The infection prevents me from running aswMBR

[ken545]

Good Morning,

Its still there Actually outside of this problem your log does not look to bad.


Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Post the log from TDSSkiller and then run a new scan with OTL and post a new log please, there wont be any extras log on the second run so dont worry about it

[polij79]

Hello, One of two logs.

20:52:28.0261 7636 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:52:30.0274 7636 ============================================================
20:52:30.0274 7636 Current date / time: 2013/04/14 20:52:30.0274
20:52:30.0274 7636 SystemInfo:
20:52:30.0274 7636
20:52:30.0274 7636 OS Version: 6.1.7601 ServicePack: 1.0
20:52:30.0274 7636 Product type: Workstation
20:52:30.0274 7636 ComputerName: ALEXIS-HP
20:52:30.0274 7636 UserName: ALEXIS
20:52:30.0274 7636 Windows directory: C:\Windows
20:52:30.0274 7636 System windows directory: C:\Windows
20:52:30.0274 7636 Running under WOW64
20:52:30.0274 7636 Processor architecture: Intel x64
20:52:30.0274 7636 Number of processors: 2
20:52:30.0274 7636 Page size: 0x1000
20:52:30.0274 7636 Boot type: Normal boot
20:52:30.0274 7636 ============================================================
20:52:37.0044 7636 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:37.0075 7636 ============================================================
20:52:37.0075 7636 \Device\Harddisk0\DR0:
20:52:37.0107 7636 MBR partitions:
20:52:37.0107 7636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:52:37.0107 7636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x237A8000
20:52:37.0107 7636 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2380C000, BlocksNum 0x1BEE800
20:52:37.0107 7636 ============================================================
20:52:37.0325 7636 C: <-> \Device\Harddisk0\DR0\Partition2
20:52:37.0543 7636 D: <-> \Device\Harddisk0\DR0\Partition3
20:52:37.0871 7636 ============================================================
20:52:37.0871 7636 Initialize success
20:52:37.0871 7636 ============================================================
20:53:04.0625 3732 ============================================================
20:53:04.0625 3732 Scan started
20:53:04.0625 3732 Mode: Manual;
20:53:04.0625 3732 ============================================================
20:53:47.0432 3732 ================ Scan system memory ========================
20:53:47.0432 3732 System memory - ok
20:53:47.0447 3732 ================ Scan services =============================
20:54:03.0968 3732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:54:04.0124 3732 1394ohci - ok
20:54:04.0529 3732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:54:04.0529 3732 ACPI - ok
20:54:04.0950 3732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:54:04.0950 3732 AcpiPmi - ok
20:54:17.0056 3732 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:54:17.0103 3732 AdobeFlashPlayerUpdateSvc - ok
20:54:17.0774 3732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:54:18.0039 3732 adp94xx - ok
20:54:18.0507 3732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:54:18.0741 3732 adpahci - ok
20:54:19.0084 3732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:54:19.0146 3732 adpu320 - ok
20:54:19.0458 3732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:54:19.0770 3732 AeLookupSvc - ok
20:54:20.0550 3732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:54:20.0582 3732 AFD - ok
20:54:20.0847 3732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:54:20.0847 3732 agp440 - ok
20:54:21.0315 3732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:54:21.0330 3732 ALG - ok
20:54:21.0705 3732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:54:21.0845 3732 aliide - ok
20:54:22.0454 3732 [ 850F0C8034225FA3F50D551A905FA503 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:54:22.0547 3732 AMD External Events Utility - ok
20:54:23.0234 3732 AMD FUEL Service - ok
20:54:23.0811 3732 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:54:24.0107 3732 AMD Reservation Manager - ok
20:54:24.0450 3732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:54:24.0513 3732 amdide - ok
20:54:25.0090 3732 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
20:54:25.0168 3732 amdiox64 - ok
20:54:25.0542 3732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:54:25.0558 3732 AmdK8 - ok
20:54:34.0060 3732 [ 7979BF4A66EFDADF3D00A052409609B1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:54:34.0544 3732 amdkmdag - ok
20:54:35.0511 3732 [ 7D5CDB0161E91951D3DD99E55CEA4D01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:54:35.0698 3732 amdkmdap - ok
20:54:36.0026 3732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:54:36.0197 3732 AmdPPM - ok
20:54:36.0618 3732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:54:36.0712 3732 amdsata - ok
20:54:37.0227 3732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:54:37.0367 3732 amdsbs - ok
20:54:37.0632 3732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:54:37.0710 3732 amdxata - ok
20:54:37.0866 3732 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
20:54:37.0960 3732 amd_sata - ok
20:54:38.0085 3732 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
20:54:38.0132 3732 amd_xata - ok
20:54:38.0522 3732 [ 27466E519371C6FC3A39B1F7B8A297FC ] androidusb C:\Windows\system32\Drivers\androidusb.sys
20:54:38.0600 3732 androidusb - ok
20:54:39.0192 3732 AntiLog32 - ok
20:54:40.0050 3732 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
20:54:40.0144 3732 AntiSpywareService - ok
20:54:40.0706 3732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:54:40.0830 3732 AppID - ok
20:54:40.0940 3732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:54:41.0002 3732 AppIDSvc - ok
20:54:41.0298 3732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:54:41.0345 3732 Appinfo - ok
20:54:41.0954 3732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:54:42.0016 3732 arc - ok
20:54:42.0266 3732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:54:42.0375 3732 arcsas - ok
20:54:42.0640 3732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:42.0656 3732 AsyncMac - ok
20:54:42.0952 3732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:54:43.0014 3732 atapi - ok
20:54:43.0451 3732 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:54:43.0482 3732 AtiHdmiService - ok
20:54:43.0748 3732 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:54:43.0810 3732 AtiPcie - ok
20:54:44.0528 3732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:54:44.0559 3732 AudioEndpointBuilder - ok
20:54:45.0011 3732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:54:45.0011 3732 AudioSrv - ok
20:54:45.0947 3732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:54:46.0010 3732 AxInstSV - ok
20:54:46.0462 3732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:54:46.0524 3732 b06bdrv - ok
20:54:46.0805 3732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:54:46.0883 3732 b57nd60a - ok
20:54:48.0209 3732 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:54:48.0396 3732 BCM43XX - ok
20:54:48.0490 3732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:54:48.0584 3732 BDESVC - ok
20:54:48.0708 3732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:54:48.0786 3732 Beep - ok
20:54:49.0488 3732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:54:49.0676 3732 BFE - ok
20:54:51.0454 3732 [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
20:54:51.0657 3732 BHDrvx64 - ok
20:54:52.0390 3732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:54:53.0108 3732 BITS - ok
20:54:53.0295 3732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:53.0482 3732 blbdrive - ok
20:54:53.0747 3732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:54:53.0872 3732 bowser - ok
20:54:54.0059 3732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:54.0168 3732 BrFiltLo - ok
20:54:54.0246 3732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:54.0324 3732 BrFiltUp - ok
20:54:54.0995 3732 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:54:55.0073 3732 BridgeMP - ok
20:54:55.0354 3732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:54:55.0401 3732 Browser - ok
20:54:55.0682 3732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:54:56.0009 3732 Brserid - ok
20:54:56.0243 3732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:56.0399 3732 BrSerWdm - ok
20:54:56.0711 3732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:57.0086 3732 BrUsbMdm - ok
20:54:57.0210 3732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:57.0382 3732 BrUsbSer - ok
20:54:57.0663 3732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:57.0741 3732 BTHMODEM - ok
20:54:58.0100 3732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:54:58.0334 3732 bthserv - ok
20:54:58.0927 3732 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys
20:54:59.0036 3732 ccSet_NIS - ok
20:54:59.0301 3732 [ 0E1737A63AEC0F6DE231BB59836C0A11 ] ccSet_NOF C:\Windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys
20:54:59.0332 3732 ccSet_NOF - ok
20:54:59.0878 3732 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NST C:\Windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys
20:54:59.0972 3732 ccSet_NST - ok
20:55:00.0143 3732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:55:00.0175 3732 cdfs - ok
20:55:00.0362 3732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:55:00.0471 3732 cdrom - ok
20:55:00.0705 3732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:55:00.0736 3732 CertPropSvc - ok
20:55:00.0970 3732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:55:01.0017 3732 circlass - ok
20:55:01.0189 3732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:55:01.0204 3732 CLFS - ok
