012 - 08:06 PM

j5iscool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Gringo here are my reports



REPORT 1 SECURITYCHECK


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




REPORT 2 ADW

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 17:52:01
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : J5iscool - J5ISCOOL-HP
# Boot Mode : Normal
# Running from : C:\Users\J5iscool\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\J5iscool\AppData\Local\funmoods.crx
File Deleted : C:\Users\J5iscool\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\J5iscool\AppData\Local\Temp\Searchqu.ini
Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\J5iscool\AppData\Local\Ilivid Player

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyBzy0A0F0DtA0E0CtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=478637292 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyBzy0A0F0DtA0E0CtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=478637292 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]




File : C:\Users\J5iscool\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.10.1652.0

File : C:\Users\J5iscool\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [10852 octets] - [20/11/2012 17:52:01]

########## EOF - C:\AdwCleaner[S1].txt - [10913 octets] ##########





REPORT 3 ROGUEKILLER

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : J5iscool [Admin rights]
Mode : Remove -- Date : 11/20/2012 18:03:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST750LM0 22 HN-M750MBB SATA Disk Device +++++
--- User ---
[MBR] 074d136469544c710088bb2943c5acad
[BSP] 8b527aae76900387ddfb149007748dcc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 690000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1413529600 | Size: 21141 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1456826368 | Size: 4062 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] da75923e84e0775014f4eca1f59a1234
[BSP] 8b527aae76900387ddfb149007748dcc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 94207 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 193345536 | Size: 400 Mo

Finished : << RKreport[2]_D_11202012_02d1803.txt >>
RKreport[1]_S_11202012_02d1802.txt ; RKreport[2]_D_11202012_02d1803.txt
  • 0

#4
gringo_pr
Posted 20 November 2012 - 08:27 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
j5iscool
Posted 20 November 2012 - 11:05 PM

j5iscool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Gringo,

The computer seems fine so far allthough I haven't yet tested the problem which was Bluesscreen crash while watching movies I have on my hard drive. I'll will test it tonight and see if it crashes.
Thanks and I will gladly make a donation for you help.

COMBO FIX LOG

ComboFix 12-11-20.02 - J5iscool 11/20/2012 20:13:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3645 [GMT -8:00]
Running from: C:\Users\J5iscool\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\SysWow64\muzapp.exe


((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))


2012-11-21 04:28:59 . 2012-11-21 04:28:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-11-19 13:56:16 . 2012-07-26 04:55:47 785512 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2012-11-19 13:56:16 . 2012-07-26 04:55:47 54376 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2012-11-19 13:56:16 . 2012-07-26 04:47:34 2560 ----a-w- C:\Windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 13:56:16 . 2012-07-26 02:36:08 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2012-11-19 13:46:57 . 2012-07-26 02:26:45 87040 ----a-w- C:\Windows\system32\drivers\WUDFPf.sys
2012-11-19 13:46:57 . 2012-07-26 02:26:06 198656 ----a-w- C:\Windows\system32\drivers\WUDFRd.sys
2012-11-19 13:46:55 . 2012-07-26 03:08:53 229888 ----a-w- C:\Windows\system32\WUDFHost.exe
2012-11-19 13:46:55 . 2012-07-26 03:08:14 84992 ----a-w- C:\Windows\system32\WUDFSvc.dll
2012-11-19 13:46:55 . 2012-07-26 03:08:14 744448 ----a-w- C:\Windows\system32\WUDFx.dll
2012-11-19 13:46:55 . 2012-07-26 03:08:14 45056 ----a-w- C:\Windows\system32\WUDFCoinstaller.dll
2012-11-19 13:46:55 . 2012-07-26 03:08:14 194048 ----a-w- C:\Windows\system32\WUDFPlatform.dll
2012-11-18 15:35:57 . 2012-11-18 15:35:57 -------- d-----w- C:\Users\J5iscool\AppData\Roaming\SpeedMaxPc
2012-11-18 15:35:57 . 2012-11-18 15:35:57 -------- d-----w- C:\Users\J5iscool\AppData\Roaming\DriverCure
2012-11-18 15:35:32 . 2012-11-18 15:35:32 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-11-18 15:35:31 . 2012-11-18 15:35:32 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-11-18 15:35:31 . 2012-11-18 15:35:31 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc
2012-11-18 15:35:00 . 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\system32\dhcpcore6.dll
2012-11-18 15:33:42 . 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-18 15:33:42 . 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\system32\synceng.dll
2012-11-03 17:40:23 . 2012-11-03 17:40:23 -------- d-----w- C:\Temp
2012-11-03 17:09:10 . 2012-11-03 17:09:10 -------- d-----w- C:\Users\J5iscool\AppData\Local\Samsung
2012-11-03 17:09:09 . 2012-11-03 17:09:09 -------- d-----w- C:\Users\J5iscool\AppData\Roaming\Samsung
2012-11-03 16:58:35 . 2012-09-20 04:35:36 203104 ----a-w- C:\Windows\system32\drivers\ssudmdm.sys
2012-11-03 16:58:35 . 2012-09-20 04:35:36 102368 ----a-w- C:\Windows\system32\drivers\ssudbus.sys
2012-11-03 16:57:34 . 2012-09-27 03:57:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-11-03 16:57:13 . 2012-11-03 16:57:13 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-11-03 16:57:13 . 2012-09-27 03:57:12 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-11-03 16:56:50 . 2012-11-03 17:06:09 -------- d-----w- C:\ProgramData\Samsung
2012-11-03 16:56:50 . 2012-11-03 16:58:08 -------- d-----w- C:\Program Files (x86)\Samsung
2012-11-03 16:49:38 . 2012-11-03 16:49:38 -------- d-----w- C:\Users\J5iscool\AppData\Local\Downloaded Installations
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-11-19 13:47:40 . 2012-08-20 23:51:41 66395536 ----a-w- C:\Windows\system32\MRT.exe
2012-10-21 05:16:14 . 2012-09-01 12:58:44 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-21 05:16:14 . 2011-11-08 18:21:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 08:44:32 . 2012-10-06 08:45:06 535552 ----a-w- C:\Windows\system32\drivers\stwrt64.sys
2012-10-06 08:44:31 . 2012-10-06 08:45:03 654336 ------w- C:\Windows\system32\stapi64.dll
2012-10-06 08:44:31 . 2012-10-06 08:45:03 448512 ----a-w- C:\Windows\system32\stcplx64.dll
2012-10-06 08:44:31 . 2012-10-06 08:45:03 1987072 ----a-w- C:\Windows\system32\stapo64.dll
2012-10-06 08:44:31 . 2012-07-23 16:58:54 4444672 ----a-w- C:\Windows\system32\stlang64.dll
2012-10-06 08:44:31 . 2012-07-23 16:58:54 1425408 ----a-w- C:\Windows\sttray64.exe
2012-10-06 08:44:31 . 2012-07-23 16:58:15 251904 ----a-w- C:\Windows\system32\staco64.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:55 442368 ----a-w- C:\Windows\system32\AESTEC64.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:55 223744 ----a-w- C:\Windows\system32\HPToneCtrls64.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:54 90624 ----a-w- C:\Windows\system32\AESTCo64.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:54 68608 ----a-w- C:\Windows\system32\AESTAR64.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:54 6344704 ----a-w- C:\Windows\system32\IDTNGUI.exe
2012-10-06 08:44:30 . 2012-07-23 16:58:54 5298688 ----a-w- C:\Windows\system32\IDTNHP.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:54 249344 ----a-w- C:\Windows\system32\IDTNJ.exe
2012-10-06 08:44:30 . 2012-07-23 16:58:54 1819136 ----a-w- C:\Windows\system32\IDTNC64.cpl
2012-10-06 08:44:30 . 2012-07-23 16:58:54 162304 ----a-w- C:\Windows\system32\AESTAC64.dll
2012-10-06 08:44:30 . 2012-07-23 16:58:54 1085440 ----a-w- C:\Windows\system32\IDTNX.dll
2012-10-06 08:43:09 . 2012-07-23 17:01:39 6656 ----a-w- C:\Windows\system32\bcmwlrc.dll
2012-10-06 08:43:09 . 2012-07-23 17:01:38 95544 ----a-w- C:\Windows\system32\bcmwlcoi.dll
2012-10-06 08:43:09 . 2012-07-23 17:01:38 4747840 ----a-w- C:\Windows\system32\drivers\BCMWL664.SYS
2012-10-06 08:43:09 . 2012-07-23 17:01:38 3952640 ----a-w- C:\Windows\system32\bcmihvsrv64.dll
2012-10-06 08:43:09 . 2012-07-23 17:01:38 3617792 ----a-w- C:\Windows\system32\bcmihvui64.dll
2012-09-27 03:57:16 . 2012-09-27 03:57:16 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2012-09-27 03:57:16 . 2012-09-27 03:57:16 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-09-27 03:57:16 . 2012-09-27 03:57:16 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2012-09-27 03:57:14 . 2012-09-27 03:57:14 974848 ----a-w- C:\Windows\SysWow64\cis-2.4.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 81920 ----a-w- C:\Windows\SysWow64\issacapi_bs-2.3.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 65536 ----a-w- C:\Windows\SysWow64\issacapi_pe-2.3.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 57344 ----a-w- C:\Windows\SysWow64\MTXSYNCICON.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 57344 ----a-w- C:\Windows\SysWow64\MK_Lyric.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 57344 ----a-w- C:\Windows\SysWow64\issacapi_se-2.3.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 569344 ----a-w- C:\Windows\SysWow64\muzdecode.ax
2012-09-27 03:57:14 . 2012-09-27 03:57:14 491520 ----a-w- C:\Windows\SysWow64\muzapp.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 49152 ----a-w- C:\Windows\SysWow64\MaJGUILib.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 45056 ----a-w- C:\Windows\SysWow64\MACXMLProto.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 40960 ----a-w- C:\Windows\SysWow64\MTTELECHIP.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 352256 ----a-w- C:\Windows\SysWow64\MSLUR71.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 258048 ----a-w- C:\Windows\SysWow64\muzoggsp.ax
2012-09-27 03:57:14 . 2012-09-27 03:57:14 245760 ----a-w- C:\Windows\SysWow64\MSCLib.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2012-09-27 03:57:14 . 2012-09-27 03:57:14 200704 ----a-w- C:\Windows\SysWow64\muzwmts.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 155648 ----a-w- C:\Windows\SysWow64\MSFLib.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 143360 ----a-w- C:\Windows\SysWow64\3DAudio.ax
2012-09-27 03:57:14 . 2012-09-27 03:57:14 135168 ----a-w- C:\Windows\SysWow64\muzaf1.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 131072 ----a-w- C:\Windows\SysWow64\muzmpgsp.ax
2012-09-27 03:57:14 . 2012-09-27 03:57:14 122880 ----a-w- C:\Windows\SysWow64\muzeffect.ax
2012-09-27 03:57:14 . 2012-09-27 03:57:14 118784 ----a-w- C:\Windows\SysWow64\MaDRM.dll
2012-09-27 03:57:14 . 2012-09-27 03:57:14 110592 ----a-w- C:\Windows\SysWow64\muzmp4sp.ax
2012-09-14 19:19:29 . 2012-10-10 00:18:53 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-09-14 18:28:53 . 2012-10-10 00:18:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 . 2012-10-10 00:19:13 1659760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2012-08-30 18:03:45 . 2012-10-10 00:19:12 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-08-30 17:12:02 . 2012-10-10 00:19:12 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 . 2012-10-10 00:19:12 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 13:46:46 . 2012-08-30 13:46:46 71680 ----a-w- C:\Windows\system32\frapsv64.dll
2012-08-30 13:46:44 . 2012-08-30 13:46:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-24 18:05:07 . 2012-10-10 00:18:56 220160 ----a-w- C:\Windows\system32\wintrust.dll
2012-08-24 16:57:48 . 2012-10-10 00:18:56 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2012-08-18 21:09:03 1353080]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2012-07-31 03:04:40 20480816]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 16:33:52 966072]
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 16:17:54 580096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 13:53:24 343168]
"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 03:10:48 169528]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 22:04:44 574008]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 22:48:44 379960]
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 22:37:18 1342008]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 16:33:54 309688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 23:22:16 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 20:13:44 3064000]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 20:28:36 160944]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys [2011-09-21 01:36:50 133672]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\system32\drivers\btwampfl.sys [2011-09-21 01:36:50 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys [2011-09-21 01:36:50 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 01:36:44 39976]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [2012-09-20 04:35:36 102368]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [2012-06-27 04:38:30 46176]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 04:35:36 203104]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-19 16:23:19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 02:10:10 57184]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 10:37:50 79488]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 10:37:50 40064]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-06 08:44:30 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-09-29 02:12:18 204288]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 13:19:38 361984]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 10:58:00 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 01:10:28 86072]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 10:48:14 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 01:55:46 227896]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2011-05-27 18:20:12 30520]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 22:04:44 26680]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 01:12:08 2413056]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 12:52:54 138760]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys [2011-07-16 12:53:54 96896]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 16:18:24 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys [2011-07-16 12:53:54 214144]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 17:04:32 115216]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 23:22:16 240208]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001_5a4\BHDrvx64.sys [2012-11-07 07:54:56 1384608]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 08:00:34 1296728]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 15:38:06 167048]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 16:13:50 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 01:38:28 138912]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121120.001\IDSvia64.sys [2012-11-17 01:09:34 513184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 00:03:34 338536]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 16:11:08 428136]
S3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 18:18:36 451192]
S3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 19:20:02 1084536]
S3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 18:15:52 189560]
S3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 18:18:40 401016]


Contents of the 'Scheduled Tasks' folder

2012-11-21 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 12:58:45 . 2012-10-21 05:16:14]

2012-11-19 C:\Windows\Tasks\HPCeeScheduleForJ5iscool.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43:00 . 2011-07-15 12:43:00]

2012-11-21 C:\Windows\Tasks\SpeedMaxPc Registration3.job
- C:\Windows\system32\rundll32.exe [2009-07-13 23:41:43 . 2009-07-14 01:14:31]

2012-11-19 C:\Windows\Tasks\SpeedMaxPc Update3.job
- C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2012-06-26 21:32:26 . 2012-06-26 21:32:26]

2012-11-19 C:\Windows\Tasks\SpeedMaxPc.job
- C:\Program Files (x86)\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2012-11-09 22:39:28 . 2012-11-09 22:39:28]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 18:40:56 43320]
"IntelliType Pro"="c:\Program Files\Microsoft Device Center\itype.exe" [2012-06-27 04:38:30 1464928]
"IntelliPoint"="c:\Program Files\Microsoft Device Center\ipoint.exe" [2012-06-27 04:38:30 2004584]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2012-10-06 08:44:31 1425408]

------- Supplementary Scan -------

uStart Page = hxxp://movies.netflix.com/WiHome
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - C:\Program Files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
  • 0

#6
gringo_pr
Posted 20 November 2012 - 11:16 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
j5iscool
Posted 22 November 2012 - 11:02 AM

j5iscool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Gringo,

Thanks for your continued help! And Happy Holiday!

I am running windows 7 home premium on a HP Laptop amd quad core with plenty of ram. Although it was refurbished from frys when i bought it 6 months ago.
This morning I still had 2 blue screen crashes while trying to watch videos via VLC player.
I was not running any other programs. I just now ran the 2 programs as instructed. here are the reports:


08:41:32.0492 4224 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:41:33.0256 4224 ============================================================
08:41:33.0256 4224 Current date / time: 2012/11/22 08:41:33.0256
08:41:33.0256 4224 SystemInfo:
08:41:33.0256 4224
08:41:33.0256 4224 OS Version: 6.1.7601 ServicePack: 1.0
08:41:33.0256 4224 Product type: Workstation
08:41:33.0256 4224 ComputerName: J5ISCOOL-HP
08:41:33.0256 4224 UserName: J5iscool
08:41:33.0256 4224 Windows directory: C:\Windows
08:41:33.0256 4224 System windows directory: C:\Windows
08:41:33.0256 4224 Running under WOW64
08:41:33.0256 4224 Processor architecture: Intel x64
08:41:33.0256 4224 Number of processors: 4
08:41:33.0256 4224 Page size: 0x1000
08:41:33.0256 4224 Boot type: Normal boot
08:41:33.0256 4224 ============================================================
08:41:33.0865 4224 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:33.0865 4224 ============================================================
08:41:33.0865 4224 \Device\Harddisk0\DR0:
08:41:33.0865 4224 MBR partitions:
08:41:33.0865 4224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:41:33.0865 4224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x543A8000
08:41:33.0865 4224 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5440C000, BlocksNum 0x294A800
08:41:33.0865 4224 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x56D56800, BlocksNum 0x7EF000
08:41:33.0865 4224 ============================================================
08:41:33.0896 4224 C: <-> \Device\Harddisk0\DR0\Partition2
08:41:33.0958 4224 D: <-> \Device\Harddisk0\DR0\Partition3
08:41:33.0958 4224 E: <-> \Device\Harddisk0\DR0\Partition4
08:41:33.0958 4224 ============================================================
08:41:33.0958 4224 Initialize success
08:41:33.0958 4224 ============================================================
08:41:36.0657 5444 ============================================================
08:41:36.0657 5444 Scan started
08:41:36.0657 5444 Mode: Manual;
08:41:36.0657 5444 ============================================================
08:41:37.0718 5444 ================ Scan system memory ========================
08:41:37.0718 5444 System memory - ok
08:41:37.0718 5444 ================ Scan services =============================
08:41:37.0936 5444 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:41:37.0952 5444 1394ohci - ok
08:41:37.0999 5444 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
08:41:37.0999 5444 Accelerometer - ok
08:41:38.0030 5444 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:41:38.0030 5444 ACPI - ok
08:41:38.0061 5444 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:41:38.0061 5444 AcpiPmi - ok
08:41:38.0139 5444 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:41:38.0139 5444 AdobeARMservice - ok
08:41:38.0280 5444 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:41:38.0280 5444 AdobeFlashPlayerUpdateSvc - ok
08:41:38.0326 5444 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:41:38.0342 5444 adp94xx - ok
08:41:38.0389 5444 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:41:38.0404 5444 adpahci - ok
08:41:38.0467 5444 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:41:38.0467 5444 adpu320 - ok
08:41:38.0498 5444 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:41:38.0514 5444 AeLookupSvc - ok
08:41:38.0592 5444 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
08:41:38.0592 5444 AESTFilters - ok
08:41:38.0638 5444 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:41:38.0638 5444 AFD - ok
08:41:38.0685 5444 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:41:38.0685 5444 agp440 - ok
08:41:38.0732 5444 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:41:38.0748 5444 ALG - ok
08:41:38.0794 5444 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:41:38.0794 5444 aliide - ok
08:41:38.0857 5444 [ 850F0C8034225FA3F50D551A905FA503 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:41:38.0872 5444 AMD External Events Utility - ok
08:41:38.0935 5444 AMD FUEL Service - ok
08:41:38.0950 5444 [ F1A84D67A03F7536EBDA9DB426EF0E00 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
08:41:38.0966 5444 amdhub30 - ok
08:41:38.0997 5444 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:41:38.0997 5444 amdide - ok
08:41:39.0028 5444 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
08:41:39.0028 5444 amdiox64 - ok
08:41:39.0091 5444 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:41:39.0091 5444 AmdK8 - ok
08:41:39.0372 5444 [ 7979BF4A66EFDADF3D00A052409609B1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:41:39.0590 5444 amdkmdag - ok
08:41:39.0637 5444 [ 7D5CDB0161E91951D3DD99E55CEA4D01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:41:39.0637 5444 amdkmdap - ok
08:41:39.0652 5444 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:41:39.0652 5444 AmdPPM - ok
08:41:39.0699 5444 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:41:39.0715 5444 amdsata - ok
08:41:39.0746 5444 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:41:39.0762 5444 amdsbs - ok
08:41:39.0777 5444 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:41:39.0793 5444 amdxata - ok
08:41:39.0840 5444 [ D8C25FF90E2E8FC7CBE26E2203EC4757 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
08:41:39.0855 5444 amdxhc - ok
08:41:39.0871 5444 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
08:41:39.0886 5444 amd_sata - ok
08:41:39.0902 5444 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
08:41:39.0918 5444 amd_xata - ok
08:41:39.0949 5444 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:41:39.0949 5444 AppID - ok
08:41:39.0980 5444 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:41:39.0980 5444 AppIDSvc - ok
08:41:40.0011 5444 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:41:40.0011 5444 Appinfo - ok
08:41:40.0089 5444 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:41:40.0089 5444 arc - ok
08:41:40.0120 5444 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:41:40.0120 5444 arcsas - ok
08:41:40.0245 5444 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:41:40.0245 5444 aspnet_state - ok
08:41:40.0292 5444 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:41:40.0308 5444 AsyncMac - ok
08:41:40.0339 5444 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:41:40.0339 5444 atapi - ok
08:41:40.0417 5444 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:41:40.0432 5444 AtiHDAudioService - ok
08:41:40.0479 5444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:41:40.0495 5444 AudioEndpointBuilder - ok
08:41:40.0526 5444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:41:40.0526 5444 AudioSrv - ok
08:41:40.0573 5444 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:41:40.0573 5444 AxInstSV - ok
08:41:40.0651 5444 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:41:40.0651 5444 b06bdrv - ok
08:41:40.0698 5444 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:41:40.0713 5444 b57nd60a - ok
08:41:40.0791 5444 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
08:41:40.0807 5444 BBSvc - ok
08:41:40.0838 5444 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
08:41:40.0854 5444 BBUpdate - ok
08:41:40.0932 5444 [ 09A19C806110CE839111850EC27E65F5 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
08:41:40.0947 5444 bcbtums - ok
08:41:41.0119 5444 [ D41E6CCB9752F551049D2E0C437DD03D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
08:41:41.0134 5444 BCM43XX - ok
08:41:41.0181 5444 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:41:41.0197 5444 BDESVC - ok
08:41:41.0244 5444 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:41:41.0259 5444 Beep - ok
08:41:41.0306 5444 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:41:41.0306 5444 BFE - ok
08:41:41.0493 5444 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001_5a4\BHDrvx64.sys
08:41:41.0509 5444 BHDrvx64 - ok
08:41:41.0556 5444 BITCOMET_HELPER_SERVICE - ok
08:41:41.0618 5444 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:41:41.0634 5444 BITS - ok
08:41:41.0665 5444 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:41:41.0665 5444 blbdrive - ok
08:41:41.0696 5444 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:41:41.0696 5444 bowser - ok
08:41:41.0712 5444 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:41:41.0727 5444 BrFiltLo - ok
08:41:41.0743 5444 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:41:41.0743 5444 BrFiltUp - ok
08:41:41.0790 5444 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:41:41.0805 5444 BridgeMP - ok
08:41:41.0852 5444 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:41:41.0852 5444 Browser - ok
08:41:41.0883 5444 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:41:41.0883 5444 Brserid - ok
08:41:41.0914 5444 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:41:41.0930 5444 BrSerWdm - ok
08:41:41.0961 5444 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:41:41.0961 5444 BrUsbMdm - ok
08:41:41.0977 5444 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:41:41.0977 5444 BrUsbSer - ok
08:41:42.0008 5444 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:41:42.0039 5444 BthEnum - ok
08:41:42.0055 5444 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:41:42.0070 5444 BTHMODEM - ok
08:41:42.0086 5444 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:41:42.0102 5444 BthPan - ok
08:41:42.0133 5444 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
08:41:42.0148 5444 BTHPORT - ok
08:41:42.0180 5444 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:41:42.0180 5444 bthserv - ok
08:41:42.0211 5444 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
08:41:42.0211 5444 BTHUSB - ok
08:41:42.0242 5444 [ 0E78584D5FACA0509DFA97BD8B635075 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
08:41:42.0273 5444 btwampfl - ok
08:41:42.0273 5444 [ 409C4117E6027672EF41E68ACE1468AD ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
08:41:42.0289 5444 btwaudio - ok
08:41:42.0304 5444 [ 8CA7CABD13316ABACE386D9F380B4CF3 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
08:41:42.0336 5444 btwavdt - ok
08:41:42.0398 5444 [ 1249EDE2280F9A1564C946AFDDCD59D5 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:41:42.0429 5444 btwdins - ok
08:41:42.0460 5444 [ 41933521A618475644B6E8D8487AF326 ] BTWDPAN C:\Windows\system32\DRIVERS\btwdpan.sys
08:41:42.0476 5444 BTWDPAN - ok
08:41:42.0507 5444 [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
08:41:42.0523 5444 btwl2cap - ok
08:41:42.0554 5444 [ 71A04F2D9DEB21B162561EB574D7D629 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
08:41:42.0554 5444 btwrchid - ok
08:41:42.0616 5444 catchme - ok
08:41:42.0679 5444 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
08:41:42.0679 5444 ccSet_NIS - ok
08:41:42.0694 5444 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:41:42.0694 5444 cdfs - ok
08:41:42.0741 5444 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:41:42.0741 5444 cdrom - ok
08:41:42.0788 5444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:41:42.0788 5444 CertPropSvc - ok
08:41:42.0819 5444 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:41:42.0835 5444 circlass - ok
08:41:42.0850 5444 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:41:42.0866 5444 CLFS - ok
08:41:42.0928 5444 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:41:42.0928 5444 clr_optimization_v2.0.50727_32 - ok
08:41:42.0960 5444 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:41:42.0991 5444 clr_optimization_v2.0.50727_64 - ok
08:41:43.0069 5444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:41:43.0069 5444 clr_optimization_v4.0.30319_32 - ok
08:41:43.0100 5444 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:41:43.0116 5444 clr_optimization_v4.0.30319_64 - ok
08:41:43.0162 5444 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
08:41:43.0162 5444 clwvd - ok
08:41:43.0209 5444 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:41:43.0225 5444 CmBatt - ok
08:41:43.0256 5444 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:41:43.0256 5444 cmdide - ok
08:41:43.0303 5444 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:41:43.0318 5444 CNG - ok
08:41:43.0350 5444 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:41:43.0350 5444 Compbatt - ok
08:41:43.0396 5444 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:41:43.0396 5444 CompositeBus - ok
08:41:43.0412 5444 COMSysApp - ok
08:41:43.0428 5444 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:41:43.0443 5444 crcdisk - ok
08:41:43.0474 5444 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:41:43.0474 5444 CryptSvc - ok
08:41:43.0537 5444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:41:43.0552 5444 DcomLaunch - ok
08:41:43.0584 5444 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:41:43.0599 5444 defragsvc - ok
08:41:43.0615 5444 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:41:43.0615 5444 DfsC - ok
08:41:43.0662 5444 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
08:41:43.0677 5444 dg_ssudbus - ok
08:41:43.0708 5444 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:41:43.0708 5444 Dhcp - ok
08:41:43.0755 5444 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:41:43.0755 5444 discache - ok
08:41:43.0786 5444 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:41:43.0802 5444 Disk - ok
08:41:43.0833 5444 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:41:43.0849 5444 Dnscache - ok
08:41:43.0864 5444 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:41:43.0896 5444 dot3svc - ok
08:41:43.0911 5444 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:41:43.0911 5444 DPS - ok
08:41:43.0942 5444 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:41:43.0942 5444 drmkaud - ok
08:41:43.0989 5444 [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:41:44.0005 5444 DXGKrnl - ok
08:41:44.0036 5444 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:41:44.0052 5444 EapHost - ok
08:41:44.0161 5444 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:41:44.0270 5444 ebdrv - ok
08:41:44.0348 5444 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:41:44.0379 5444 eeCtrl - ok
08:41:44.0410 5444 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:41:44.0410 5444 EFS - ok
08:41:44.0473 5444 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:41:44.0504 5444 ehRecvr - ok
08:41:44.0535 5444 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:41:44.0551 5444 ehSched - ok
08:41:44.0598 5444 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:41:44.0613 5444 elxstor - ok
08:41:44.0691 5444 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:41:44.0707 5444 EraserUtilRebootDrv - ok
08:41:44.0722 5444 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:41:44.0738 5444 ErrDev - ok
08:41:44.0785 5444 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:41:44.0800 5444 EventSystem - ok
08:41:44.0832 5444 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:41:44.0832 5444 exfat - ok
08:41:44.0863 5444 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:41:44.0863 5444 fastfat - ok
08:41:44.0910 5444 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:41:44.0941 5444 Fax - ok
08:41:44.0956 5444 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:41:44.0972 5444 fdc - ok
08:41:45.0019 5444 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:41:45.0019 5444 fdPHost - ok
08:41:45.0050 5444 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:41:45.0066 5444 FDResPub - ok
08:41:45.0112 5444 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:41:45.0112 5444 FileInfo - ok
08:41:45.0128 5444 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:41:45.0144 5444 Filetrace - ok
08:41:45.0175 5444 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:41:45.0175 5444 flpydisk - ok
08:41:45.0190 5444 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:41:45.0206 5444 FltMgr - ok
08:41:45.0253 5444 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:41:45.0268 5444 FontCache - ok
08:41:45.0315 5444 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:41:45.0315 5444 FontCache3.0.0.0 - ok
08:41:45.0362 5444 [ F80BDC0D9E7B9595E74B434446AD3781 ] FPLService C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
08:41:45.0378 5444 FPLService - ok
08:41:45.0409 5444 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:41:45.0409 5444 FsDepends - ok
08:41:45.0440 5444 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:41:45.0440 5444 Fs_Rec - ok
08:41:45.0487 5444 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:41:45.0502 5444 fvevol - ok
08:41:45.0549 5444 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:41:45.0565 5444 gagp30kx - ok
08:41:45.0643 5444 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:41:45.0658 5444 GamesAppService - ok
08:41:45.0705 5444 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:41:45.0721 5444 gpsvc - ok
08:41:45.0768 5444 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:41:45.0768 5444 hcw85cir - ok
08:41:45.0799 5444 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:41:45.0799 5444 HdAudAddService - ok
08:41:45.0830 5444 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:41:45.0830 5444 HDAudBus - ok
08:41:45.0861 5444 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:41:45.0861 5444 HidBatt - ok
08:41:45.0892 5444 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:41:45.0892 5444 HidBth - ok
08:41:45.0924 5444 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:41:45.0924 5444 HidIr - ok
08:41:45.0970 5444 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:41:45.0970 5444 hidserv - ok
08:41:46.0002 5444 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:41:46.0002 5444 HidUsb - ok
08:41:46.0033 5444 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:41:46.0033 5444 hkmsvc - ok
08:41:46.0064 5444 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:41:46.0080 5444 HomeGroupListener - ok
08:41:46.0111 5444 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:41:46.0126 5444 HomeGroupProvider - ok
08:41:46.0204 5444 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:41:46.0204 5444 HP Support Assistant Service - ok
08:41:46.0251 5444 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
08:41:46.0267 5444 HPClientSvc - ok
08:41:46.0314 5444 [ E6AB9E7FF923928E9F549FDDFCEDB28A ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
08:41:46.0329 5444 HPDrvMntSvc.exe - ok
08:41:46.0360 5444 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
08:41:46.0376 5444 hpdskflt - ok
08:41:46.0423 5444 [ DBDC0581D4506C13E6BEF48D14B1C55B ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:41:46.0438 5444 hpqwmiex - ok
08:41:46.0454 5444 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:41:46.0454 5444 HpSAMD - ok
08:41:46.0485 5444 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
08:41:46.0485 5444 hpsrv - ok
08:41:46.0548 5444 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
08:41:46.0563 5444 HPWMISVC - ok
08:41:46.0610 5444 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:41:46.0626 5444 HTTP - ok
08:41:46.0657 5444 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:41:46.0672 5444 hwpolicy - ok
08:41:46.0704 5444 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:41:46.0704 5444 i8042prt - ok
08:41:46.0750 5444 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:41:46.0750 5444 iaStorV - ok
08:41:46.0875 5444 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
08:41:46.0906 5444 IconMan_R - ok
08:41:46.0953 5444 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:41:46.0969 5444 idsvc - ok
08:41:47.0047 5444 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121121.001\IDSvia64.sys
08:41:47.0047 5444 IDSVia64 - ok
08:41:47.0094 5444 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:41:47.0094 5444 iirsp - ok
08:41:47.0156 5444 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:41:47.0172 5444 IKEEXT - ok
08:41:47.0203 5444 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:41:47.0203 5444 intelide - ok
08:41:47.0234 5444 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
08:41:47.0234 5444 intelppm - ok
08:41:47.0265 5444 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:41:47.0281 5444 IPBusEnum - ok
08:41:47.0312 5444 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:41:47.0312 5444 IpFilterDriver - ok
08:41:47.0390 5444 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:41:47.0406 5444 iphlpsvc - ok
08:41:47.0421 5444 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:41:47.0437 5444 IPMIDRV - ok
08:41:47.0452 5444 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:41:47.0468 5444 IPNAT - ok
08:41:47.0499 5444 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:41:47.0499 5444 IRENUM - ok
08:41:47.0515 5444 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:41:47.0515 5444 isapnp - ok
08:41:47.0546 5444 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:41:47.0546 5444 iScsiPrt - ok
08:41:47.0562 5444 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:41:47.0562 5444 kbdclass - ok
08:41:47.0593 5444 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:41:47.0608 5444 kbdhid - ok
08:41:47.0640 5444 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:41:47.0640 5444 KeyIso - ok
08:41:47.0655 5444 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:41:47.0671 5444 KSecDD - ok
08:41:47.0686 5444 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:41:47.0702 5444 KSecPkg - ok
08:41:47.0718 5444 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:41:47.0733 5444 ksthunk - ok
08:41:47.0764 5444 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:41:47.0780 5444 KtmRm - ok
08:41:47.0811 5444 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:41:47.0827 5444 LanmanServer - ok
08:41:47.0858 5444 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:41:47.0874 5444 LanmanWorkstation - ok
08:41:47.0905 5444 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:41:47.0920 5444 lltdio - ok
08:41:47.0952 5444 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:41:47.0967 5444 lltdsvc - ok
08:41:47.0998 5444 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:41:48.0014 5444 lmhosts - ok
08:41:48.0045 5444 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:41:48.0045 5444 LSI_FC - ok
08:41:48.0092 5444 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:41:48.0092 5444 LSI_SAS - ok
08:41:48.0108 5444 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:41:48.0108 5444 LSI_SAS2 - ok
08:41:48.0139 5444 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:41:48.0139 5444 LSI_SCSI - ok
08:41:48.0154 5444 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:41:48.0154 5444 luafv - ok
08:41:48.0186 5444 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:41:48.0201 5444 Mcx2Svc - ok
08:41:48.0217 5444 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:41:48.0217 5444 megasas - ok
08:41:48.0264 5444 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:41:48.0264 5444 MegaSR - ok
08:41:48.0295 5444 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:41:48.0295 5444 MMCSS - ok
08:41:48.0326 5444 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:41:48.0326 5444 Modem - ok
08:41:48.0342 5444 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:41:48.0342 5444 monitor - ok
08:41:48.0373 5444 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:41:48.0373 5444 mouclass - ok
08:41:48.0388 5444 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:41:48.0404 5444 mouhid - ok
08:41:48.0435 5444 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:41:48.0451 5444 mountmgr - ok
08:41:48.0466 5444 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:41:48.0466 5444 mpio - ok
08:41:48.0482 5444 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:41:48.0498 5444 mpsdrv - ok
08:41:48.0529 5444 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:41:48.0560 5444 MpsSvc - ok
08:41:48.0576 5444 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:41:48.0576 5444 MRxDAV - ok
08:41:48.0591 5444 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:41:48.0591 5444 mrxsmb - ok
08:41:48.0607 5444 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:41:48.0622 5444 mrxsmb10 - ok
08:41:48.0622 5444 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:41:48.0638 5444 mrxsmb20 - ok
08:41:48.0669 5444 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:41:48.0669 5444 msahci - ok
08:41:48.0685 5444 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:41:48.0685 5444 msdsm - ok
08:41:48.0700 5444 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:41:48.0700 5444 MSDTC - ok
08:41:48.0716 5444 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:41:48.0716 5444 Msfs - ok
08:41:48.0732 5444 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:41:48.0747 5444 mshidkmdf - ok
08:41:48.0763 5444 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:41:48.0763 5444 msisadrv - ok
08:41:48.0794 5444 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:41:48.0810 5444 MSiSCSI - ok
08:41:48.0825 5444 msiserver - ok
08:41:48.0856 5444 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:41:48.0856 5444 MSKSSRV - ok
08:41:48.0872 5444 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:41:48.0872 5444 MSPCLOCK - ok
08:41:48.0888 5444 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:41:48.0888 5444 MSPQM - ok
08:41:48.0903 5444 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:41:48.0919 5444 MsRPC - ok
08:41:48.0934 5444 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:41:48.0934 5444 mssmbios - ok
08:41:48.0950 5444 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:41:48.0950 5444 MSTEE - ok
08:41:48.0966 5444 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:41:48.0966 5444 MTConfig - ok
08:41:48.0981 5444 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:41:48.0981 5444 Mup - ok
08:41:49.0028 5444 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:41:49.0028 5444 napagent - ok
08:41:49.0090 5444 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:41:49.0106 5444 NativeWifiP - ok
08:41:49.0200 5444 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121121.016\ENG64.SYS
08:41:49.0200 5444 NAVENG - ok
08:41:49.0278 5444 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121121.016\EX64.SYS
08:41:49.0309 5444 NAVEX15 - ok
08:41:49.0356 5444 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:41:49.0356 5444 NDIS - ok
08:41:49.0402 5444 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:41:49.0402 5444 NdisCap - ok
08:41:49.0434 5444 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:41:49.0434 5444 NdisTapi - ok
08:41:49.0449 5444 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:41:49.0449 5444 Ndisuio - ok
08:41:49.0465 5444 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:41:49.0480 5444 NdisWan - ok
08:41:49.0496 5444 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:41:49.0512 5444 NDProxy - ok
08:41:49.0527 5444 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:41:49.0527 5444 NetBIOS - ok
08:41:49.0558 5444 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:41:49.0574 5444 NetBT - ok
08:41:49.0590 5444 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:41:49.0605 5444 Netlogon - ok
08:41:49.0636 5444 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:41:49.0652 5444 Netman - ok
08:41:49.0683 5444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:49.0714 5444 NetMsmqActivator - ok
08:41:49.0714 5444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:49.0714 5444 NetPipeActivator - ok
08:41:49.0746 5444 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:41:49.0761 5444 netprofm - ok
08:41:49.0761 5444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:49.0777 5444 NetTcpActivator - ok
08:41:49.0777 5444 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:41:49.0777 5444 NetTcpPortSharing - ok
08:41:49.0808 5444 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:41:49.0808 5444 nfrd960 - ok
08:41:49.0870 5444 [ E127420B7FEB65C7F279EAAC183BBC0E ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
08:41:49.0870 5444 NIS - ok
08:41:49.0902 5444 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:41:49.0917 5444 NlaSvc - ok
08:41:49.0933 5444 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:41:49.0933 5444 Npfs - ok
08:41:49.0964 5444 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:41:49.0980 5444 nsi - ok
08:41:49.0980 5444 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:41:49.0995 5444 nsiproxy - ok
08:41:50.0073 5444 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:41:50.0089 5444 Ntfs - ok
08:41:50.0104 5444 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:41:50.0104 5444 Null - ok
08:41:50.0136 5444 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
08:41:50.0136 5444 NVENETFD - ok
08:41:50.0167 5444 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:41:50.0182 5444 nvraid - ok
08:41:50.0182 5444 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:41:50.0198 5444 nvstor - ok
08:41:50.0214 5444 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:41:50.0229 5444 nv_agp - ok
08:41:50.0260 5444 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:41:50.0260 5444 ohci1394 - ok
08:41:50.0292 5444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:41:50.0307 5444 p2pimsvc - ok
08:41:50.0338 5444 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:41:50.0338 5444 p2psvc - ok
08:41:50.0370 5444 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:41:50.0370 5444 Parport - ok
08:41:50.0401 5444 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:41:50.0416 5444 partmgr - ok
08:41:50.0448 5444 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:41:50.0448 5444 PcaSvc - ok
08:41:50.0479 5444 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:41:50.0494 5444 pci - ok
08:41:50.0526 5444 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:41:50.0526 5444 pciide - ok
08:41:50.0541 5444 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:41:50.0541 5444 pcmcia - ok
08:41:50.0572 5444 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:41:50.0588 5444 pcw - ok
08:41:50.0619 5444 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:41:50.0635 5444 PEAUTH - ok
08:41:50.0728 5444 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:41:50.0728 5444 PerfHost - ok
08:41:50.0806 5444 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:41:50.0822 5444 pla - ok
08:41:50.0869 5444 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:41:50.0869 5444 PlugPlay - ok
08:41:50.0869 5444 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:41:50.0884 5444 PNRPAutoReg - ok
08:41:50.0900 5444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:41:50.0900 5444 PNRPsvc - ok
08:41:50.0947 5444 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:41:50.0947 5444 Point64 - ok
08:41:50.0978 5444 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:41:50.0994 5444 PolicyAgent - ok
08:41:51.0009 5444 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:41:51.0025 5444 Power - ok
08:41:51.0056 5444 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:41:51.0056 5444 PptpMiniport - ok
08:41:51.0087 5444 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:41:51.0087 5444 Processor - ok
08:41:51.0118 5444 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:41:51.0118 5444 ProfSvc - ok
08:41:51.0134 5444 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:41:51.0134 5444 ProtectedStorage - ok
08:41:51.0165 5444 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:41:51.0165 5444 Psched - ok
08:41:51.0243 5444 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:41:51.0259 5444 ql2300 - ok
08:41:51.0290 5444 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:41:51.0290 5444 ql40xx - ok
08:41:51.0321 5444 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:41:51.0337 5444 QWAVE - ok
08:41:51.0352 5444 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:41:51.0352 5444 QWAVEdrv - ok
08:41:51.0384 5444 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:41:51.0384 5444 RasAcd - ok
08:41:51.0415 5444 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:41:51.0430 5444 RasAgileVpn - ok
08:41:51.0430 5444 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:41:51.0446 5444 RasAuto - ok
08:41:51.0462 5444 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:41:51.0462 5444 Rasl2tp - ok
08:41:51.0493 5444 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:41:51.0508 5444 RasMan - ok
08:41:51.0524 5444 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:41:51.0524 5444 RasPppoe - ok
08:41:51.0540 5444 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:41:51.0555 5444 RasSstp - ok
08:41:51.0586 5444 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:41:51.0586 5444 rdbss - ok
08:41:51.0618 5444 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:41:51.0618 5444 rdpbus - ok
08:41:51.0649 5444 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:41:51.0649 5444 RDPCDD - ok
08:41:51.0680 5444 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:41:51.0680 5444 RDPENCDD - ok
08:41:51.0696 5444 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:41:51.0711 5444 RDPREFMP - ok
08:41:51.0742 5444 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:41:51.0742 5444 RDPWD - ok
08:41:51.0789 5444 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:41:51.0789 5444 rdyboost - ok
08:41:51.0820 5444 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:41:51.0820 5444 RemoteAccess - ok
08:41:51.0852 5444 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:41:51.0867 5444 RemoteRegistry - ok
08:41:51.0914 5444 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:41:51.0914 5444 RFCOMM - ok
08:41:51.0930 5444 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:41:51.0930 5444 RpcEptMapper - ok
08:41:51.0945 5444 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:41:51.0961 5444 RpcLocator - ok
08:41:51.0992 5444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
08:41:51.0992 5444 RpcSs - ok
08:41:52.0039 5444 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
08:41:52.0039 5444 RSPCIESTOR - ok
08:41:52.0054 5444 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:41:52.0054 5444 rspndr - ok
08:41:52.0101 5444 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:41:52.0117 5444 RTL8167 - ok
08:41:52.0132 5444 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:41:52.0132 5444 SamSs - ok
08:41:52.0148 5444 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:41:52.0148 5444 sbp2port - ok
08:41:52.0179 5444 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:41:52.0195 5444 SCardSvr - ok
08:41:52.0226 5444 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:41:52.0242 5444 scfilter - ok
08:41:52.0273 5444 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:41:52.0304 5444 Schedule - ok
08:41:52.0335 5444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:41:52.0335 5444 SCPolicySvc - ok
08:41:52.0398 5444 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:41:52.0398 5444 sdbus - ok
08:41:52.0429 5444 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:41:52.0429 5444 SDRSVC - ok
08:41:52.0460 5444 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:41:52.0476 5444 secdrv - ok
08:41:52.0491 5444 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:41:52.0491 5444 seclogon - ok
08:41:52.0507 5444 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:41:52.0522 5444 SENS - ok
08:41:52.0538 5444 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:41:52.0554 5444 SensrSvc - ok
08:41:52.0585 5444 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:41:52.0600 5444 Serenum - ok
08:41:52.0632 5444 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:41:52.0647 5444 Serial - ok
08:41:52.0663 5444 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:41:52.0663 5444 sermouse - ok
08:41:52.0710 5444 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:41:52.0710 5444 SessionEnv - ok
08:41:52.0725 5444 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:41:52.0741 5444 sffdisk - ok
08:41:52.0756 5444 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:41:52.0756 5444 sffp_mmc - ok
08:41:52.0772 5444 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:41:52.0788 5444 sffp_sd - ok
08:41:52.0803 5444 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:41:52.0803 5444 sfloppy - ok
08:41:52.0834 5444 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:41:52.0834 5444 SharedAccess - ok
08:41:52.0881 5444 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:41:52.0881 5444 ShellHWDetection - ok
08:41:52.0912 5444 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:41:52.0928 5444 SiSRaid2 - ok
08:41:52.0944 5444 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:41:52.0944 5444 SiSRaid4 - ok
08:41:53.0100 5444 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
08:41:53.0131 5444 Skype C2C Service - ok
08:41:53.0162 5444 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:41:53.0178 5444 SkypeUpdate - ok
08:41:53.0224 5444 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:41:53.0224 5444 Smb - ok
08:41:53.0271 5444 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:41:53.0302 5444 SNMPTRAP - ok
08:41:53.0318 5444 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:41:53.0318 5444 spldr - ok
08:41:53.0365 5444 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:41:53.0380 5444 Spooler - ok
08:41:53.0474 5444 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:41:53.0568 5444 sppsvc - ok
08:41:53.0583 5444 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:41:53.0583 5444 sppuinotify - ok
08:41:53.0661 5444 [ 1321A6C3C92BBD3F3BBE1292CFF8E91A ] SRTSP C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
08:41:53.0661 5444 SRTSP - ok
08:41:53.0692 5444 [ BD129C22C3B8C2E584227269DFA77B09 ] SRTSPX C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
08:41:53.0692 5444 SRTSPX - ok
08:41:53.0724 5444 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:41:53.0755 5444 srv - ok
08:41:53.0770 5444 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:41:53.0786 5444 srv2 - ok
08:41:53.0817 5444 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:41:53.0817 5444 SrvHsfHDA - ok
08:41:53.0880 5444 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:41:53.0895 5444 SrvHsfV92 - ok
08:41:53.0927 5444 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:41:53.0942 5444 SrvHsfWinac - ok
08:41:53.0973 5444 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:41:53.0973 5444 srvnet - ok
08:41:54.0005 5444 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:41:54.0020 5444 SSDPSRV - ok
08:41:54.0051 5444 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:41:54.0067 5444 SstpSvc - ok
08:41:54.0114 5444 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
08:41:54.0145 5444 ssudmdm - ok
08:41:54.0254 5444 [ D30FE3ECF1D6D521365FAE307B500BC0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
08:41:54.0254 5444 STacSV - ok
08:41:54.0285 5444 Steam Client Service - ok
08:41:54.0301 5444 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:41:54.0317 5444 stexstor - ok
08:41:54.0363 5444 [ 6F69D75F50E8FAF1003AA6CFB18B91EC ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:41:54.0395 5444 STHDA - ok
08:41:54.0441 5444 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:41:54.0457 5444 stisvc - ok
08:41:54.0488 5444 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:41:54.0488 5444 swenum - ok
08:41:54.0519 5444 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:41:54.0535 5444 swprv - ok
08:41:54.0582 5444 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
08:41:54.0582 5444 SymDS - ok
08:41:54.0613 5444 [ FE29B18BF86FFCD55D8733C9B01E5042 ] SymEFA C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
08:41:54.0629 5444 SymEFA - ok
08:41:54.0644 5444 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:41:54.0660 5444 SymEvent - ok
08:41:54.0691 5444 [ DD70DA422460FDED831D211DF151D560 ] SymIRON C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
08:41:54.0691 5444 SymIRON - ok
08:41:54.0707 5444 [ BCE4EB2EEF05E388959B46FD21388C2D ] SymNetS C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
08:41:54.0722 5444 SymNetS - ok
08:41:54.0800 5444 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:41:54.0831 5444 SynTP - ok
08:41:54.0878 5444 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:41:54.0909 5444 SysMain - ok
08:41:54.0925 5444 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:41:54.0925 5444 TabletInputService - ok
08:41:54.0925 5444 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:41:54.0941 5444 TapiSrv - ok
08:41:54.0956 5444 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:41:54.0956 5444 TBS - ok
08:41:55.0034 5444 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:41:55.0065 5444 Tcpip - ok
08:41:55.0081 5444 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:41:55.0097 5444 TCPIP6 - ok
08:41:55.0112 5444 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:41:55.0128 5444 tcpipreg - ok
08:41:55.0159 5444 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:41:55.0159 5444 TDPIPE - ok
08:41:55.0190 5444 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:41:55.0190 5444 TDTCP - ok
08:41:55.0221 5444 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:41:55.0221 5444 tdx - ok
08:41:55.0253 5444 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:41:55.0253 5444 TermDD - ok
08:41:55.0299 5444 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:41:55.0315 5444 TermService - ok
08:41:55.0331 5444 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:41:55.0331 5444 Themes - ok
08:41:55.0362 5444 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:41:55.0362 5444 THREADORDER - ok
08:41:55.0393 5444 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:41:55.0393 5444 TrkWks - ok
08:41:55.0440 5444 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:41:55.0440 5444 TrustedInstaller - ok
08:41:55.0471 5444 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:41:55.0471 5444 tssecsrv - ok
08:41:55.0487 5444 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:41:55.0502 5444 TsUsbFlt - ok
08:41:55.0502 5444 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:41:55.0518 5444 TsUsbGD - ok
08:41:55.0549 5444 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:41:55.0549 5444 tunnel - ok
08:41:55.0580 5444 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:41:55.0580 5444 uagp35 - ok
08:41:55.0596 5444 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:41:55.0611 5444 udfs - ok
08:41:55.0643 5444 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:41:55.0658 5444 UI0Detect - ok
08:41:55.0689 5444 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:41:55.0689 5444 uliagpkx - ok
08:41:55.0721 5444 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:41:55.0721 5444 umbus - ok
08:41:55.0752 5444 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:41:55.0767 5444 UmPass - ok
08:41:55.0799 5444 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:41:55.0814 5444 upnphost - ok
08:41:55.0845 5444 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:41:55.0845 5444 usbccgp - ok
08:41:55.0892 5444 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:41:55.0892 5444 usbcir - ok
08:41:55.0908 5444 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:41:55.0908 5444 usbehci - ok
08:41:55.0939 5444 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:41:55.0955 5444 usbhub - ok
08:41:55.0970 5444 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:41:55.0986 5444 usbohci - ok
08:41:56.0017 5444 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:41:56.0033 5444 usbprint - ok
08:41:56.0048 5444 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:41:56.0048 5444 USBSTOR - ok
08:41:56.0079 5444 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:41:56.0079 5444 usbuhci - ok
08:41:56.0111 5444 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:41:56.0126 5444 usbvideo - ok
08:41:56.0157 5444 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:41:56.0157 5444 UxSms - ok
08:41:56.0173 5444 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:41:56.0173 5444 VaultSvc - ok
08:41:56.0204 5444 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:41:56.0204 5444 vdrvroot - ok
08:41:56.0235 5444 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:41:56.0235 5444 vds - ok
08:41:56.0251 5444 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:41:56.0282 5444 vga - ok
08:41:56.0282 5444 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:41:56.0298 5444 VgaSave - ok
08:41:56.0313 5444 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:41:56.0313 5444 vhdmp - ok
08:41:56.0329 5444 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:41:56.0345 5444 viaide - ok
08:41:56.0360 5444 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:41:56.0360 5444 volmgr - ok
08:41:56.0391 5444 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:41:56.0407 5444 volmgrx - ok
08:41:56.0423 5444 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:41:56.0438 5444 volsnap - ok
08:41:56.0454 5444 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:41:56.0454 5444 vsmraid - ok
08:41:56.0532 5444 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:41:56.0547 5444 VSS - ok
08:41:56.0579 5444 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:41:56.0579 5444 vwifibus - ok
08:41:56.0610 5444 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:41:56.0610 5444 vwififlt - ok
08:41:56.0641 5444 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:41:56.0657 5444 W32Time - ok
08:41:56.0688 5444 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:41:56.0688 5444 WacomPen - ok
08:41:56.0719 5444 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:41:56.0719 5444 WANARP - ok
08:41:56.0735 5444 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:41:56.0750 5444 Wanarpv6 - ok
08:41:56.0828 5444 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:41:56.0859 5444 WatAdminSvc - ok
08:41:56.0937 5444 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:41:56.0969 5444 wbengine - ok
08:41:57.0000 5444 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:41:57.0000 5444 WbioSrvc - ok
08:41:57.0015 5444 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:41:57.0015 5444 wcncsvc - ok
08:41:57.0047 5444 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:41:57.0062 5444 WcsPlugInService - ok
08:41:57.0093 5444 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:41:57.0093 5444 Wd - ok
08:41:57.0140 5444 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:41:57.0171 5444 Wdf01000 - ok
08:41:57.0203 5444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:41:57.0203 5444 WdiServiceHost - ok
08:41:57.0218 5444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:41:57.0218 5444 WdiSystemHost - ok
08:41:57.0234 5444 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:41:57.0249 5444 WebClient - ok
08:41:57.0265 5444 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:41:57.0281 5444 Wecsvc - ok
08:41:57.0296 5444 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:41:57.0312 5444 wercplsupport - ok
08:41:57.0343 5444 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:41:57.0343 5444 WerSvc - ok
08:41:57.0374 5444 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:41:57.0374 5444 WfpLwf - ok
08:41:57.0405 5444 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:41:57.0405 5444 WIMMount - ok
08:41:57.0421 5444 WinDefend - ok
08:41:57.0437 5444 WinHttpAutoProxySvc - ok
08:41:57.0499 5444 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:41:57.0499 5444 Winmgmt - ok
08:41:57.0593 5444 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:41:57.0608 5444 WinRM - ok
08:41:57.0655 5444 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
08:41:57.0655 5444 WinUsb - ok
08:41:57.0702 5444 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:41:57.0717 5444 Wlansvc - ok
08:41:57.0764 5444 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:41:57.0780 5444 wlcrasvc - ok
08:41:57.0873 5444 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:41:57.0905 5444 wlidsvc - ok
08:41:57.0920 5444 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:41:57.0920 5444 WmiAcpi - ok
08:41:57.0951 5444 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:41:57.0967 5444 wmiApSrv - ok
08:41:57.0983 5444 WMPNetworkSvc - ok
08:41:58.0014 5444 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:41:58.0029 5444 WPCSvc - ok
08:41:58.0061 5444 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:41:58.0061 5444 WPDBusEnum - ok
08:41:58.0092 5444 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:41:58.0092 5444 ws2ifsl - ok
08:41:58.0107 5444 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:41:58.0107 5444 wscsvc - ok
08:41:58.0123 5444 WSearch - ok
08:41:58.0201 5444 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:41:58.0232 5444 wuauserv - ok
08:41:58.0263 5444 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:41:58.0279 5444 WudfPf - ok
08:41:58.0310 5444 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:41:58.0326 5444 WUDFRd - ok
08:41:58.0357 5444 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:41:58.0373 5444 wudfsvc - ok
08:41:58.0404 5444 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
08:41:58.0419 5444 WwanSvc - ok
08:41:58.0435 5444 ================ Scan global ===============================
08:41:58.0466 5444 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:41:58.0497 5444 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:41:58.0513 5444 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
08:41:58.0544 5444 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:41:58.0591 5444 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:41:58.0607 5444 [Global] - ok
08:41:58.0607 5444 ================ Scan MBR ==================================
08:41:58.0607 5444 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:41:58.0841 5444 \Device\Harddisk0\DR0 - ok
08:41:58.0841 5444 ================ Scan VBR ==================================
08:41:58.0856 5444 [ BECEBAD867C815B938D5E4EDD69CAE46 ] \Device\Harddisk0\DR0\Partition1
08:41:58.0856 5444 \Device\Harddisk0\DR0\Partition1 - ok
08:41:58.0872 5444 [ 99CD9612FC82B0731A6086F162E13363 ] \Device\Harddisk0\DR0\Partition2
08:41:58.0872 5444 \Device\Harddisk0\DR0\Partition2 - ok
08:41:58.0903 5444 [ CB2FCE3BBF5DE0A753673C62F16D3E27 ] \Device\Harddisk0\DR0\Partition3
08:41:58.0919 5444 \Device\Harddisk0\DR0\Partition3 - ok
08:41:58.0934 5444 [ 0191237F91EB174E371EA1A42BCE5E07 ] \Device\Harddisk0\DR0\Partition4
08:41:58.0934 5444 \Device\Harddisk0\DR0\Partition4 - ok
08:41:58.0934 5444 ============================================================
08:41:58.0934 5444 Scan finished
08:41:58.0934 5444 ============================================================
08:41:58.0950 5920 Detected object count: 0
08:41:58.0950 5920 Actual detected object count: 0
08:42:26.0671 1320 Deinitialize success







aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-22 08:44:07
-----------------------------
08:44:07.219 OS Version: Windows x64 6.1.7601 Service Pack 1
08:44:07.219 Number of processors: 4 586 0x100
08:44:07.219 ComputerName: J5ISCOOL-HP UserName: J5iscool
08:44:08.587 Initialize success
08:45:41.546 AVAST engine defs: 12112200
08:46:11.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
08:46:11.881 Disk 0 Vendor: ST750LM0 2AR1 Size: 715404MB BusType: 11
08:46:11.901 Disk 0 MBR read successfully
08:46:11.901 Disk 0 MBR scan
08:46:11.901 Disk 0 Windows 7 default MBR code
08:46:11.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:46:11.931 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690000 MB offset 409600
08:46:11.963 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21141 MB offset 1413529600
08:46:11.983 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
08:46:12.026 Disk 0 scanning C:\Windows\system32\drivers
08:46:23.063 Service scanning
08:46:47.118 Modules scanning
08:46:47.118 Disk 0 trace - called modules:
08:46:47.138 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
08:46:47.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e60060]
08:46:47.148 3 CLASSPNP.SYS[fffff8800196843f] -> nt!IofCallDriver -> [0xfffffa8005b19950]
08:46:47.158 5 hpdskflt.sys[fffff8800190f189] -> nt!IofCallDriver -> [0xfffffa800595d040]
08:46:47.158 7 amd_xata.sys[fffff8800109ca1d] -> nt!IofCallDriver -> [0xfffffa8005961410]
08:46:47.168 9 ACPI.sys[fffff88000fb07a1] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8005960060]
08:46:48.766 AVAST engine scan C:\Windows
08:46:52.781 AVAST engine scan C:\Windows\system32
08:50:35.265 AVAST engine scan C:\Windows\system32\drivers
08:51:13.937 AVAST engine scan C:\Users\J5iscool
08:55:55.362 AVAST engine scan C:\ProgramData
08:57:05.827 Scan finished successfully
08:57:17.028 Disk 0 MBR has been saved successfully to "C:\Users\J5iscool\Desktop\MBR.dat"
08:57:17.028 The log file has been saved successfully to "C:\Users\J5iscool\Desktop\aswMBR.txt"



Thanks again for your help.
  • 0

#8
gringo_pr
Posted 22 November 2012 - 11:04 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#9
j5iscool
Posted 22 November 2012 - 01:46 PM

j5iscool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Gringo,

Computer is still having same issue of bluesceen crash while watching hi def videos on vlc.(bluescreen mentioned memory_Storage) after running your last instructions. here is the log.

ComboFix 12-11-22.03 - J5iscool 11/22/2012 10:38:06.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3511 [GMT -8:00]
Running from: c:\users\J5iscool\Desktop\Scans and malware\ComboFix.exe
Command switches used :: c:\users\J5iscool\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
.
---- Previous Run -------
.
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 18:53 . 2012-11-22 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 17:43 . 2012-11-22 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-22 17:43 . 2012-11-22 17:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-22 17:43 . 2012-11-22 17:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-22 17:43 . 2012-11-22 17:42 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-22 17:42 . 2012-11-22 17:42 -------- d-----w- c:\program files (x86)\Java
2012-11-22 17:40 . 2012-11-22 17:40 -------- d-----w- c:\programdata\McAfee
2012-11-21 06:39 . 2012-11-21 06:39 -------- d-----w- c:\program files (x86)\MyFree Codec
2012-11-19 13:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 13:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 13:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 13:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 13:46 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 13:46 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 13:46 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 13:46 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 13:46 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 13:46 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 13:46 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\users\J5iscool\AppData\Roaming\SpeedMaxPc
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\users\J5iscool\AppData\Roaming\DriverCure
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\program files (x86)\Common Files\SpeedMaxPc
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\programdata\SpeedMaxPc
2012-11-18 15:35 . 2012-11-18 15:35 -------- d-----w- c:\program files (x86)\SpeedMaxPc
2012-11-18 15:35 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-18 15:33 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-18 15:33 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-03 17:40 . 2012-11-03 17:40 -------- d-----w- C:\Temp
2012-11-03 17:09 . 2012-11-03 17:09 -------- d-----w- c:\users\J5iscool\AppData\Local\Samsung
2012-11-03 17:09 . 2012-11-21 06:35 -------- d-----w- c:\users\J5iscool\AppData\Roaming\Samsung
2012-11-03 16:58 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-11-03 16:58 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-11-03 16:57 . 2012-09-27 03:57 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-11-03 16:57 . 2012-11-03 16:57 -------- d-----w- c:\program files (x86)\MarkAny
2012-11-03 16:57 . 2012-09-27 03:57 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-11-03 16:56 . 2012-11-03 17:06 -------- d-----w- c:\programdata\Samsung
2012-11-03 16:56 . 2012-11-03 16:58 -------- d-----w- c:\program files (x86)\Samsung
2012-11-03 16:49 . 2012-11-03 16:49 -------- d-----w- c:\users\J5iscool\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 13:47 . 2012-08-20 23:51 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-21 05:16 . 2012-09-01 12:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-21 05:16 . 2011-11-08 18:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 08:44 . 2012-10-06 08:45 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-10-06 08:44 . 2012-10-06 08:45 654336 ------w- c:\windows\system32\stapi64.dll
2012-10-06 08:44 . 2012-10-06 08:45 448512 ----a-w- c:\windows\system32\stcplx64.dll
2012-10-06 08:44 . 2012-10-06 08:45 1987072 ----a-w- c:\windows\system32\stapo64.dll
2012-10-06 08:44 . 2012-07-23 16:58 4444672 ----a-w- c:\windows\system32\stlang64.dll
2012-10-06 08:44 . 2012-07-23 16:58 1425408 ----a-w- c:\windows\sttray64.exe
2012-10-06 08:44 . 2012-07-23 16:58 251904 ----a-w- c:\windows\system32\staco64.dll
2012-10-06 08:44 . 2012-07-23 16:58 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-10-06 08:44 . 2012-07-23 16:58 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-10-06 08:44 . 2012-07-23 16:58 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2012-10-06 08:44 . 2012-07-23 16:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-10-06 08:44 . 2012-07-23 16:58 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-10-06 08:44 . 2012-07-23 16:58 5298688 ----a-w- c:\windows\system32\IDTNHP.dll
2012-10-06 08:44 . 2012-07-23 16:58 249344 ----a-w- c:\windows\system32\IDTNJ.exe
2012-10-06 08:44 . 2012-07-23 16:58 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-10-06 08:44 . 2012-07-23 16:58 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-10-06 08:44 . 2012-07-23 16:58 1085440 ----a-w- c:\windows\system32\IDTNX.dll
2012-10-06 08:43 . 2012-07-23 17:01 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-10-06 08:43 . 2012-07-23 17:01 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-10-06 08:43 . 2012-07-23 17:01 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-10-06 08:43 . 2012-07-23 17:01 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-10-06 08:43 . 2012-07-23 17:01 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-09-27 03:57 . 2012-09-27 03:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-09-27 03:57 . 2012-09-27 03:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-27 03:57 . 2012-09-27 03:57 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-09-27 03:57 . 2012-09-27 03:57 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-09-27 03:57 . 2012-09-27 03:57 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-27 03:57 . 2012-09-27 03:57 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-27 03:57 . 2012-09-27 03:57 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-27 03:57 . 2012-09-27 03:57 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-09-27 03:57 . 2012-09-27 03:57 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-27 03:57 . 2012-09-27 03:57 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-09-27 03:57 . 2012-09-27 03:57 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-09-27 03:57 . 2012-09-27 03:57 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-09-27 03:57 . 2012-09-27 03:57 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-09-27 03:57 . 2012-09-27 03:57 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-09-27 03:57 . 2012-09-27 03:57 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-09-27 03:57 . 2012-09-27 03:57 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-09-27 03:57 . 2012-09-27 03:57 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-09-27 03:57 . 2012-09-27 03:57 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-09-27 03:57 . 2012-09-27 03:57 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-09-27 03:57 . 2012-09-27 03:57 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-09-27 03:57 . 2012-09-27 03:57 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-09-27 03:57 . 2012-09-27 03:57 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-09-27 03:57 . 2012-09-27 03:57 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-09-27 03:57 . 2012-09-27 03:57 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-09-27 03:57 . 2012-09-27 03:57 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-09-27 03:57 . 2012-09-27 03:57 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-09-27 03:57 . 2012-09-27 03:57 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-09-27 03:57 . 2012-09-27 03:57 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-09-14 19:19 . 2012-10-10 00:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 00:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 00:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 00:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 00:19 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 00:19 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 13:46 . 2012-08-30 13:46 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-30 13:46 . 2012-08-30 13:46 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-11-12 968120]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-11-01 577536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-11-12 309688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-10-06 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001_5a4\BHDrvx64.sys [2012-11-07 1384608]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121121.001\IDSvia64.sys [2012-11-17 513184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 451192]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 1084536]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 189560]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 401016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 99215133
*NewlyCreated* - ASWMBR
*Deregistered* - 99215133
*Deregistered* - aswMBR
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
msiexec [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 05:16]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForJ5iscool.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-11-22 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-11-19 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2012-06-26 21:32]
.
2012-11-21 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2012-11-09 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-06 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://movies.netflix.com/WiHome
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-22 11:24:05
ComboFix-quarantined-files.txt 2012-11-22 19:23
.
Pre-Run: 543,039,651,840 bytes free
Post-Run: 542,769,569,792 bytes free
.
- - End Of File - - 20B83021F9529762081879A845EDAAA0
  • 0

#10
gringo_pr
Posted 22 November 2012 - 07:28 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
have you tried to reinstall the program that you are using to watch the movies


gringo
  • 0

#11
j5iscool
Posted 23 November 2012 - 11:48 AM

j5iscool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Gringo,

I reinstalled VLC as you sugested but before that I got a bluescreen crash when I was simply checking my gmail on Opera web Browser today. I may have been runninng a few other programs simultaneously when it crashed.

Bluescreen crash again mentioned memory_management.

Thanks for your continued interest and help. It is a most frustrating issue.

-J5
  • 0

#12
gringo_pr
Posted 24 November 2012 - 11:04 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
gringo_pr
Posted 30 November 2012 - 11:12 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#14
gringo_pr
Posted 05 December 2012 - 07:08 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#15
gringo_pr
Posted 08 December 2012 - 12:45 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP