Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect click.get-answers-fast.com


  • This topic is locked This topic is locked
93 replies to this topic

#1 MIP31415

MIP31415

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 May 2012 - 03:52 PM

I have a Windows 7 desktop, (Norton 360 Premier; IE8) that started having redirect problems a few weeks ago. The first was Hapilli-redirect. TDSSkiller found that (I think--- It returned with a question on Abode's FlexNet License. I repaired that with an Adobe tool, and the Hapilli redirect stopped.) However, this click.get-answers-fast.com redirect started soon thereafter. TDSSkiller has not located this one. Bitdefender and Malwarebytes also didn't find it. Note that I use IE (and yes, I actually do like it.) Microsoft did auto-update it to IE9, but I removed that update and downgraded to IE8.

The redirect does not happen all the time.
Sometimes it redirects to click.get-answers-fast.com;
sometimes it redirects to click.get-answers-fast.com and then immeditely to another site;
sometimes it redirects to click.get-answers-fast.com and then takes me to the site I requested. (this worries me the most- could this lead to keystoke recording, etc?).
sometimes it redirects me to another site entirely and I don't see it 'pass through' click.get-answers-fast.com.

Usually the site it takes me to is 8.26.70.272 or 8.26.70.252. I have tried to enter these address into my Norton firewall to block (as I have done with advertisers such as doubleclick) but Norton returns that these address are not valid.

Any and all help is appreciated. The DDS file is below. The attach file stated not to post unless directed.

Matthew
-----------------------------------------------------------------------------------------------------------------


DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Matthew at 13:24:48 on 2012-05-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.1825 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\aol\1279066513\ee\aolsoftware.exe
C:\Windows\system32\conhost.exe
C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
M:\MIP\Matthews Documents\Add-ons for 8100\Process Explorer v12\procexp64.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Citrix] rundll32.exe "C:\Users\Matthew\AppData\Local\CrashDumps\Citrix\huehul.dll",DllRegisterServer
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279066513\ee\AOLSoftware.exe
mRun: [<NO NAME>]
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PROCEX~1.LNK - M:\MIP\Matthews Documents\Add-ons for 8100\Process Explorer v12\procexp64.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.25.200.200 75.75.76.76 75.75.75.75
TCP: Interfaces\{A9E63362-0958-4005-9457-B5F218F25901} : DhcpNameServer = 172.25.200.200 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1279066513\ee\AOLSoftware.exe
mRun-x64: [(Default)]
mRun-x64: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120518.002\IDSviA64.sys [2012-5-22 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-1 13336]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-27 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-18 12:45:23 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys
2012-05-18 09:08:27 737912 ----a-w- C:\Windows\System32\drivers\N360x64\0602010.005\srtsp64.sys
2012-05-18 09:08:27 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symds64.sys
2012-05-18 09:08:27 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symnets.sys
2012-05-18 09:08:27 37496 ----a-w- C:\Windows\System32\drivers\N360x64\0602010.005\srtspx64.sys
2012-05-18 09:08:27 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ironx64.sys
2012-05-18 09:08:27 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ccsetx64.sys
2012-05-18 09:08:27 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symefa64.sys
2012-05-18 09:08:19 -------- d-----w- C:\Windows\System32\drivers\N360x64\0602010.005
2012-05-18 02:37:48 -------- d-----w- C:\Users\Matthew\AppData\Roaming\DiskAid
2012-05-18 02:37:41 -------- d-----w- C:\Program Files (x86)\DigiDNA
2012-05-17 16:22:22 -------- d-----w- C:\Users\Matthew\AdobeLicensingFilesBackup
2012-05-15 20:04:04 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Malwarebytes
2012-05-15 20:03:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-15 20:03:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-15 20:03:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 23:16:02 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 23:16:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 23:16:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 23:16:01 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 23:16:00 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 23:16:00 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 23:15:39 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 23:15:31 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 23:15:30 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 23:15:30 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 23:15:30 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 23:15:30 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 23:15:30 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-01 12:36:04 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0405000.022
2012-05-01 12:36:04 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-05-01 12:36:02 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-04-30 21:46:12 -------- d-----w- C:\Users\Matthew\AppData\Local\NPE
.
==================== Find3M ====================
.
2012-05-21 18:15:50 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 18:15:49 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-21 18:15:49 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-15 15:33:52 60304 ----a-w- C:\Users\Matthew\g2mdlhlpx.exe
2012-04-30 21:29:19 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-18 18:47:57 103272 ----a-w- C:\Users\Matthew\GoToAssistDownloadHelper.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 19:33:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:25:23.55 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 22 May 2012 - 03:57 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 May 2012 - 05:31 PM

Thanks Gringo. Security Check has been run on my desktop. ComboFix is running now. (I am logging in from my Windows XP laptop).

It's completed stage_4 and has been running stage 5 for a while now. Quick question for you- does Combofix require Internet access? As requested, I turned off the firewall, antivirus, antispyware, etc. I set each to be off permanatley, and will turn on when told. However, with my computer lying open like this, I disconneced my ethernet cable. (Maybe a mistake, but I just simply didn't think I needed to be connected once I downloaded the software and turned everything off.) Did I mess anything up? Should I reattached?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 22 May 2012 - 05:51 PM

some times it does so it is best to be connected


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 May 2012 - 06:08 PM

Ethernet cable plugged back in. (Hasn't gotten through Stage 5 yet. I'll check back in an hour or two...)
Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 22 May 2012 - 06:53 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 May 2012 - 07:28 PM

Gringo,
The runs have completed. (I returned to my computer to find it asking for my login so I assume it restarted.)

However, when I tried to open Internet Explorer, or any other program, I get a popup that says "C:\Program Files (x86)\[PROGRAM FOLDER]\[PROGRAM.EXE] Illegal operation attempted on a registry key that has been marked for deletion." Hitting OK returns a message "Can't open this item. It might have been moved, renamed or deleted. Do you want to remove this item?"

HELP!!! This happens for every program!! The only thing I can run is Windows Explorer. The vast majority of items in my system tray are also missing.

The Checkup and ComboFix logs are below. (I still have my laptop, but NEED my desktop. I have NOT restarted it as I am waiting to hear from you. PLEASE ADVISE!!! I have gone from being annoyed with the virus to FREAKING OUT becuase of the results of ComboFix. Please Help!!!

---------------
Checkup:
Results of screen317's Security Check version 0.99.34
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````


---------------
ComboFix
ComboFix 12-05-22.02 - Matthew 05/22/12 17:54:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2331 [GMT -4:00]
Running from: m:\mip\Matthews Documents\Add-ons for 8100\Redirect Problems\bleeping computer\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthew\AppData\Local\CrashDumps\Citrix\huehul.dll
c:\users\Matthew\g2mdlhlpx.exe
c:\users\Matthew\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-18 12:45 . 2012-05-18 12:45 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-18 09:08 . 2012-05-18 12:17 -------- d-----w- c:\windows\system32\drivers\N360x64\0602010.005
2012-05-18 02:37 . 2012-05-18 02:37 -------- d-----w- c:\users\Matthew\AppData\Roaming\DiskAid
2012-05-18 02:37 . 2012-05-18 02:37 -------- d-----w- c:\program files (x86)\DigiDNA
2012-05-17 16:22 . 2012-05-18 12:47 -------- d-----w- c:\users\Matthew\AdobeLicensingFilesBackup
2012-05-15 20:04 . 2012-05-15 20:04 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes
2012-05-15 20:03 . 2012-05-15 20:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-15 20:03 . 2012-05-15 20:03 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 20:03 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 23:16 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 23:16 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 23:16 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 23:16 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 23:16 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 23:16 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 23:15 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 23:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 23:15 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 23:15 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 23:15 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 23:15 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 23:15 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-01 12:36 . 2012-05-01 12:36 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-05-01 12:36 . 2012-05-01 12:36 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-04-30 21:46 . 2012-04-30 22:05 -------- d-----w- c:\users\Matthew\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 18:15 . 2012-03-31 16:36 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-21 18:15 . 2012-03-31 16:36 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-21 18:15 . 2012-03-31 16:36 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-30 21:29 . 2010-07-12 20:19 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-01 06:46 . 2012-04-12 04:41 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 04:41 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 04:41 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 04:41 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 04:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 04:41 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 04:41 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:39 . 2012-04-11 21:53 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 21:53 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-11 21:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-11 21:53 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-24 19:33 . 2011-05-14 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"HostManager"="c:\program files (x86)\Common Files\AOL\1279066513\ee\AOLSoftware.exe" [2010-03-08 41800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
procexp64 - Shortcut.lnk - m:\mip\Matthews Documents\Add-ons for 8100\Process Explorer v12\procexp64.exe [2010-7-12 972104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-7-1 50688]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120522.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.25.200.200 75.75.76.76 75.75.75.75
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Citrix - c:\users\Matthew\AppData\Local\CrashDumps\Citrix\huehul.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-05-22 20:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 00:15
.
Pre-Run: 581,390,520,320 bytes free
Post-Run: 580,849,405,952 bytes free
.
- - End Of File - - 8BBE00D26C30744145787F56E9DFB431

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 22 May 2012 - 07:35 PM

restart the computer and let me know how things are doing


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 May 2012 - 09:42 PM

Just got back in- had to run out for a moment. I didn't do the scan in Safe Mode, it ran all the way through the 1st time.

Do you still want me to restart now like normal and let it boot all the way up, or run the scan again in safe mode?

#10 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 22 May 2012 - 11:04 PM

I took a chance and restarted the computer. It seems to be running fine (and a lot faster). All Norton protections have been turned back on. I've worked with IE a few times and it doesn't seem to be redirecting at all.

THANK YOU!!!!!!

A few questions if I may:
* The "Illegal operation attempted on a registry key that has been marked for deletion" is normal?!? A bit scary I might add!

* What exactly did you see in the logs? What was wrong and what needed to be corrected/removed/restored? What do you look for?

I am very curious about what went on, and what you saw/did:
* What exactly was the redirect problem? Virus, root drive problems, registry issues, java script issues....

* How can I prevent this? I use Norton and other malware detection systems. Are there better systems, something I missed, et cetera?

* What does Compfix do??

* What can I change to not have this happen again?

If you have the time, I'd love some answers to the above questions. I am very curious/interested in what you saw/did.

Thanks again!!!
Matthew

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 23 May 2012 - 08:25 AM

Greetings

I can't get into what combofix does (we need all the advantages against the bad guys we can keep) - now what was in the reports don't show much and about preventing this i will get into a little bit later for now I am going to check a few more things to make sure nothing is hiding

Oh and that error happens enough that if you check my instructions i do mention it and what to do

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 23 May 2012 - 11:23 AM

I understand. I was curious as to what you look for or scan for in the results, and I get why you don't want to say so! (from the intellectual part of my brain, it is interesting.).

And I did see that note in your post, but it sounded like that happens during the running of Combofix, not aftersorry. Sorry about that.

The computer seems to be fine (and a lot faster). I'll watch it closely for a while (I'm gone most of the rest of today, however).

As to your requests:
TDSSKiller was updated today (version: 2.7.37.0).
aswMBR was downloaded and ran as well. The logs are below.

---------------------------
TDSSKiller:

09:30:14.0798 5312 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
09:30:15.0484 5312 ============================================================
09:30:15.0484 5312 Current date / time: 2012/05/23 09:30:15.0484
09:30:15.0484 5312 SystemInfo:
09:30:15.0484 5312
09:30:15.0484 5312 OS Version: 6.1.7601 ServicePack: 1.0
09:30:15.0484 5312 Product type: Workstation
09:30:15.0484 5312 ComputerName: MIP-DESKTOP8100
09:30:15.0484 5312 UserName: Matthew
09:30:15.0484 5312 Windows directory: C:\Windows
09:30:15.0484 5312 System windows directory: C:\Windows
09:30:15.0484 5312 Running under WOW64
09:30:15.0484 5312 Processor architecture: Intel x64
09:30:15.0484 5312 Number of processors: 4
09:30:15.0484 5312 Page size: 0x1000
09:30:15.0484 5312 Boot type: Normal boot
09:30:15.0484 5312 ============================================================
09:30:15.0952 5312 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:30:15.0952 5312 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:30:15.0984 5312 Drive \Device\Harddisk6\DR6 - Size: 0x951CC0000 (37.28 Gb), SectorSize: 0x200, Cylinders: 0x1302, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:30:15.0999 5312 ============================================================
09:30:15.0999 5312 \Device\Harddisk0\DR0:
09:30:15.0999 5312 MBR partitions:
09:30:15.0999 5312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x177000
09:30:15.0999 5312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19E800, BlocksNum 0x4A6B9000
09:30:15.0999 5312 \Device\Harddisk1\DR1:
09:30:15.0999 5312 MBR partitions:
09:30:15.0999 5312 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
09:30:15.0999 5312 \Device\Harddisk6\DR6:
09:30:15.0999 5312 MBR partitions:
09:30:15.0999 5312 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A8D043
09:30:15.0999 5312 ============================================================
09:30:16.0015 5312 C: <-> \Device\Harddisk0\DR0\Partition1
09:30:16.0514 5312 F: <-> \Device\Harddisk6\DR6\Partition0
09:30:16.0530 5312 M: <-> \Device\Harddisk1\DR1\Partition0
09:30:16.0530 5312 ============================================================
09:30:16.0530 5312 Initialize success
09:30:16.0530 5312 ============================================================
09:30:21.0319 6076 ============================================================
09:30:21.0319 6076 Scan started
09:30:21.0319 6076 Mode: Manual;
09:30:21.0319 6076 ============================================================
09:30:21.0693 6076 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:30:21.0693 6076 1394ohci - ok
09:30:21.0756 6076 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:30:21.0756 6076 ACPI - ok
09:30:21.0802 6076 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:30:21.0802 6076 AcpiPmi - ok
09:30:21.0912 6076 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
09:30:21.0912 6076 AdobeActiveFileMonitor7.0 - ok
09:30:22.0005 6076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:30:22.0036 6076 adp94xx - ok
09:30:22.0083 6076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:30:22.0099 6076 adpahci - ok
09:30:22.0146 6076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:30:22.0161 6076 adpu320 - ok
09:30:22.0192 6076 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:30:22.0192 6076 AeLookupSvc - ok
09:30:22.0270 6076 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:30:22.0286 6076 AFD - ok
09:30:22.0333 6076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:30:22.0333 6076 agp440 - ok
09:30:22.0364 6076 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:30:22.0380 6076 ALG - ok
09:30:22.0411 6076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:30:22.0411 6076 aliide - ok
09:30:22.0426 6076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:30:22.0426 6076 amdide - ok
09:30:22.0458 6076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:30:22.0473 6076 AmdK8 - ok
09:30:22.0489 6076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:30:22.0504 6076 AmdPPM - ok
09:30:22.0536 6076 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:30:22.0567 6076 amdsata - ok
09:30:22.0598 6076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:30:22.0598 6076 amdsbs - ok
09:30:22.0629 6076 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:30:22.0660 6076 amdxata - ok
09:30:22.0754 6076 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
09:30:22.0754 6076 AOL ACS - ok
09:30:22.0910 6076 APC UPS Service (be027936ac70f0c2318e081a03ae55fc) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
09:30:22.0926 6076 APC UPS Service - ok
09:30:22.0972 6076 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:30:22.0988 6076 AppID - ok
09:30:23.0019 6076 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:30:23.0019 6076 AppIDSvc - ok
09:30:23.0066 6076 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:30:23.0066 6076 Appinfo - ok
09:30:23.0144 6076 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:30:23.0144 6076 Apple Mobile Device - ok
09:30:23.0206 6076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:30:23.0222 6076 arc - ok
09:30:23.0253 6076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:30:23.0284 6076 arcsas - ok
09:30:23.0300 6076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:30:23.0300 6076 AsyncMac - ok
09:30:23.0347 6076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:30:23.0347 6076 atapi - ok
09:30:23.0456 6076 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:30:23.0472 6076 AudioEndpointBuilder - ok
09:30:23.0472 6076 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:30:23.0487 6076 AudioSrv - ok
09:30:23.0565 6076 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:30:23.0596 6076 AxInstSV - ok
09:30:23.0659 6076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:30:23.0690 6076 b06bdrv - ok
09:30:23.0737 6076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:30:23.0752 6076 b57nd60a - ok
09:30:23.0799 6076 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:30:23.0815 6076 BDESVC - ok
09:30:23.0830 6076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:30:23.0830 6076 Beep - ok
09:30:23.0955 6076 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:30:23.0955 6076 BFE - ok
09:30:24.0236 6076 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
09:30:24.0298 6076 BHDrvx64 - ok
09:30:24.0486 6076 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:30:24.0501 6076 BITS - ok
09:30:24.0548 6076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:30:24.0548 6076 blbdrive - ok
09:30:24.0673 6076 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:30:24.0673 6076 Bonjour Service - ok
09:30:24.0720 6076 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:30:24.0720 6076 bowser - ok
09:30:24.0751 6076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:30:24.0751 6076 BrFiltLo - ok
09:30:24.0766 6076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:30:24.0766 6076 BrFiltUp - ok
09:30:24.0813 6076 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:30:24.0813 6076 BridgeMP - ok
09:30:24.0860 6076 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:30:24.0860 6076 Browser - ok
09:30:24.0891 6076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:30:24.0907 6076 Brserid - ok
09:30:24.0922 6076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:30:24.0922 6076 BrSerWdm - ok
09:30:24.0938 6076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:30:24.0938 6076 BrUsbMdm - ok
09:30:24.0954 6076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:30:24.0954 6076 BrUsbSer - ok
09:30:24.0969 6076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:30:24.0985 6076 BTHMODEM - ok
09:30:25.0032 6076 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:30:25.0032 6076 bthserv - ok
09:30:25.0047 6076 catchme - ok
09:30:25.0110 6076 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
09:30:25.0125 6076 CAXHWBS2 - ok
09:30:25.0203 6076 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
09:30:25.0219 6076 ccSet_N360 - ok
09:30:25.0250 6076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:30:25.0266 6076 cdfs - ok
09:30:25.0312 6076 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:30:25.0312 6076 cdrom - ok
09:30:25.0359 6076 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:30:25.0375 6076 CertPropSvc - ok
09:30:25.0406 6076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:30:25.0406 6076 circlass - ok
09:30:25.0453 6076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:30:25.0453 6076 CLFS - ok
09:30:25.0515 6076 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:30:25.0531 6076 clr_optimization_v2.0.50727_32 - ok
09:30:25.0562 6076 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:30:25.0593 6076 clr_optimization_v2.0.50727_64 - ok
09:30:25.0671 6076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:30:25.0671 6076 clr_optimization_v4.0.30319_32 - ok
09:30:25.0734 6076 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:30:25.0734 6076 clr_optimization_v4.0.30319_64 - ok
09:30:25.0780 6076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:30:25.0780 6076 CmBatt - ok
09:30:25.0812 6076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:30:25.0812 6076 cmdide - ok
09:30:25.0874 6076 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:30:25.0890 6076 CNG - ok
09:30:25.0921 6076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:30:25.0921 6076 Compbatt - ok
09:30:25.0968 6076 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:30:25.0968 6076 CompositeBus - ok
09:30:25.0983 6076 COMSysApp - ok
09:30:25.0999 6076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:30:25.0999 6076 crcdisk - ok
09:30:26.0046 6076 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:30:26.0046 6076 CryptSvc - ok
09:30:26.0108 6076 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:30:26.0124 6076 DcomLaunch - ok
09:30:26.0170 6076 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:30:26.0186 6076 defragsvc - ok
09:30:26.0217 6076 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:30:26.0233 6076 DfsC - ok
09:30:26.0295 6076 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:30:26.0295 6076 Dhcp - ok
09:30:26.0311 6076 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:30:26.0311 6076 discache - ok
09:30:26.0342 6076 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:30:26.0358 6076 Disk - ok
09:30:26.0404 6076 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:30:26.0404 6076 Dnscache - ok
09:30:26.0451 6076 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:30:26.0467 6076 dot3svc - ok
09:30:26.0514 6076 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:30:26.0514 6076 DPS - ok
09:30:26.0545 6076 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:30:26.0545 6076 drmkaud - ok
09:30:26.0701 6076 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:30:26.0732 6076 DXGKrnl - ok
09:30:26.0763 6076 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:30:26.0779 6076 EapHost - ok
09:30:27.0091 6076 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:30:27.0122 6076 ebdrv - ok
09:30:27.0231 6076 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:30:27.0247 6076 eeCtrl - ok
09:30:27.0372 6076 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:30:27.0372 6076 EFS - ok
09:30:27.0496 6076 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:30:27.0512 6076 ehRecvr - ok
09:30:27.0543 6076 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:30:27.0543 6076 ehSched - ok
09:30:27.0652 6076 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:30:27.0668 6076 elxstor - ok
09:30:27.0793 6076 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:30:27.0793 6076 EraserUtilRebootDrv - ok
09:30:27.0808 6076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:30:27.0808 6076 ErrDev - ok
09:30:27.0886 6076 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:30:27.0886 6076 EventSystem - ok
09:30:27.0933 6076 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:30:27.0949 6076 exfat - ok
09:30:27.0980 6076 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:30:27.0996 6076 fastfat - ok
09:30:28.0089 6076 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:30:28.0105 6076 Fax - ok
09:30:28.0136 6076 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:30:28.0136 6076 fdc - ok
09:30:28.0152 6076 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:30:28.0152 6076 fdPHost - ok
09:30:28.0167 6076 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:30:28.0167 6076 FDResPub - ok
09:30:28.0183 6076 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:30:28.0198 6076 FileInfo - ok
09:30:28.0214 6076 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:30:28.0214 6076 Filetrace - ok
09:30:28.0339 6076 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:30:28.0354 6076 FLEXnet Licensing Service - ok
09:30:28.0370 6076 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:30:28.0370 6076 flpydisk - ok
09:30:28.0417 6076 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:30:28.0432 6076 FltMgr - ok
09:30:28.0557 6076 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:30:28.0573 6076 FontCache - ok
09:30:28.0666 6076 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:30:28.0666 6076 FontCache3.0.0.0 - ok
09:30:28.0713 6076 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:30:28.0713 6076 FsDepends - ok
09:30:28.0744 6076 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:30:28.0744 6076 Fs_Rec - ok
09:30:28.0791 6076 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:30:28.0791 6076 fvevol - ok
09:30:28.0822 6076 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:30:28.0838 6076 gagp30kx - ok
09:30:28.0885 6076 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:30:28.0885 6076 GEARAspiWDM - ok
09:30:28.0994 6076 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:30:28.0994 6076 gpsvc - ok
09:30:29.0056 6076 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:30:29.0587 6076 hcw85cir - ok
09:30:29.0634 6076 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:30:29.0649 6076 HDAudBus - ok
09:30:29.0680 6076 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:30:29.0680 6076 HECIx64 - ok
09:30:29.0696 6076 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:30:29.0696 6076 HidBatt - ok
09:30:29.0727 6076 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:30:29.0743 6076 HidBth - ok
09:30:29.0774 6076 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:30:29.0774 6076 HidIr - ok
09:30:29.0805 6076 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:30:29.0805 6076 hidserv - ok
09:30:29.0852 6076 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:30:29.0852 6076 HidUsb - ok
09:30:29.0883 6076 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:30:29.0914 6076 hkmsvc - ok
09:30:29.0977 6076 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:30:29.0977 6076 HomeGroupListener - ok
09:30:30.0024 6076 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:30:30.0024 6076 HomeGroupProvider - ok
09:30:30.0086 6076 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:30:30.0102 6076 HpSAMD - ok
09:30:30.0242 6076 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
09:30:30.0242 6076 HsfXAudioService - ok
09:30:30.0414 6076 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:30:30.0445 6076 HSF_DPV - ok
09:30:30.0663 6076 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:30:30.0679 6076 HTTP - ok
09:30:30.0726 6076 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:30:30.0726 6076 hwpolicy - ok
09:30:30.0772 6076 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:30:30.0804 6076 i8042prt - ok
09:30:30.0882 6076 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
09:30:30.0882 6076 iaStor - ok
09:30:30.0975 6076 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:30:30.0975 6076 IAStorDataMgrSvc - ok
09:30:31.0038 6076 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:30:31.0069 6076 iaStorV - ok
09:30:31.0209 6076 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:30:31.0256 6076 idsvc - ok
09:30:31.0428 6076 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120522.001\IDSvia64.sys
09:30:31.0443 6076 IDSVia64 - ok
09:30:31.0552 6076 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:30:31.0568 6076 iirsp - ok
09:30:31.0677 6076 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:30:31.0693 6076 IKEEXT - ok
09:30:31.0911 6076 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
09:30:31.0958 6076 IntcAzAudAddService - ok
09:30:32.0130 6076 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:30:32.0161 6076 IntcDAud - ok
09:30:32.0208 6076 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:30:32.0208 6076 intelide - ok
09:30:32.0254 6076 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:30:32.0254 6076 intelppm - ok
09:30:32.0286 6076 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:30:32.0317 6076 IPBusEnum - ok
09:30:32.0364 6076 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:30:32.0364 6076 IpFilterDriver - ok
09:30:32.0457 6076 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:30:32.0473 6076 iphlpsvc - ok
09:30:32.0504 6076 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:30:32.0520 6076 IPMIDRV - ok
09:30:32.0551 6076 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:30:32.0582 6076 IPNAT - ok
09:30:32.0754 6076 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
09:30:32.0785 6076 iPod Service - ok
09:30:32.0832 6076 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:30:32.0847 6076 IRENUM - ok
09:30:32.0863 6076 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:30:32.0863 6076 isapnp - ok
09:30:32.0925 6076 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:30:32.0941 6076 iScsiPrt - ok
09:30:33.0003 6076 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
09:30:33.0003 6076 k57nd60a - ok
09:30:33.0034 6076 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:30:33.0034 6076 kbdclass - ok
09:30:33.0081 6076 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:30:33.0081 6076 kbdhid - ok
09:30:33.0128 6076 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:30:33.0128 6076 KeyIso - ok
09:30:33.0159 6076 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:30:33.0175 6076 KSecDD - ok
09:30:33.0222 6076 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:30:33.0222 6076 KSecPkg - ok
09:30:33.0253 6076 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:30:33.0253 6076 ksthunk - ok
09:30:33.0300 6076 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:30:33.0331 6076 KtmRm - ok
09:30:33.0393 6076 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:30:33.0409 6076 LanmanServer - ok
09:30:33.0471 6076 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:30:33.0487 6076 LanmanWorkstation - ok
09:30:33.0518 6076 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:30:33.0518 6076 lltdio - ok
09:30:33.0565 6076 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:30:33.0596 6076 lltdsvc - ok
09:30:33.0612 6076 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:30:33.0627 6076 lmhosts - ok
09:30:33.0705 6076 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
09:30:33.0705 6076 LMIInfo - ok
09:30:33.0783 6076 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
09:30:33.0783 6076 LMIMaint - ok
09:30:33.0830 6076 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
09:30:33.0830 6076 lmimirr - ok
09:30:33.0830 6076 LMIRfsClientNP - ok
09:30:33.0846 6076 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
09:30:33.0846 6076 LMIRfsDriver - ok
09:30:33.0908 6076 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
09:30:33.0924 6076 LogMeIn - ok
09:30:33.0970 6076 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:30:34.0017 6076 LSI_FC - ok
09:30:34.0033 6076 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:30:34.0064 6076 LSI_SAS - ok
09:30:34.0080 6076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:30:34.0095 6076 LSI_SAS2 - ok
09:30:34.0126 6076 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:30:34.0126 6076 LSI_SCSI - ok
09:30:34.0173 6076 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:30:34.0204 6076 luafv - ok
09:30:34.0236 6076 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:30:34.0251 6076 Mcx2Svc - ok
09:30:34.0282 6076 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:30:34.0282 6076 mdmxsdk - ok
09:30:34.0298 6076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:30:34.0298 6076 megasas - ok
09:30:34.0345 6076 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:30:34.0360 6076 MegaSR - ok
09:30:34.0392 6076 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:30:34.0407 6076 MMCSS - ok
09:30:34.0423 6076 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:30:34.0423 6076 Modem - ok
09:30:34.0470 6076 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:30:34.0470 6076 monitor - ok
09:30:34.0516 6076 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:30:34.0516 6076 mouclass - ok
09:30:34.0548 6076 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:30:34.0548 6076 mouhid - ok
09:30:34.0594 6076 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:30:34.0594 6076 mountmgr - ok
09:30:34.0657 6076 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:30:34.0672 6076 mpio - ok
09:30:34.0704 6076 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:30:34.0704 6076 mpsdrv - ok
09:30:34.0828 6076 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:30:34.0844 6076 MpsSvc - ok
09:30:34.0906 6076 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:30:34.0922 6076 MRxDAV - ok
09:30:34.0969 6076 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:30:35.0016 6076 mrxsmb - ok
09:30:35.0078 6076 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:30:35.0140 6076 mrxsmb10 - ok
09:30:35.0156 6076 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:30:35.0172 6076 mrxsmb20 - ok
09:30:35.0203 6076 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:30:35.0203 6076 msahci - ok
09:30:35.0234 6076 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:30:35.0250 6076 msdsm - ok
09:30:35.0281 6076 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:30:35.0281 6076 MSDTC - ok
09:30:35.0312 6076 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:30:35.0312 6076 Msfs - ok
09:30:35.0328 6076 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:30:35.0343 6076 mshidkmdf - ok
09:30:35.0343 6076 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:30:35.0343 6076 msisadrv - ok
09:30:35.0390 6076 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:30:35.0421 6076 MSiSCSI - ok
09:30:35.0437 6076 msiserver - ok
09:30:35.0437 6076 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:30:35.0452 6076 MSKSSRV - ok
09:30:35.0452 6076 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:30:35.0468 6076 MSPCLOCK - ok
09:30:35.0484 6076 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:30:35.0484 6076 MSPQM - ok
09:30:35.0530 6076 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:30:35.0546 6076 MsRPC - ok
09:30:35.0577 6076 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:30:35.0577 6076 mssmbios - ok
09:30:35.0593 6076 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:30:35.0593 6076 MSTEE - ok
09:30:35.0608 6076 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:30:35.0608 6076 MTConfig - ok
09:30:35.0624 6076 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:30:35.0624 6076 Mup - ok
09:30:35.0718 6076 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
09:30:35.0718 6076 N360 - ok
09:30:35.0811 6076 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:30:35.0811 6076 napagent - ok
09:30:35.0858 6076 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:30:35.0874 6076 NativeWifiP - ok
09:30:35.0998 6076 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120522.020\ENG64.SYS
09:30:35.0998 6076 NAVENG - ok
09:30:36.0201 6076 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120522.020\EX64.SYS
09:30:36.0217 6076 NAVEX15 - ok
09:30:36.0404 6076 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:30:36.0420 6076 NDIS - ok
09:30:36.0451 6076 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:30:36.0451 6076 NdisCap - ok
09:30:36.0482 6076 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:30:36.0482 6076 NdisTapi - ok
09:30:36.0513 6076 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:30:36.0513 6076 Ndisuio - ok
09:30:36.0560 6076 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:30:36.0576 6076 NdisWan - ok
09:30:36.0607 6076 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:30:36.0607 6076 NDProxy - ok
09:30:36.0622 6076 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:30:36.0638 6076 NetBIOS - ok
09:30:36.0685 6076 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:30:36.0700 6076 NetBT - ok
09:30:36.0763 6076 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:30:36.0763 6076 Netlogon - ok
09:30:36.0810 6076 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:30:36.0810 6076 Netman - ok
09:30:36.0856 6076 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:30:36.0872 6076 netprofm - ok
09:30:36.0934 6076 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:30:36.0966 6076 NetTcpPortSharing - ok
09:30:36.0997 6076 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:30:37.0012 6076 nfrd960 - ok
09:30:37.0075 6076 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:30:37.0075 6076 NlaSvc - ok
09:30:37.0106 6076 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:30:37.0106 6076 Npfs - ok
09:30:37.0122 6076 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:30:37.0122 6076 nsi - ok
09:30:37.0122 6076 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:30:37.0122 6076 nsiproxy - ok
09:30:37.0309 6076 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:30:37.0324 6076 Ntfs - ok
09:30:37.0449 6076 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:30:37.0449 6076 Null - ok
09:30:38.0604 6076 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:30:38.0760 6076 nvlddmkm - ok
09:30:38.0900 6076 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:30:38.0916 6076 nvraid - ok
09:30:38.0962 6076 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:30:38.0962 6076 nvstor - ok
09:30:39.0087 6076 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
09:30:39.0118 6076 nvsvc - ok
09:30:39.0337 6076 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:30:39.0399 6076 nvUpdatusService - ok
09:30:39.0524 6076 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:30:39.0524 6076 nv_agp - ok
09:30:39.0649 6076 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:30:39.0664 6076 odserv - ok
09:30:39.0711 6076 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:30:39.0711 6076 ohci1394 - ok
09:30:39.0774 6076 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:30:39.0789 6076 ose - ok
09:30:39.0852 6076 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:30:39.0852 6076 p2pimsvc - ok
09:30:39.0914 6076 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:30:39.0914 6076 p2psvc - ok
09:30:39.0945 6076 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:30:39.0945 6076 Parport - ok
09:30:39.0976 6076 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:30:39.0992 6076 partmgr - ok
09:30:40.0039 6076 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:30:40.0039 6076 PcaSvc - ok
09:30:40.0070 6076 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:30:40.0086 6076 pci - ok
09:30:40.0132 6076 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:30:40.0148 6076 pciide - ok
09:30:40.0179 6076 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:30:40.0179 6076 pcmcia - ok
09:30:40.0195 6076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:30:40.0210 6076 pcw - ok
09:30:40.0273 6076 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:30:40.0288 6076 PEAUTH - ok
09:30:40.0382 6076 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:30:40.0382 6076 PerfHost - ok
09:30:40.0538 6076 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:30:40.0569 6076 pla - ok
09:30:40.0663 6076 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:30:40.0678 6076 PlugPlay - ok
09:30:40.0694 6076 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:30:40.0710 6076 PNRPAutoReg - ok
09:30:40.0741 6076 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:30:40.0741 6076 PNRPsvc - ok
09:30:40.0803 6076 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:30:40.0803 6076 PolicyAgent - ok
09:30:40.0834 6076 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:30:40.0850 6076 Power - ok
09:30:40.0912 6076 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:30:40.0928 6076 PptpMiniport - ok
09:30:40.0959 6076 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:30:40.0959 6076 Processor - ok
09:30:40.0990 6076 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:30:40.0990 6076 ProfSvc - ok
09:30:41.0037 6076 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:30:41.0037 6076 ProtectedStorage - ok
09:30:41.0084 6076 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:30:41.0084 6076 Psched - ok
09:30:41.0131 6076 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:30:41.0131 6076 PxHlpa64 - ok
09:30:41.0318 6076 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:30:41.0334 6076 ql2300 - ok
09:30:41.0474 6076 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:30:41.0474 6076 ql40xx - ok
09:30:41.0521 6076 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:30:41.0536 6076 QWAVE - ok
09:30:41.0536 6076 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:30:41.0552 6076 QWAVEdrv - ok
09:30:41.0552 6076 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:30:41.0568 6076 RasAcd - ok
09:30:41.0599 6076 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:30:41.0599 6076 RasAgileVpn - ok
09:30:41.0630 6076 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:30:41.0630 6076 RasAuto - ok
09:30:41.0677 6076 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:30:41.0677 6076 Rasl2tp - ok
09:30:41.0755 6076 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:30:41.0770 6076 RasMan - ok
09:30:41.0786 6076 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:30:41.0802 6076 RasPppoe - ok
09:30:41.0817 6076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:30:41.0817 6076 RasSstp - ok
09:30:41.0880 6076 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:30:41.0895 6076 rdbss - ok
09:30:41.0911 6076 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:30:41.0911 6076 rdpbus - ok
09:30:41.0926 6076 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:30:41.0926 6076 RDPCDD - ok
09:30:41.0942 6076 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:30:41.0942 6076 RDPENCDD - ok
09:30:41.0958 6076 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:30:41.0958 6076 RDPREFMP - ok
09:30:42.0004 6076 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:30:42.0020 6076 RDPWD - ok
09:30:42.0067 6076 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:30:42.0067 6076 rdyboost - ok
09:30:42.0114 6076 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:30:42.0114 6076 RemoteAccess - ok
09:30:42.0160 6076 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:30:42.0160 6076 RemoteRegistry - ok
09:30:42.0363 6076 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:30:42.0379 6076 RoxMediaDB10 - ok
09:30:42.0410 6076 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:30:42.0410 6076 RpcEptMapper - ok
09:30:42.0441 6076 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:30:42.0441 6076 RpcLocator - ok
09:30:42.0504 6076 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:30:42.0504 6076 RpcSs - ok
09:30:42.0566 6076 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:30:42.0582 6076 rspndr - ok
09:30:42.0582 6076 RxFilter - ok
09:30:42.0628 6076 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:30:42.0628 6076 SamSs - ok
09:30:42.0675 6076 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:30:42.0691 6076 sbp2port - ok
09:30:42.0722 6076 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:30:42.0722 6076 SCardSvr - ok
09:30:42.0753 6076 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:30:42.0769 6076 scfilter - ok
09:30:42.0894 6076 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:30:42.0909 6076 Schedule - ok
09:30:42.0956 6076 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:30:42.0956 6076 SCPolicySvc - ok
09:30:43.0003 6076 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:30:43.0018 6076 SDRSVC - ok
09:30:43.0128 6076 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:30:43.0128 6076 SeaPort - ok
09:30:43.0190 6076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:30:43.0190 6076 secdrv - ok
09:30:43.0221 6076 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:30:43.0221 6076 seclogon - ok
09:30:43.0268 6076 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:30:43.0268 6076 SENS - ok
09:30:43.0284 6076 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:30:43.0284 6076 SensrSvc - ok
09:30:43.0299 6076 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:30:43.0299 6076 Serenum - ok
09:30:43.0330 6076 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:30:43.0346 6076 Serial - ok
09:30:43.0393 6076 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:30:43.0393 6076 sermouse - ok
09:30:43.0455 6076 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:30:43.0455 6076 SessionEnv - ok
09:30:43.0486 6076 SessionLauncher - ok
09:30:43.0518 6076 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:30:43.0518 6076 sffdisk - ok
09:30:43.0533 6076 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:30:43.0533 6076 sffp_mmc - ok
09:30:43.0533 6076 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:30:43.0533 6076 sffp_sd - ok
09:30:43.0549 6076 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:30:43.0549 6076 sfloppy - ok
09:30:43.0611 6076 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:30:43.0611 6076 SharedAccess - ok
09:30:43.0674 6076 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:30:43.0674 6076 ShellHWDetection - ok
09:30:43.0705 6076 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:30:43.0705 6076 SiSRaid2 - ok
09:30:43.0720 6076 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:30:43.0736 6076 SiSRaid4 - ok
09:30:43.0767 6076 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:30:43.0767 6076 Smb - ok
09:30:43.0814 6076 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:30:43.0814 6076 SNMPTRAP - ok
09:30:43.0830 6076 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:30:43.0830 6076 spldr - ok
09:30:43.0876 6076 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:30:43.0892 6076 Spooler - ok
09:30:44.0188 6076 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:30:44.0220 6076 sppsvc - ok
09:30:44.0329 6076 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:30:44.0344 6076 sppuinotify - ok
09:30:44.0469 6076 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
09:30:44.0485 6076 SRTSP - ok
09:30:44.0500 6076 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
09:30:44.0500 6076 SRTSPX - ok
09:30:44.0563 6076 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:30:44.0578 6076 srv - ok
09:30:44.0625 6076 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:30:44.0625 6076 srv2 - ok
09:30:44.0672 6076 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:30:44.0672 6076 srvnet - ok
09:30:44.0719 6076 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:30:44.0719 6076 SSDPSRV - ok
09:30:44.0734 6076 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:30:44.0734 6076 SstpSvc - ok
09:30:44.0797 6076 Stereo Service (bad795e567a323481813c88db8bc8fdf) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:30:44.0797 6076 Stereo Service - ok
09:30:44.0828 6076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:30:44.0828 6076 stexstor - ok
09:30:44.0922 6076 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:30:44.0922 6076 stisvc - ok
09:30:44.0984 6076 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:30:45.0000 6076 stllssvr - ok
09:30:45.0031 6076 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:30:45.0031 6076 swenum - ok
09:30:45.0078 6076 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:30:45.0109 6076 swprv - ok
09:30:45.0187 6076 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
09:30:45.0202 6076 SymDS - ok
09:30:45.0312 6076 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
09:30:45.0327 6076 SymEFA - ok
09:30:45.0390 6076 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:30:45.0405 6076 SymEvent - ok
09:30:45.0468 6076 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys
09:30:45.0468 6076 SymIM - ok
09:30:45.0514 6076 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
09:30:45.0514 6076 SymIRON - ok
09:30:45.0577 6076 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
09:30:45.0592 6076 SymNetS - ok
09:30:45.0764 6076 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:30:45.0780 6076 SysMain - ok
09:30:45.0904 6076 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:30:45.0920 6076 TabletInputService - ok
09:30:45.0967 6076 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:30:45.0982 6076 TapiSrv - ok
09:30:45.0998 6076 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:30:46.0014 6076 TBS - ok
09:30:46.0216 6076 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:30:46.0232 6076 Tcpip - ok
09:30:46.0466 6076 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:30:46.0482 6076 TCPIP6 - ok
09:30:46.0575 6076 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:30:46.0591 6076 tcpipreg - ok
09:30:46.0606 6076 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:30:46.0606 6076 TDPIPE - ok
09:30:46.0638 6076 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:30:46.0653 6076 TDTCP - ok
09:30:46.0684 6076 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:30:46.0700 6076 tdx - ok
09:30:46.0747 6076 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:30:46.0762 6076 TermDD - ok
09:30:46.0825 6076 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:30:46.0840 6076 TermService - ok
09:30:46.0872 6076 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:30:46.0872 6076 Themes - ok
09:30:46.0903 6076 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:30:46.0903 6076 THREADORDER - ok
09:30:46.0918 6076 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:30:46.0918 6076 TrkWks - ok
09:30:46.0965 6076 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:30:46.0981 6076 TrustedInstaller - ok
09:30:47.0012 6076 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:30:47.0028 6076 tssecsrv - ok
09:30:47.0074 6076 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:30:47.0090 6076 TsUsbFlt - ok
09:30:47.0121 6076 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:30:47.0121 6076 tunnel - ok
09:30:47.0152 6076 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:30:47.0168 6076 uagp35 - ok
09:30:47.0230 6076 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:30:47.0230 6076 udfs - ok
09:30:47.0262 6076 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:30:47.0262 6076 UI0Detect - ok
09:30:47.0308 6076 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:30:47.0324 6076 uliagpkx - ok
09:30:47.0371 6076 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:30:47.0371 6076 umbus - ok
09:30:47.0402 6076 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:30:47.0402 6076 UmPass - ok
09:30:47.0449 6076 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:30:47.0449 6076 upnphost - ok
09:30:47.0480 6076 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
09:30:47.0496 6076 USBAAPL64 - ok
09:30:47.0558 6076 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
09:30:47.0558 6076 usbaudio - ok
09:30:47.0620 6076 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:30:47.0636 6076 usbccgp - ok
09:30:47.0667 6076 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:30:47.0683 6076 usbcir - ok
09:30:47.0714 6076 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:30:47.0714 6076 usbehci - ok
09:30:47.0761 6076 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:30:47.0776 6076 usbhub - ok
09:30:47.0808 6076 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:30:47.0808 6076 usbohci - ok
09:30:47.0839 6076 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:30:47.0839 6076 usbprint - ok
09:30:47.0854 6076 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:30:47.0870 6076 USBSTOR - ok
09:30:47.0886 6076 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:30:47.0886 6076 usbuhci - ok
09:30:47.0901 6076 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:30:47.0901 6076 UxSms - ok
09:30:47.0948 6076 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:30:47.0948 6076 VaultSvc - ok
09:30:47.0979 6076 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:30:47.0979 6076 vdrvroot - ok
09:30:48.0057 6076 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:30:48.0073 6076 vds - ok
09:30:48.0088 6076 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:30:48.0104 6076 vga - ok
09:30:48.0120 6076 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:30:48.0120 6076 VgaSave - ok
09:30:48.0166 6076 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:30:48.0182 6076 vhdmp - ok
09:30:48.0213 6076 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:30:48.0213 6076 viaide - ok
09:30:48.0260 6076 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:30:48.0276 6076 volmgr - ok
09:30:48.0338 6076 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:30:48.0338 6076 volmgrx - ok
09:30:48.0400 6076 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:30:48.0400 6076 volsnap - ok
09:30:48.0432 6076 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:30:48.0447 6076 vsmraid - ok
09:30:48.0603 6076 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:30:48.0650 6076 VSS - ok
09:30:48.0790 6076 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:30:48.0790 6076 vwifibus - ok
09:30:48.0853 6076 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:30:48.0868 6076 W32Time - ok
09:30:48.0900 6076 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:30:48.0900 6076 WacomPen - ok
09:30:48.0946 6076 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:30:48.0962 6076 WANARP - ok
09:30:48.0962 6076 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:30:48.0962 6076 Wanarpv6 - ok
09:30:48.0993 6076 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
09:30:48.0993 6076 wanatw - ok
09:30:49.0165 6076 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:30:49.0212 6076 WatAdminSvc - ok
09:30:49.0399 6076 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:30:49.0430 6076 wbengine - ok
09:30:49.0555 6076 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:30:49.0570 6076 WbioSrvc - ok
09:30:49.0633 6076 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:30:49.0633 6076 wcncsvc - ok
09:30:49.0648 6076 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:30:49.0664 6076 WcsPlugInService - ok
09:30:49.0695 6076 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:30:49.0695 6076 Wd - ok
09:30:49.0773 6076 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:30:49.0789 6076 Wdf01000 - ok
09:30:49.0804 6076 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:30:49.0804 6076 WdiServiceHost - ok
09:30:49.0820 6076 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:30:49.0820 6076 WdiSystemHost - ok
09:30:49.0867 6076 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:30:49.0882 6076 WebClient - ok
09:30:49.0914 6076 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:30:49.0914 6076 Wecsvc - ok
09:30:49.0929 6076 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:30:49.0945 6076 wercplsupport - ok
09:30:49.0976 6076 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:30:49.0976 6076 WerSvc - ok
09:30:50.0007 6076 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:30:50.0007 6076 WfpLwf - ok
09:30:50.0023 6076 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:30:50.0023 6076 WIMMount - ok
09:30:50.0116 6076 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:30:50.0132 6076 winachsf - ok
09:30:50.0163 6076 WinDefend - ok
09:30:50.0163 6076 WinHttpAutoProxySvc - ok
09:30:50.0226 6076 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:30:50.0241 6076 Winmgmt - ok
09:30:50.0444 6076 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:30:50.0460 6076 WinRM - ok
09:30:50.0631 6076 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:30:50.0647 6076 WinUsb - ok
09:30:50.0756 6076 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:30:50.0772 6076 Wlansvc - ok
09:30:51.0052 6076 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:30:51.0084 6076 wlidsvc - ok
09:30:51.0208 6076 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:30:51.0208 6076 WmiAcpi - ok
09:30:51.0271 6076 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:30:51.0286 6076 wmiApSrv - ok
09:30:51.0333 6076 WMPNetworkSvc - ok
09:30:51.0364 6076 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:30:51.0364 6076 WPCSvc - ok
09:30:51.0411 6076 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:30:51.0411 6076 WPDBusEnum - ok
09:30:51.0442 6076 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:30:51.0442 6076 ws2ifsl - ok
09:30:51.0458 6076 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:30:51.0458 6076 wscsvc - ok
09:30:51.0458 6076 WSearch - ok
09:30:51.0708 6076 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:30:51.0739 6076 wuauserv - ok
09:30:51.0879 6076 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:30:51.0879 6076 WudfPf - ok
09:30:51.0926 6076 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:30:51.0926 6076 WUDFRd - ok
09:30:51.0973 6076 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:30:51.0973 6076 wudfsvc - ok
09:30:52.0004 6076 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:30:52.0020 6076 WwanSvc - ok
09:30:52.0035 6076 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
09:30:52.0035 6076 XAudio - ok
09:30:52.0051 6076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:30:52.0347 6076 \Device\Harddisk0\DR0 - ok
09:30:52.0363 6076 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
09:30:52.0363 6076 \Device\Harddisk1\DR1 - ok
09:30:52.0378 6076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
09:30:52.0378 6076 \Device\Harddisk6\DR6 - ok
09:30:52.0394 6076 Boot (0x1200) (f9763c6bc8df0a593e3a54c72aed5372) \Device\Harddisk0\DR0\Partition0
09:30:52.0394 6076 \Device\Harddisk0\DR0\Partition0 - ok
09:30:52.0410 6076 Boot (0x1200) (e93686f076ea5833734302e8adea22e4) \Device\Harddisk0\DR0\Partition1
09:30:52.0410 6076 \Device\Harddisk0\DR0\Partition1 - ok
09:30:52.0410 6076 Boot (0x1200) (8f819c102dbed74f2742c947a8e6d791) \Device\Harddisk1\DR1\Partition0
09:30:52.0410 6076 \Device\Harddisk1\DR1\Partition0 - ok
09:30:52.0425 6076 Boot (0x1200) (df896ae59f1f017313512eab784df937) \Device\Harddisk6\DR6\Partition0
09:30:52.0425 6076 \Device\Harddisk6\DR6\Partition0 - ok
09:30:52.0425 6076 ============================================================
09:30:52.0425 6076 Scan finished
09:30:52.0425 6076 ============================================================
09:30:52.0441 6036 Detected object count: 0
09:30:52.0441 6036 Actual detected object count: 0




-------------
aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 09:46:41
-----------------------------
09:46:41.187 OS Version: Windows x64 6.1.7601 Service Pack 1
09:46:41.187 Number of processors: 4 586 0x1E05
09:46:41.187 ComputerName: MIP-DESKTOP8100 UserName: Matthew
09:46:42.576 Initialize success
09:47:34.836 AVAST engine defs: 12051401
09:47:59.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
09:47:59.734 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
09:47:59.749 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
09:47:59.749 Disk 1 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
09:47:59.765 Disk 0 MBR read successfully
09:47:59.765 Disk 0 MBR scan
09:47:59.765 Disk 0 Windows 7 default MBR code
09:47:59.780 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
09:47:59.780 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 161792
09:47:59.796 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 609650 MB offset 1697792
09:47:59.827 Disk 0 scanning C:\Windows\system32\drivers
09:48:12.682 Service scanning
09:48:33.149 Modules scanning
09:48:33.664 Disk 0 trace - called modules:
09:48:33.679 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:48:33.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dce060]
09:48:33.679 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8004ab1050]
09:48:36.144 AVAST engine scan C:\Windows
09:48:41.245 AVAST engine scan C:\Windows\system32
09:51:41.146 AVAST engine scan C:\Windows\system32\drivers
09:51:56.605 AVAST engine scan C:\Users\Matthew
10:04:05.607 AVAST engine scan C:\ProgramData
10:08:15.516 Scan finished successfully
12:21:06.322 Disk 0 MBR has been saved successfully to "M:\MIP\Matthews Documents\Add-ons for 8100\Redirect Problems\aswMBR\MBR.dat"
12:21:06.322 The log file has been saved successfully to "M:\MIP\Matthews Documents\Add-ons for 8100\Redirect Problems\aswMBR\aswMBR log.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 23 May 2012 - 11:45 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MIP31415

MIP31415
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 24 May 2012 - 10:37 AM

A bit swampped at work. I will get to this ASAP.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 24 May 2012 - 11:44 AM

Don't worry Work comes first - I will check on you in a few days if you have not come back just respond to that and it will not get closed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users