20:55:01.0688 3732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:55:02.0296 3732 clr_optimization_v2.0.50727_32 - ok
20:55:03.0887 3732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:55:05.0432 3732 clr_optimization_v2.0.50727_64 - ok
20:55:09.0191 3732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:55:10.0985 3732 clr_optimization_v4.0.30319_32 - ok
20:55:12.0826 3732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:55:13.0013 3732 clr_optimization_v4.0.30319_64 - ok
20:55:13.0481 3732 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
20:55:13.0513 3732 clwvd - ok
20:55:14.0059 3732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:55:14.0074 3732 CmBatt - ok
20:55:14.0183 3732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:55:14.0199 3732 cmdide - ok
20:55:14.0511 3732 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:55:14.0527 3732 CNG - ok
20:55:15.0338 3732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:55:15.0509 3732 Compbatt - ok
20:55:16.0383 3732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:55:16.0399 3732 CompositeBus - ok
20:55:16.0679 3732 COMSysApp - ok
20:55:17.0007 3732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:55:17.0023 3732 crcdisk - ok
20:55:17.0693 3732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:55:17.0756 3732 CryptSvc - ok
20:55:19.0565 3732 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:55:19.0690 3732 cvhsvc - ok
20:55:20.0189 3732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:55:20.0267 3732 DcomLaunch - ok
20:55:20.0720 3732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:55:20.0751 3732 defragsvc - ok
20:55:21.0032 3732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:55:21.0063 3732 DfsC - ok
20:55:21.0406 3732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:55:21.0422 3732 Dhcp - ok
20:55:21.0593 3732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:55:21.0609 3732 discache - ok
20:55:21.0718 3732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:55:21.0734 3732 Disk - ok
20:55:22.0124 3732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:55:22.0139 3732 Dnscache - ok
20:55:22.0389 3732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:55:22.0654 3732 dot3svc - ok
20:55:23.0138 3732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:55:23.0169 3732 DPS - ok
20:55:23.0294 3732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:55:23.0372 3732 drmkaud - ok
20:55:24.0121 3732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:55:24.0136 3732 DXGKrnl - ok
20:55:24.0557 3732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:55:24.0635 3732 EapHost - ok
20:55:27.0272 3732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:55:27.0599 3732 ebdrv - ok
20:55:29.0471 3732 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:55:29.0534 3732 eeCtrl - ok
20:55:29.0861 3732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:55:30.0002 3732 EFS - ok
20:55:31.0234 3732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:55:31.0655 3732 ehRecvr - ok
20:55:32.0139 3732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:55:32.0545 3732 ehSched - ok
20:55:33.0527 3732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:55:33.0917 3732 elxstor - ok
20:55:35.0321 3732 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:55:35.0633 3732 EraserUtilRebootDrv - ok
20:55:35.0883 3732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:55:36.0164 3732 ErrDev - ok
20:55:38.0051 3732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:55:38.0176 3732 EventSystem - ok
20:55:38.0379 3732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:55:38.0395 3732 exfat - ok
20:55:38.0675 3732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:55:38.0769 3732 fastfat - ok
20:55:40.0142 3732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:55:40.0189 3732 Fax - ok
20:55:40.0423 3732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:55:40.0813 3732 fdc - ok
20:55:41.0000 3732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:55:41.0015 3732 fdPHost - ok
20:55:41.0281 3732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:55:41.0296 3732 FDResPub - ok
20:55:41.0390 3732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:55:41.0639 3732 FileInfo - ok
20:55:41.0764 3732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:55:41.0842 3732 Filetrace - ok
20:55:41.0983 3732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:55:41.0983 3732 flpydisk - ok
20:55:42.0575 3732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:55:42.0653 3732 FltMgr - ok
20:55:43.0340 3732 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:55:43.0371 3732 FontCache - ok
20:55:43.0761 3732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:55:44.0104 3732 FontCache3.0.0.0 - ok
20:55:44.0198 3732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:55:44.0213 3732 FsDepends - ok
20:55:44.0525 3732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:55:44.0572 3732 Fs_Rec - ok
20:55:44.0775 3732 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:55:44.0791 3732 fvevol - ok
20:55:44.0869 3732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:55:44.0869 3732 gagp30kx - ok
20:55:45.0851 3732 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:55:46.0070 3732 GameConsoleService - ok
20:55:46.0210 3732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:55:46.0226 3732 gpsvc - ok
20:55:46.0678 3732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:55:46.0741 3732 gupdate - ok
20:55:46.0756 3732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:55:46.0756 3732 gupdatem - ok
20:55:46.0912 3732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:55:46.0943 3732 hcw85cir - ok
20:55:47.0146 3732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:55:47.0177 3732 HdAudAddService - ok
20:55:47.0318 3732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:55:47.0396 3732 HDAudBus - ok
20:55:47.0443 3732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:55:47.0458 3732 HidBatt - ok
20:55:47.0489 3732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:55:47.0521 3732 HidBth - ok
20:55:47.0583 3732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:55:47.0583 3732 HidIr - ok
20:55:47.0614 3732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:55:47.0645 3732 hidserv - ok
20:55:47.0926 3732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:55:47.0942 3732 HidUsb - ok
20:55:47.0989 3732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:55:48.0004 3732 hkmsvc - ok
20:55:48.0051 3732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:55:48.0067 3732 HomeGroupListener - ok
20:55:48.0160 3732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:55:48.0191 3732 HomeGroupProvider - ok
20:55:48.0597 3732 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:55:48.0644 3732 HP Support Assistant Service - ok
20:55:49.0252 3732 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:55:49.0252 3732 HP Wireless Assistant Service - ok
20:55:49.0408 3732 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:55:49.0517 3732 HPClientSvc - ok
20:55:49.0720 3732 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:55:49.0736 3732 HPDrvMntSvc.exe - ok
20:55:49.0861 3732 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:55:49.0892 3732 hpqwmiex - ok
20:55:49.0970 3732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:55:49.0970 3732 HpSAMD - ok
20:55:50.0173 3732 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:55:50.0173 3732 HPWMISVC - ok
20:55:50.0812 3732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:55:51.0031 3732 HTTP - ok
20:55:51.0280 3732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:55:51.0374 3732 hwpolicy - ok
20:55:51.0764 3732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:55:52.0154 3732 i8042prt - ok
20:55:52.0684 3732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:55:52.0715 3732 iaStorV - ok
20:55:53.0137 3732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:55:53.0339 3732 idsvc - ok
20:55:53.0885 3732 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSvia64.sys
20:55:54.0322 3732 IDSVia64 - ok
20:55:55.0898 3732 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:55:56.0101 3732 igfx - ok
20:55:56.0163 3732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:55:56.0163 3732 iirsp - ok
20:55:56.0475 3732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:55:56.0491 3732 IKEEXT - ok
20:55:56.0569 3732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:55:56.0584 3732 intelide - ok
20:55:56.0787 3732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:55:56.0787 3732 intelppm - ok
20:55:56.0865 3732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:55:56.0896 3732 IPBusEnum - ok
20:55:56.0959 3732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:55:57.0005 3732 IpFilterDriver - ok
20:55:57.0208 3732 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:55:57.0224 3732 iphlpsvc - ok
20:55:57.0286 3732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:55:57.0286 3732 IPMIDRV - ok
20:55:57.0395 3732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:55:57.0427 3732 IPNAT - ok
20:55:57.0551 3732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:55:57.0551 3732 IRENUM - ok
20:55:57.0629 3732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:55:57.0661 3732 isapnp - ok
20:55:57.0754 3732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:55:57.0817 3732 iScsiPrt - ok
20:55:57.0910 3732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:55:57.0910 3732 kbdclass - ok
20:55:58.0207 3732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:55:58.0207 3732 kbdhid - ok
20:55:58.0253 3732 keycrypt - ok
20:55:58.0300 3732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:55:58.0300 3732 KeyIso - ok
20:55:58.0378 3732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:55:58.0378 3732 KSecDD - ok
20:55:58.0503 3732 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:55:58.0534 3732 KSecPkg - ok
20:55:58.0753 3732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:55:58.0753 3732 ksthunk - ok
20:55:58.0955 3732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:55:58.0971 3732 KtmRm - ok
20:55:59.0127 3732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:55:59.0174 3732 LanmanServer - ok
20:55:59.0283 3732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:55:59.0377 3732 LanmanWorkstation - ok
20:55:59.0486 3732 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:55:59.0486 3732 LHidFilt - ok
20:55:59.0626 3732 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:55:59.0626 3732 LightScribeService - ok
20:55:59.0907 3732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:55:59.0923 3732 lltdio - ok
20:56:00.0219 3732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:56:00.0281 3732 lltdsvc - ok
20:56:00.0313 3732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:56:00.0344 3732 lmhosts - ok
20:56:00.0422 3732 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:56:00.0453 3732 LMouFilt - ok
20:56:00.0593 3732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:56:00.0640 3732 LSI_FC - ok
20:56:00.0718 3732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:56:00.0718 3732 LSI_SAS - ok
20:56:00.0781 3732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:56:00.0781 3732 LSI_SAS2 - ok
20:56:00.0859 3732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:56:00.0890 3732 LSI_SCSI - ok
20:56:01.0015 3732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:56:01.0030 3732 luafv - ok
20:56:01.0233 3732 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:56:01.0233 3732 MBAMProtector - ok
20:56:01.0483 3732 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:56:01.0498 3732 MBAMScheduler - ok
20:56:02.0169 3732 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:56:02.0263 3732 MBAMService - ok
20:56:02.0294 3732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:56:02.0325 3732 Mcx2Svc - ok
20:56:02.0419 3732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:56:02.0434 3732 megasas - ok
20:56:02.0575 3732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:56:02.0590 3732 MegaSR - ok
20:56:02.0731 3732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:56:02.0731 3732 MMCSS - ok
20:56:02.0793 3732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:56:02.0824 3732 Modem - ok
20:56:02.0933 3732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:56:02.0933 3732 monitor - ok
20:56:03.0245 3732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:56:03.0277 3732 mouclass - ok
20:56:03.0557 3732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:56:03.0557 3732 mouhid - ok
20:56:03.0854 3732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:56:03.0854 3732 mountmgr - ok
20:56:04.0025 3732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:56:04.0135 3732 mpio - ok
20:56:04.0213 3732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:56:04.0213 3732 mpsdrv - ok
20:56:04.0415 3732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:56:04.0447 3732 MpsSvc - ok
20:56:04.0509 3732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:56:04.0509 3732 MRxDAV - ok
20:56:04.0587 3732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:04.0587 3732 mrxsmb - ok
20:56:04.0665 3732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:04.0665 3732 mrxsmb10 - ok
20:56:04.0712 3732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:04.0727 3732 mrxsmb20 - ok
20:56:04.0790 3732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:56:04.0805 3732 msahci - ok
20:56:04.0868 3732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:56:04.0883 3732 msdsm - ok
20:56:04.0930 3732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:56:04.0930 3732 MSDTC - ok
20:56:04.0977 3732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:56:04.0977 3732 Msfs - ok
20:56:05.0024 3732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:56:05.0024 3732 mshidkmdf - ok
20:56:05.0071 3732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:56:05.0086 3732 msisadrv - ok
20:56:05.0211 3732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:56:05.0227 3732 MSiSCSI - ok
20:56:05.0227 3732 msiserver - ok
20:56:05.0305 3732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:56:05.0320 3732 MSKSSRV - ok
20:56:05.0336 3732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:05.0336 3732 MSPCLOCK - ok
20:56:05.0351 3732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:56:05.0351 3732 MSPQM - ok
20:56:05.0492 3732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:56:05.0507 3732 MsRPC - ok
20:56:05.0554 3732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:56:05.0554 3732 mssmbios - ok
20:56:05.0617 3732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:56:05.0632 3732 MSTEE - ok
20:56:05.0695 3732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:56:05.0695 3732 MTConfig - ok
20:56:05.0741 3732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:56:05.0757 3732 Mup - ok
20:56:05.0882 3732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:56:05.0897 3732 napagent - ok
20:56:06.0100 3732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:56:06.0147 3732 NativeWifiP - ok
20:56:06.0599 3732 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\ENG64.SYS
20:56:06.0599 3732 NAVENG - ok
20:56:06.0927 3732 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130413.016\EX64.SYS
20:56:07.0223 3732 NAVEX15 - ok
20:56:07.0473 3732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:56:07.0473 3732 NDIS - ok
20:56:07.0613 3732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:07.0613 3732 NdisCap - ok
20:56:07.0769 3732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:07.0801 3732 NdisTapi - ok
20:56:08.0144 3732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:08.0175 3732 Ndisuio - ok
20:56:08.0315 3732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:08.0331 3732 NdisWan - ok
20:56:08.0378 3732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:56:08.0393 3732 NDProxy - ok
20:56:08.0518 3732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:56:08.0518 3732 NetBIOS - ok
20:56:08.0596 3732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:56:08.0612 3732 NetBT - ok
20:56:08.0690 3732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:56:08.0705 3732 Netlogon - ok
20:56:08.0893 3732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:56:08.0908 3732 Netman - ok
20:56:09.0080 3732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:56:09.0095 3732 netprofm - ok
20:56:09.0236 3732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:09.0267 3732 NetTcpPortSharing - ok
20:56:10.0936 3732 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:56:11.0108 3732 netw5v64 - ok
20:56:11.0186 3732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:56:11.0201 3732 nfrd960 - ok
20:56:11.0560 3732 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
20:56:11.0576 3732 NIS - ok
20:56:11.0716 3732 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:56:11.0716 3732 NlaSvc - ok
20:56:11.0794 3732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:56:11.0825 3732 Npfs - ok
20:56:11.0903 3732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:56:11.0919 3732 nsi - ok
20:56:11.0935 3732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:56:11.0935 3732 nsiproxy - ok
20:56:12.0434 3732 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:56:12.0637 3732 Ntfs - ok
20:56:13.0183 3732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:56:13.0183 3732 Null - ok
20:56:13.0370 3732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:56:13.0385 3732 nvraid - ok
20:56:13.0619 3732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:56:13.0697 3732 nvstor - ok
20:56:13.0885 3732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:56:13.0885 3732 nv_agp - ok
20:56:14.0072 3732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:56:14.0072 3732 ohci1394 - ok
20:56:14.0275 3732 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:14.0290 3732 ose - ok
20:56:15.0616 3732 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:56:16.0006 3732 osppsvc - ok
20:56:16.0225 3732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:56:16.0225 3732 p2pimsvc - ok
20:56:16.0365 3732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:56:16.0381 3732 p2psvc - ok
20:56:16.0443 3732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:56:16.0474 3732 Parport - ok
20:56:16.0505 3732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:56:16.0505 3732 partmgr - ok
20:56:16.0568 3732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:56:16.0568 3732 PcaSvc - ok
20:56:16.0677 3732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:56:16.0693 3732 pci - ok
20:56:16.0786 3732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:56:16.0802 3732 pciide - ok
20:56:16.0911 3732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:56:16.0927 3732 pcmcia - ok
20:56:17.0020 3732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:56:17.0051 3732 pcw - ok
20:56:17.0176 3732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:56:17.0207 3732 PEAUTH - ok
20:56:18.0315 3732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:56:18.0331 3732 PerfHost - ok
20:56:19.0563 3732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:56:19.0875 3732 pla - ok
20:56:20.0499 3732 [ 25FBDEF06C4D92815B353F6E792C8129 ]



Second half on it's way.

[polij79]

Two of two.


PlugPlay C:\Windows\system32\umpnpmgr.dll
20:56:20.0655 3732 PlugPlay - ok
20:56:20.0873 3732 [ 8AC5649C9070674D4607301C180AB10B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
20:56:20.0889 3732 pneteth - ok
20:56:21.0029 3732 [ 06841F5CD8410B6BDC0B5A631B8F8787 ] pnetmdm C:\Windows\system32\DRIVERS\pnetmdm64.sys
20:56:21.0045 3732 pnetmdm - ok
20:56:21.0170 3732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:56:21.0201 3732 PNRPAutoReg - ok
20:56:21.0310 3732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:56:21.0341 3732 PNRPsvc - ok
20:56:21.0716 3732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:56:21.0763 3732 PolicyAgent - ok
20:56:21.0919 3732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:56:21.0950 3732 Power - ok
20:56:22.0231 3732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:56:22.0262 3732 PptpMiniport - ok
20:56:22.0340 3732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:56:22.0340 3732 Processor - ok
20:56:22.0449 3732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:56:22.0465 3732 ProfSvc - ok
20:56:22.0511 3732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:56:22.0511 3732 ProtectedStorage - ok
20:56:22.0605 3732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:56:22.0621 3732 Psched - ok
20:56:22.0730 3732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:56:22.0777 3732 ql2300 - ok
20:56:22.0839 3732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:56:22.0855 3732 ql40xx - ok
20:56:22.0964 3732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:56:22.0979 3732 QWAVE - ok
20:56:23.0057 3732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:56:23.0057 3732 QWAVEdrv - ok
20:56:23.0089 3732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:56:23.0089 3732 RasAcd - ok
20:56:23.0182 3732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:23.0182 3732 RasAgileVpn - ok
20:56:23.0213 3732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:56:23.0229 3732 RasAuto - ok
20:56:23.0276 3732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:23.0307 3732 Rasl2tp - ok
20:56:23.0463 3732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:56:23.0463 3732 RasMan - ok
20:56:23.0510 3732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:23.0619 3732 RasPppoe - ok
20:56:23.0728 3732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:56:23.0744 3732 RasSstp - ok
20:56:23.0853 3732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:56:23.0853 3732 rdbss - ok
20:56:23.0931 3732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:56:23.0947 3732 rdpbus - ok
20:56:23.0978 3732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:23.0978 3732 RDPCDD - ok
20:56:24.0025 3732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:56:24.0025 3732 RDPENCDD - ok
20:56:24.0071 3732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:56:24.0071 3732 RDPREFMP - ok
20:56:24.0274 3732 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:56:24.0274 3732 RdpVideoMiniport - ok
20:56:24.0415 3732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:56:24.0415 3732 RDPWD - ok
20:56:24.0493 3732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:56:24.0493 3732 rdyboost - ok
20:56:24.0555 3732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:56:24.0586 3732 RemoteAccess - ok
20:56:24.0695 3732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:56:24.0695 3732 RemoteRegistry - ok
20:56:24.0773 3732 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:56:24.0805 3732 ROOTMODEM - ok
20:56:25.0179 3732 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:56:25.0195 3732 RoxioNow Service - ok
20:56:25.0257 3732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:56:25.0257 3732 RpcEptMapper - ok
20:56:25.0319 3732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:56:25.0319 3732 RpcLocator - ok
20:56:25.0475 3732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:56:25.0475 3732 RpcSs - ok
20:56:25.0694 3732 [ CA327A84085F68200452E6761F943298 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
20:56:25.0694 3732 RSPCIESTOR - ok
20:56:25.0819 3732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:56:25.0834 3732 rspndr - ok
20:56:26.0068 3732 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:56:26.0084 3732 RTL8167 - ok
20:56:26.0115 3732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:56:26.0115 3732 SamSs - ok
20:56:26.0209 3732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:56:26.0224 3732 sbp2port - ok
20:56:26.0365 3732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:56:26.0380 3732 SCardSvr - ok
20:56:26.0536 3732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:56:26.0567 3732 scfilter - ok
20:56:26.0864 3732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:56:26.0879 3732 Schedule - ok
20:56:26.0957 3732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:56:26.0957 3732 SCPolicySvc - ok
20:56:27.0285 3732 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:56:27.0316 3732 sdbus - ok
20:56:27.0441 3732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:56:27.0519 3732 SDRSVC - ok
20:56:28.0096 3732 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:56:28.0190 3732 SDScannerService - ok
20:56:28.0720 3732 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:56:29.0141 3732 SDUpdateService - ok
20:56:30.0077 3732 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:56:30.0093 3732 SDWSCService - ok
20:56:30.0202 3732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:56:30.0218 3732 secdrv - ok
20:56:30.0296 3732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:56:30.0311 3732 seclogon - ok
20:56:30.0374 3732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:56:30.0389 3732 SENS - ok
20:56:30.0904 3732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:56:30.0920 3732 SensrSvc - ok
20:56:31.0091 3732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:56:31.0138 3732 Serenum - ok
20:56:31.0762 3732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:56:31.0778 3732 Serial - ok
20:56:31.0856 3732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:56:31.0871 3732 sermouse - ok
20:56:31.0949 3732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:56:31.0981 3732 SessionEnv - ok
20:56:32.0043 3732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:56:32.0074 3732 sffdisk - ok
20:56:32.0152 3732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:56:32.0183 3732 sffp_mmc - ok
20:56:32.0293 3732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:56:32.0293 3732 sffp_sd - ok
20:56:32.0386 3732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:32.0402 3732 sfloppy - ok
20:56:33.0073 3732 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:56:33.0229 3732 Sftfs - ok
20:56:33.0431 3732 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:56:33.0463 3732 sftlist - ok
20:56:33.0634 3732 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:56:33.0650 3732 Sftplay - ok
20:56:34.0258 3732 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:56:34.0274 3732 Sftredir - ok
20:56:34.0305 3732 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:56:34.0321 3732 Sftvol - ok
20:56:34.0414 3732 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:56:34.0414 3732 sftvsa - ok
20:56:34.0664 3732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:56:34.0679 3732 SharedAccess - ok
20:56:34.0851 3732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:34.0882 3732 ShellHWDetection - ok
20:56:35.0132 3732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:56:35.0132 3732 SiSRaid2 - ok
20:56:35.0288 3732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:56:35.0350 3732 SiSRaid4 - ok
20:56:35.0569 3732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:56:35.0569 3732 Smb - ok
20:56:35.0787 3732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:56:35.0787 3732 SNMPTRAP - ok
20:56:36.0489 3732 [ 3325D6E50E52CC05C5F8228288DF2A4C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:56:36.0661 3732 SNP2UVC - ok
20:56:36.0754 3732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:56:36.0770 3732 spldr - ok
20:56:36.0926 3732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:56:36.0941 3732 Spooler - ok
20:56:37.0675 3732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:56:37.0753 3732 sppsvc - ok
20:56:37.0862 3732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:56:37.0893 3732 sppuinotify - ok
20:56:38.0845 3732 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\NISx64\1403000.024\SRTSP64.SYS
20:56:38.0860 3732 SRTSP - ok
20:56:39.0344 3732 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
20:56:39.0375 3732 SRTSPX - ok
20:56:39.0874 3732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:56:40.0077 3732 srv - ok
20:56:40.0436 3732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:56:40.0654 3732 srv2 - ok
20:56:40.0732 3732 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:56:40.0904 3732 SrvHsfHDA - ok
20:56:41.0387 3732 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:56:41.0606 3732 SrvHsfV92 - ok
20:56:41.0933 3732 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:56:41.0949 3732 SrvHsfWinac - ok
20:56:42.0058 3732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:56:42.0074 3732 srvnet - ok
20:56:42.0261 3732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:56:42.0308 3732 SSDPSRV - ok
20:56:42.0495 3732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:56:42.0511 3732 SstpSvc - ok
20:56:44.0242 3732 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:56:44.0414 3732 STacSV - ok
20:56:44.0585 3732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:56:44.0617 3732 stexstor - ok
20:56:44.0975 3732 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:56:45.0007 3732 STHDA - ok
20:56:45.0287 3732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:56:45.0303 3732 stisvc - ok
20:56:45.0397 3732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:56:45.0428 3732 swenum - ok
20:56:45.0584 3732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:56:45.0615 3732 swprv - ok
20:56:46.0099 3732 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
20:56:46.0145 3732 SymDS - ok
20:56:47.0035 3732 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
20:56:47.0081 3732 SymEFA - ok
20:56:47.0627 3732 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:56:47.0643 3732 SymEvent - ok
20:56:47.0908 3732 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS
20:56:47.0924 3732 SymIRON - ok
20:56:48.0314 3732 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NISx64\1403000.024\SYMNETS.SYS
20:56:48.0329 3732 SymNetS - ok
20:56:48.0579 3732 [ C21550B1D42A39B3A6D128729A9EBDD6 ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS
20:56:48.0626 3732 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
20:56:49.0359 3732 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:56:49.0390 3732 SynTP - ok
20:56:49.0905 3732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:56:50.0030 3732 SysMain - ok
20:56:50.0108 3732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:50.0139 3732 TabletInputService - ok
20:56:50.0311 3732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:56:50.0311 3732 TapiSrv - ok
20:56:50.0825 3732 [ 9C9C8BBCB6E6E1CBDAA10A5EAEA9FEAC ] tapklink C:\Windows\system32\DRIVERS\tapklink.sys
20:56:50.0825 3732 tapklink - ok
20:56:50.0966 3732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:56:50.0981 3732 TBS - ok
20:56:51.0699 3732 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:56:51.0839 3732 Tcpip - ok
20:56:52.0588 3732 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:56:52.0651 3732 TCPIP6 - ok
20:56:52.0807 3732 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:56:52.0822 3732 tcpipreg - ok
20:56:53.0556 3732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:56:53.0946 3732 TDPIPE - ok
20:56:54.0070 3732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:56:54.0304 3732 TDTCP - ok
20:56:54.0367 3732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:56:54.0398 3732 tdx - ok
20:56:54.0507 3732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:56:54.0523 3732 TermDD - ok
20:56:54.0710 3732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:56:54.0788 3732 TermService - ok
20:56:54.0897 3732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:56:54.0913 3732 Themes - ok
20:56:55.0006 3732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:56:55.0006 3732 THREADORDER - ok
20:56:55.0069 3732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:56:55.0084 3732 TrkWks - ok
20:56:55.0287 3732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:55.0287 3732 TrustedInstaller - ok
20:56:55.0412 3732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:55.0443 3732 tssecsrv - ok
20:56:55.0771 3732 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:56:55.0786 3732 TsUsbFlt - ok
20:56:56.0223 3732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:56:56.0254 3732 tunnel - ok
20:56:56.0426 3732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:56:56.0426 3732 uagp35 - ok
20:56:56.0738 3732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:56:57.0019 3732 udfs - ok
20:56:57.0549 3732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:56:57.0721 3732 UI0Detect - ok
20:56:58.0033 3732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:56:58.0314 3732 uliagpkx - ok
20:56:58.0470 3732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:56:58.0485 3732 umbus - ok
20:56:58.0797 3732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:56:58.0797 3732 UmPass - ok
20:56:58.0984 3732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:56:58.0984 3732 upnphost - ok
20:56:59.0094 3732 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:56:59.0109 3732 USBAAPL64 - ok
20:56:59.0328 3732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:59.0359 3732 usbccgp - ok
20:56:59.0437 3732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:56:59.0452 3732 usbcir - ok
20:56:59.0499 3732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:56:59.0515 3732 usbehci - ok
20:56:59.0624 3732 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:56:59.0655 3732 usbfilter - ok
20:56:59.0842 3732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:56:59.0858 3732 usbhub - ok
20:56:59.0889 3732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:56:59.0920 3732 usbohci - ok
20:57:00.0045 3732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:57:00.0061 3732 usbprint - ok
20:57:00.0186 3732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:57:00.0201 3732 USBSTOR - ok
20:57:00.0232 3732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:57:00.0295 3732 usbuhci - ok
20:57:00.0529 3732 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:57:00.0544 3732 usbvideo - ok
20:57:00.0685 3732 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
20:57:00.0700 3732 usb_rndisx - ok
20:57:00.0747 3732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:57:00.0747 3732 UxSms - ok
20:57:00.0825 3732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:57:00.0841 3732 VaultSvc - ok
20:57:00.0934 3732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:57:00.0981 3732 vdrvroot - ok
20:57:01.0200 3732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:57:01.0215 3732 vds - ok
20:57:01.0340 3732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:57:01.0356 3732 vga - ok
20:57:01.0371 3732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:57:01.0387 3732 VgaSave - ok
20:57:01.0480 3732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:57:01.0496 3732 vhdmp - ok
20:57:01.0574 3732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:57:01.0605 3732 viaide - ok
20:57:01.0683 3732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:57:01.0699 3732 volmgr - ok
20:57:01.0824 3732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:57:01.0839 3732 volmgrx - ok
20:57:01.0917 3732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:57:01.0917 3732 volsnap - ok
20:57:01.0980 3732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:57:01.0980 3732 vsmraid - ok
20:57:02.0354 3732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:57:02.0650 3732 VSS - ok
20:57:02.0728 3732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:57:02.0744 3732 vwifibus - ok
20:57:02.0838 3732 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:02.0838 3732 vwififlt - ok
20:57:02.0931 3732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:57:02.0931 3732 W32Time - ok
20:57:02.0994 3732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:57:03.0009 3732 WacomPen - ok
20:57:03.0181 3732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:57:03.0196 3732 WANARP - ok
20:57:03.0274 3732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:57:03.0274 3732 Wanarpv6 - ok
20:57:03.0540 3732 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:57:03.0586 3732 WatAdminSvc - ok
20:57:03.0836 3732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:57:03.0867 3732 wbengine - ok
20:57:04.0132 3732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:57:04.0210 3732 WbioSrvc - ok
20:57:04.0351 3732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:57:04.0366 3732 wcncsvc - ok
20:57:04.0444 3732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:04.0444 3732 WcsPlugInService - ok
20:57:04.0538 3732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:57:04.0538 3732 Wd - ok
20:57:04.0912 3732 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:57:04.0959 3732 Wdf01000 - ok
20:57:05.0068 3732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:57:05.0100 3732 WdiServiceHost - ok
20:57:05.0209 3732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:57:05.0209 3732 WdiSystemHost - ok
20:57:05.0505 3732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:57:05.0724 3732 WebClient - ok
20:57:06.0004 3732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:57:06.0145 3732 Wecsvc - ok
20:57:06.0254 3732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:57:06.0285 3732 wercplsupport - ok
20:57:06.0379 3732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:57:06.0394 3732 WerSvc - ok
20:57:06.0457 3732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:57:06.0457 3732 WfpLwf - ok
20:57:06.0566 3732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:57:06.0769 3732 WIMMount - ok
20:57:06.0862 3732 WinDefend - ok
20:57:06.0878 3732 WinHttpAutoProxySvc - ok
20:57:08.0142 3732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:57:08.0204 3732 Winmgmt - ok
20:57:08.0516 3732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:57:08.0610 3732 WinRM - ok
20:57:08.0797 3732 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:57:08.0812 3732 WinUSB - ok
20:57:09.0093 3732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:57:09.0109 3732 Wlansvc - ok
20:57:09.0826 3732 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:57:10.0201 3732 wlcrasvc - ok
20:57:10.0638 3732 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:57:10.0716 3732 wlidsvc - ok
20:57:10.0794 3732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:57:10.0809 3732 WmiAcpi - ok
20:57:10.0903 3732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:10.0918 3732 wmiApSrv - ok
20:57:10.0996 3732 WMPNetworkSvc - ok
20:57:11.0074 3732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:11.0090 3732 WPCSvc - ok
20:57:11.0137 3732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:11.0152 3732 WPDBusEnum - ok
20:57:11.0184 3732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:11.0184 3732 ws2ifsl - ok
20:57:11.0293 3732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:57:11.0308 3732 wscsvc - ok
20:57:11.0308 3732 WSearch - ok
20:57:11.0558 3732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:11.0589 3732 wuauserv - ok
20:57:11.0652 3732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:11.0667 3732 WudfPf - ok
20:57:11.0823 3732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:11.0839 3732 WUDFRd - ok
20:57:12.0026 3732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:12.0026 3732 wudfsvc - ok
20:57:12.0198 3732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:57:12.0213 3732 WwanSvc - ok
20:57:12.0369 3732 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:57:12.0385 3732 yukonw7 - ok
20:57:12.0634 3732 ================ Scan global ===============================
20:57:12.0728 3732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:57:12.0822 3732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:57:12.0884 3732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:57:12.0978 3732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:57:13.0134 3732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:57:13.0149 3732 [Global] - ok
20:57:13.0165 3732 ================ Scan MBR ==================================
20:57:13.0258 3732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:57:13.0258 3732 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:57:13.0648 3732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:57:13.0648 3732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:57:13.0648 3732 ================ Scan VBR ==================================
20:57:13.0742 3732 [ D7572535D4725395E3EF8EEF0F0964DD ] \Device\Harddisk0\DR0\Partition1
20:57:13.0867 3732 \Device\Harddisk0\DR0\Partition1 - ok
20:57:13.0914 3732 [ 08B31C7E7CF98CDE03C14911633E764D ] \Device\Harddisk0\DR0\Partition2
20:57:14.0038 3732 \Device\Harddisk0\DR0\Partition2 - ok
20:57:14.0070 3732 [ B984C6CCB404CF333A1F8A8ABF596C36 ] \Device\Harddisk0\DR0\Partition3
20:57:14.0101 3732 \Device\Harddisk0\DR0\Partition3 - ok
20:57:14.0116 3732 ============================================================
20:57:14.0116 3732 Scan finished
20:57:14.0116 3732 ============================================================
20:57:14.0148 2560 Detected object count: 1
20:57:14.0148 2560 Actual detected object count: 1
20:59:29.0977 2560 \Device\Harddisk0\DR0\# - copied to quarantine
20:59:29.0977 2560 \Device\Harddisk0\DR0 - copied to quarantine
20:59:31.0428 2560 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:59:31.0537 2560 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:59:31.0615 2560 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:59:31.0646 2560 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:59:31.0662 2560 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:59:31.0740 2560 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:59:31.0740 2560 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:59:31.0833 2560 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:59:31.0880 2560 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:59:31.0880 2560 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:59:31.0896 2560 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:59:31.0896 2560 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:59:31.0927 2560 \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
20:59:31.0927 2560 \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
20:59:31.0989 2560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:59:32.0192 2560 \Device\Harddisk0\DR0 - ok
20:59:35.0203 2560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:00:14.0051 7140 Deinitialize success

I think I did it.

[polij79]

OTL by OldTimer
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



OTL logfile created on: 4/14/2013 9:28:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEXIS\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 49.29% Memory free
5.49 Gb Paging File | 3.93 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.83 Gb Total Space | 225.69 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 1.74 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: ALEXIS-HP | User Name: ALEXIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ALEXIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (EraserSvc11220) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD03000.01A\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\SysNative\drivers\NSMx64\0203000.011\symrdrs.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NOF) -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (tapklink) -- C:\Windows\SysNative\drivers\tapklink.sys (Faveset LLC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130414.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130414.006\eng64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome&d=y
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S00829^us&si=COP6wqWjxq8CFQhN4AodIBwAaw&ptb=37F905BE-4526-443B-AFCB-2222DF604173&psa=&ind=2012042112&st=sb&n=77ed5380&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.38\coFFFw\ [2013/03/18 21:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/20 22:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/14 21:06:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/03/19 15:10:28 | 000,446,020 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AFC9A8-A278-4C8D-940D-E3F6BD176E8D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck msln)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 21:10:06 | 000,067,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\msln.exe
[2013/04/14 20:59:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/14 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Desktop\tdsskiller
[2013/04/13 22:21:36 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/04/13 22:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/12 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 21:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 21:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 21:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/11 23:02:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/11 22:21:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 22:21:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 22:21:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 22:21:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 22:21:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 22:21:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 22:21:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 22:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 22:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 22:21:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 22:21:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 22:21:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 22:21:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 22:21:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 22:21:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/11 22:17:53 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/10 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 20:21:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 20:19:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/02 02:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/02 02:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/04/02 02:19:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/01 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 21:47:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/21 00:18:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/20 22:19:15 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013/03/20 22:19:15 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013/03/20 22:19:15 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013/03/20 22:19:15 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013/03/20 22:19:15 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013/03/20 22:19:15 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013/03/20 22:19:15 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013/03/20 22:19:15 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013/03/20 22:19:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403000.024
[2013/03/20 22:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/03/20 22:19:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/03/20 14:25:57 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Avg2013
[2013/03/20 04:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 04:06:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/19 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2013/03/19 22:35:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\MFAData
[2013/03/19 22:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/19 22:16:52 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\Google
[2013/03/19 22:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/19 22:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft Toolbar
[2013/03/19 15:20:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/19 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2013/03/19 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2013/03/19 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013/03/19 12:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/03/19 12:17:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/19 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/03/19 10:55:21 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 00:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/18 23:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/03/18 15:50:29 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Local\CyberLink
[2013/03/18 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\Documents\Blio
[2013/03/18 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/18 13:46:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/03/18 13:13:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/03/18 13:13:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/03/18 13:13:35 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/03/18 12:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/03/17 23:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/17 23:11:36 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\Malwarebytes
[2013/03/17 23:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/17 23:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/16 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\ALEXIS\AppData\Roaming\CyberLink
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/14 21:16:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 21:11:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 21:11:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 21:10:06 | 000,067,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\msln.exe
[2013/04/14 21:04:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 21:03:27 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013/04/14 21:03:21 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 20:55:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 20:50:43 | 002,218,636 | ---- | M] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002UA.job
[2013/04/13 22:41:43 | 000,001,099 | ---- | M] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:30:22 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\ALEXIS\Desktop\ComboFix.exe
[2013/04/12 21:24:34 | 592,407,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/12 21:15:11 | 000,343,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/12 21:14:26 | 001,820,129 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/11 23:29:40 | 000,040,581 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/11 22:53:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/04/10 20:21:50 | 000,001,133 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:17:31 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ALEXIS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 04:26:45 | 002,589,541 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | M] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | M] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | M] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | M] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/02 02:19:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALEXIS\Desktop\erunt-setup.exe
[2013/04/02 01:13:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS.job
[2013/04/01 21:47:49 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/25 21:18:19 | 000,001,290 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton Installation Files.lnk
[2013/03/21 09:35:08 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/21 09:35:08 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/21 09:35:08 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/20 22:20:01 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/20 22:20:01 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/20 22:20:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/20 22:19:47 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 15:11:49 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/20 13:55:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4121414387-752882849-3289732955-1002Core.job
[2013/03/20 12:28:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForALEXIS-HP$.job
[2013/03/19 15:10:28 | 000,446,020 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/19 12:54:05 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/19 12:17:44 | 000,001,069 | ---- | M] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 12:17:22 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013/03/19 10:55:21 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/19 01:08:16 | 002,033,827 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:55:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/18 22:55:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/18 22:38:39 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:35:02 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | M] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:48:30 | 667,746,304 | ---- | M] () -- C:\NBRT.iso
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/14 20:48:13 | 002,218,636 | ---- | C] () -- C:\Users\ALEXIS\Desktop\tdsskiller.zip
[2013/04/13 22:41:43 | 000,001,099 | ---- | C] () -- C:\Users\ALEXIS\Desktop\OTL - Shortcut.lnk
[2013/04/12 22:37:33 | 000,000,760 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ComboFix - Shortcut.lnk
[2013/04/12 21:34:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 21:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 21:34:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 21:34:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 21:34:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:29:40 | 000,040,581 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Capture.PNG
[2013/04/10 20:21:50 | 000,001,133 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/10 20:21:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/02 04:25:04 | 002,589,541 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Blue screen.jpg
[2013/04/02 02:41:18 | 000,003,537 | ---- | C] () -- C:\Users\ALEXIS\Desktop\attach.zip
[2013/04/02 02:20:43 | 000,001,104 | ---- | C] () -- C:\Users\ALEXIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/02 02:20:31 | 000,000,924 | ---- | C] () -- C:\Users\ALEXIS\Desktop\NTREGOPT.lnk
[2013/04/02 02:20:31 | 000,000,905 | ---- | C] () -- C:\Users\ALEXIS\Desktop\ERUNT.lnk
[2013/04/01 21:47:49 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 21:47:49 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/20 22:50:34 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013/03/20 22:20:23 | 001,820,129 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/03/20 22:19:47 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/20 22:19:04 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013/03/20 22:19:04 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013/03/20 22:19:04 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013/03/20 22:19:04 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013/03/20 22:19:04 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013/03/20 22:19:04 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013/03/20 22:19:04 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013/03/20 22:19:04 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013/03/20 22:19:03 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013/03/20 22:19:03 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013/03/20 22:19:03 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013/03/20 22:19:03 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013/03/20 22:19:03 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013/03/20 22:19:03 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013/03/20 22:19:03 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013/03/20 22:19:03 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013/03/20 22:19:03 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013/03/20 22:19:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013/03/20 19:34:00 | 592,407,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/20 05:42:34 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 22:17:21 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 22:17:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 12:54:05 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/19 12:21:53 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/03/19 12:17:44 | 000,001,069 | ---- | C] () -- C:\Users\ALEXIS\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2013/03/19 01:07:50 | 002,033,827 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Windows6.1-KB2506014-x64.msu
[2013/03/18 22:38:33 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool 3.exe
[2013/03/18 22:34:58 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool comcast.exe
[2013/03/18 22:32:14 | 000,866,592 | ---- | C] () -- C:\Users\ALEXIS\Desktop\Norton_Removal_Tool.exe
[2013/03/16 14:47:38 | 667,746,304 | ---- | C] () -- C:\NBRT.iso
[2012/10/29 00:03:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/10/11 15:35:33 | 000,743,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 07:31:34 | 000,026,024 | ---- | C] () -- C:\Windows\snuvcdsm.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ID Vault
[2011/12/11 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Leadertech
[2011/11/08 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\ooVoo Details
[2011/10/31 15:10:49 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\PictureMover
[2011/10/31 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Synaptics
[2013/03/09 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\Tific
[2012/10/11 15:38:04 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TP
[2013/03/19 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\ALEXIS\AppData\Roaming\TuneUp Software
[2012/11/26 20:07:05 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Audacity
[2011/10/31 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Blio
[2013/03/01 01:01:54 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ID Vault
[2011/11/09 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\ooVoo Details
[2011/10/31 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\PictureMover
[2012/10/18 03:50:48 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\SoftGrid Client
[2011/10/31 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Synaptics
[2012/09/29 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\Unified Remote
[2011/11/20 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Alexis_2\AppData\Roaming\WildTangent
[2011/10/31 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ID Vault
[2011/10/31 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics

========== Purity Check ==========



< End of report >

[polij79]

Looks like I need to scrap Norton!!!!!!!!!!!!!!

[ken545]

Good Morning,

Looking so much better, the svchost thing is gone, your where infected by the TDSS rootkit.

I am looking at the ASK Toolbar installed , if you want to remove it it can be uninstalled via Programs and Features in the Control Panel, not malicious but has some adware functionality along with altering your browsers search setting, you also have my websearch which is bad and needs to be removed.

Uninstall ASK , then run a new scan with OTL and we can remove leftovers along with mywebsearch. Also see if you can run aswMBR again and post that log

As far as Norton, your call to remove it but it has to be done problerly, I removed it on 3 of my systems not because of it detecting poorly but it was a system degrad issue. I switched to Microsoft Security Essentials which is free and more than adequate. Let me know if you decide to do this and I will link you to the Norton Removal tool along with the link for Microsofts program

[polij79]

Hello Ken545,
I do not see that toolbar.
Yes I am willing to remove Norton. Can you explain to me how to correctly maintain the PC ? Is Spybot something I should incorporate into a routine along with Windows security? Is there anything else you could recommend? If you have time could you comment on the backing up the pc.
I am happy, grateful and appreciate all you have done.
THANK YOU
MIKE P.

[polij79]

Hello again,
See the snap shot of the uninstall page.

[polij79]

Hi, I was poking around and just realized Norton search engine is powered by Ask. On the results web page it says powered by Ask. ???? I am all yours.Your wish is my command.

[ken545]

Good Morning Mike,

One reason for getting all these toolbars most times is not reading what your installing, you need to read carefully through the install procedure before clicking on next. The way these viruses are written no matter what anti virus program you use sometimes one can slip by, the weakest link in the chain is you, you just need to be real careful what you download, links you click on, dont ever open any spam email, most of them are a hot bed of infection.

It looks like you also have already downloaded the Norton Removal Tool, not sure which one you have so you can remove it from your desktop and here is a link for the one i used over the weekend and it worked quite well. Also some people think having more than one AV will make them more secure when actually it dont, you need one AV, keep it updated and run frequent scans.

https://support.norton.com/sp/en/us/...rProfile_en_us



Hang off on removing Norton and lets get rid of some of the junk on your system first

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S00829^us&si=COP6wqWjxq8CFQhN4AodIBwAaw&ptb=37F905BE-4526-443B-AFCB-2222DF604173&psa=&ind=2012042112&st=sb&n=77ed5380&searchfor={searchTerms}
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome&d=y
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome&d=y
  IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
  IE - HKU\S-1-5-21-4121414387-752882849-3289732955-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch&d=y
  O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
  O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\toolbar\tbcore3.dll File not found
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files (x86)\Glarysoft Toolbar
  
  
  :Commands
  [purity]
  [resethosts]
  [CLEARALLRESTOREPOINTS]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces