Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Happili User


  • This topic is locked This topic is locked
14 replies to this topic

#1 Yu Yu

Yu Yu

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 18 April 2012 - 08:38 AM

Hey Bleepers,
It looks like I am infected with the happili virus. I've tried to follow some of the removal steps that I've found around the web. I ran a Malwarebytes quick scan which removed some stuff (see first log attached), but I continued to get linked to happili pages from google searches. I then conducted a Malwarebytes full scan that found nothing else that was fishy.
I've taken the steps outlined in the prep guide, including enabling a firewall and conducting a whole bunch of scans. I've attached logs of those scans below. I really appreciate any help that folks can give me. I'll be at this machine and able to respond until noon Eastern time today, and all of the work day (9-5 Eastern) tomorrow.
With Love and Peace,
Joey

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 18 April 2012 - 11:44 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Yu Yu

Yu Yu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 20 April 2012 - 11:07 AM

My apologies if this ends up posting twice:
I've had no problems in running these logs.
My computer is running fine - the only symptom of the virus is that top search results in google often redirect to unwanted sites, particularly happili.
Below, I have pasted log from the combofix.
Thanks for the help.


ComboFix 12-04-20.03 - Neil 04/20/2012 11:39:11.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2213 [GMT -4:00]
Running from: c:\users\Neil\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{11100FC0-3109-4C84-B60B-C3104671EDF9}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{29BAB65C-E92F-4B42-A58F-8E5CA9E08E67}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F40C996-085E-470C-93A4-7D5DE091565D}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3AEF4CDE-BE73-4A1B-8A81-C3CEF766D4B0}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F0CFC68-BB4C-44F6-BE58-94DEDA3E1175}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41B78485-8935-4AAA-AA99-28B046CB6092}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{505A3AE4-EE3E-4484-8462-B0E5AFE3D29C}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5CC8A7EF-ADB8-4125-B153-47989483C14B}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{91394127-9D8F-46DB-91D3-16A55EE0318D}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{91A41DC5-1855-4A6D-8C77-00943AC0EE36}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD72D4C8-1B13-4F84-909D-A8CE86A90889}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DAD32EF9-12D2-4E3B-95DA-B189A87B2F84}.xps
c:\users\Neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E733B2DA-BEB2-4870-9032-D8222367F187}.xps
c:\users\Neil\AppData\Local\NVIDIA Corporation\hrbtytgh.dll
c:\users\Neil\AppData\Local\Temp\4681.tmp
c:\users\Neil\AppData\Local\Temp\lapro.dll
c:\windows\system32\regobj.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 15:45 . 2012-04-20 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 14:35 . 2012-04-17 14:35 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2012-04-17 14:35 . 2012-04-17 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-17 14:35 . 2012-04-17 14:35 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 14:35 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-17 14:20 . 2012-04-17 14:20 -------- d-----w- c:\program files\SpywareBlaster
2012-04-14 17:24 . 2012-04-20 15:44 -------- d-----w- c:\users\Neil\AppData\Local\NVIDIA Corporation
2012-04-13 14:16 . 2012-04-13 14:16 -------- d-----w- c:\users\Neil\AppData\Local\{3403BCDD-8573-11E1-826D-B8AC6F996F26}
2012-04-12 20:19 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:18 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 20:18 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 14:30 . 2012-04-12 14:30 -------- d-----w- c:\users\Neil\PycharmProjects
2012-04-12 14:29 . 2012-04-12 14:29 -------- d-----w- c:\users\Neil\.PyCharm20
2012-04-12 14:29 . 2012-04-12 14:29 -------- d-----w- c:\program files\JetBrains
2012-04-10 18:48 . 2012-04-10 18:48 -------- d-----w- c:\users\Neil\.idlerc
2012-04-06 16:49 . 2012-04-06 16:49 -------- d-----w- c:\programdata\ClubSanDisk
2012-04-05 13:10 . 2012-04-06 13:16 -------- d-----w- c:\windows\system32\drivers\NAV\1207010.003
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 20:16 . 2012-03-15 20:16 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-15 20:16 . 2012-03-15 20:16 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-15 20:16 . 2012-03-15 20:16 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-15 20:16 . 2012-03-15 20:16 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-15 20:16 . 2012-03-15 20:16 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-15 20:16 . 2012-03-15 20:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-15 20:16 . 2012-03-15 20:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-15 20:16 . 2012-03-15 20:16 367104 ----a-w- c:\windows\system32\html.iec
2012-03-15 20:16 . 2012-03-15 20:16 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-15 20:16 . 2012-03-15 20:16 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-15 20:16 . 2012-03-15 20:16 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-15 20:16 . 2012-03-15 20:16 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-15 20:16 . 2012-03-15 20:16 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-15 20:16 . 2012-03-15 20:16 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-15 20:16 . 2012-03-15 20:16 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-15 20:16 . 2012-03-15 20:16 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-15 20:16 . 2012-03-15 20:16 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-24 14:46 . 2012-02-24 14:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-15 12:42 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-15 12:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-15 12:42 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-15 12:42 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 17:35 . 2012-03-12 17:10 512472 ----a-w- c:\windows\system32\msxml.dll
2012-02-03 17:35 . 2012-03-12 17:10 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-02-03 03:54 . 2012-03-15 12:42 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-15 12:42 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-15 12:42 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-15 12:42 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2010-08-31 13:52 . 2010-08-31 13:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1261568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-27 178712]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]
.
c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Neil\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c986423489bf80;Google Update Service (gupdate1c986423489bf80);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAV\1007020.00B\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1207010.003\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1207010.003\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111018.030\IDSvix86.sys [2011-09-03 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1207010.003\SYMNETS.SYS [2011-04-21 299640]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2007-06-20 79168]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-02-03 793048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 105592]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - ccHP
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 16:25]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:58]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:58]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855180975-4057031189-661084491-1000Core.job
- c:\users\Neil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 18:10]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3855180975-4057031189-661084491-1000UA.job
- c:\users\Neil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 18:10]
.
2012-04-18 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-03-12 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: 3rc.org\sharepoint
TCP: DhcpNameServer = 209.166.168.4 209.166.168.6
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\mpnk23vv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.3rc.org/fieldlinks.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn
FF - Ext: Translate This!: {3403BCDD-8573-11E1-826D-B8AC6F996F26} - c:\users\Neil\AppData\Local\{3403BCDD-8573-11E1-826D-B8AC6F996F26}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKCU-Run-ChicaPasswordManager - c:\program files\ChicaLogic\Chica Password Manager\stpass.exe
HKCU-Run-NVIDIA Corporation - c:\users\Neil\AppData\Local\NVIDIA Corporation\hrbtytgh.dll
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_3736"="{CA58F601-55FF-4852-9F7C-5297222852D8}"
"ccSvcHst_UserSession_3832"="{1C59C5C3-8D72-4338-B469-0D0E5ED9C0FD}"
"ccSvcHst_UserSession_3076"="{187391D3-12EA-400B-B788-8F0194557F63}"
"ccSvcHst_UserSession_3072"="{E26765AE-89A1-48E4-A80B-4C181E0FB331}"
"ccSvcHst_UserSession_3412"="{03C277E0-F3B7-410E-ABA1-FBAE53F05CED}"
"ccSvcHst_UserSession_2696"="{252F9A06-F6E7-4047-A1B4-3115574231FD}"
"ccSvcHst_UserSession_3504"="{003C1CDF-A170-40A4-AFC0-526AA117983E}"
"ccSvcHst_UserSession_3792"="{3027E106-F1A4-4CAF-90F1-AF3F5CB53167}"
"ccSvcHst_UserSession_2420"="{F4FE4008-DF05-4BF3-B62F-7A9B87EF0466}"
"ccSvcHst_UserSession_2208"="{5635DEC3-164A-47C1-9461-B33BB2163B08}"
"ccSvcHst_UserSession_3156"="{845A3824-BDC4-4A0D-80AE-865A62E818D8}"
"ccSvcHst_UserSession_2768"="{08D8D756-D94D-4EEC-A6E8-FCD609FF817A}"
"ccSvcHst_UserSession_2604"="{5AE9CF9A-64B3-46C2-9770-7E352A0E9288}"
"ccSvcHst_UserSession_2672"="{0830DB56-8E52-4174-B3D9-8F0B8AA8B058}"
"ccSvcHst_NAV"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccSettingsService"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccGenericEvent_Global_EM"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccGenericEvent_Global_LM"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccGenericLog_Manager"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"SymRedirSvcRequestChannel"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"SNDServiceRequestChannel"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"NortonNetServiceIPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"SNDLocationChannel"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"_isDataPrComm_"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ncw_performance_IPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"NetMapServiceIPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"_ProcessDetection_"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"isError_Service_IPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"BashIPCChannel"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"_HSPlayerCommand_"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"IPS_COMMAND_CHANNEL"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"FWAlert"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccSvcHst_UserSession_3000"="{23B08435-8444-4DFB-B319-350F535FD7B0}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"_AvProdSvcComm_"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"AvProdSession_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"AvProdSession_Options_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"clt::AlertChannel2_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"AvProdSession_MessageCenter_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"AvProdSession_Scanless_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"AvProdSession_IPUA_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"AvProdSession_CanIRun_01"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"TRUSTCHANNEL"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"SDKCHANNEL1"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"ToasterNotify\\SessionID_1"="{085619FB-F795-43EC-8E53-33F27E39934A}"
"_ReputationSvcComm_ReputationPublisher"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ncw_reputation_scan_server_IPC"="{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"
"ccSvcHst_UserSession_2492"="{085619FB-F795-43EC-8E53-33F27E39934A}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{B2DC0191-BC61-42F3-BAF5-61E8482FE44C}"=""
"{CA58F601-55FF-4852-9F7C-5297222852D8}"=""
"{4DC7BFE4-783C-4D33-8896-0AE7774D4F24}"=""
"{318D7515-322D-47DA-B378-8032C89AF970}"=""
"{1C59C5C3-8D72-4338-B469-0D0E5ED9C0FD}"=""
"{9846FD87-ADBB-46A0-B87D-18470A56C6C4}"=""
"{50556904-C49E-4FEB-8DB3-99B27D1B84EF}"=""
"{CA423081-E9C8-4BF8-A22A-6408F913F59B}"=""
"{D5447C59-2126-4F05-82D0-7406BD226DD9}"=""
"{22FAA73D-18CC-4C57-BAB7-C038707A9A45}"=""
"{6439DBCE-4472-4E8F-A8DF-F3B8B1A84921}"=""
"{EB3BD266-F7B0-4FEB-8C48-19494A86E9D3}"=""
"{187391D3-12EA-400B-B788-8F0194557F63}"=""
"{4B41D95A-6AC0-4D1C-9068-D52239E36C3B}"=""
"{1FC7D405-BF65-428C-885E-2E233B5AC40C}"=""
"{9B463AE9-366D-4C64-846D-0F121B9B4565}"=""
"{B30EAF51-45F0-4CFE-8631-C5ADA5B2B171}"=""
"{C53F71D5-656F-47DF-B4F0-E6243AA5BFC7}"=""
"{6B5D8525-FB7D-49AE-BE96-CB23307B02A5}"=""
"{E839A4B9-2F46-4E0B-99E5-396222D1AC83}"=""
"{5AFC7D22-DC7B-496E-8C69-B48BF1CCD844}"=""
"{33168418-66D0-4FDA-97F9-110D2B6A8BE4}"=""
"{6014B606-F61A-40C9-A07B-1DDB0DD01608}"=""
"{5BD12D53-DF90-42C7-97EF-3438BC18A5F7}"=""
"{2E4F7B1E-D0D7-4713-B311-87739D7C0779}"=""
"{7786252B-203D-4493-96A2-5099C545B81B}"=""
"{F4CE1FC7-DBA9-4282-9980-B2121DFB33EC}"=""
"{EFCDD002-AFF1-47F5-B8A0-FD7B10FA06FA}"=""
"{388078FE-6DFB-4788-8BEB-5AD6C2890C91}"=""
"{F989838B-B8D6-47F7-88C4-E6B3A331376F}"=""
"{0FAA08A5-39BA-4F2A-A83B-1E1AA0FE3CB3}"=""
"{60B4692F-7B01-4FDE-8EC2-D6C22F5ED246}"=""
"{3B8C2D23-AA62-46D1-94DC-ECF2B709377C}"=""
"{21F940E7-285C-4377-A376-3FB4A1C68A78}"=""
"{58533BF9-454B-4760-9C6F-BBE05BB57636}"=""
"{56348176-7284-49C8-9F14-21F7CAE77162}"=""
"{8C10FF3E-5BDC-46DD-B0CD-D708869484B0}"=""
"{0CA779E7-CDD3-4E39-A7C7-F9BBB2E9F545}"=""
"{DF9D880C-3E0C-4BDB-A363-87CA24C85F51}"=""
"{F8DCEC26-2DEC-4B3B-9920-86C75DBDA494}"=""
"{DA537BBB-3DB2-421C-BED1-A9C3B330654F}"=""
"{CC67E3F4-A2F1-43F8-AAF5-B86BE8370647}"=""
"{E26765AE-89A1-48E4-A80B-4C181E0FB331}"=""
"{8286B01A-37F1-4563-A0FA-EC0B598EE5B9}"=""
"{CDB81625-3459-4B8A-9C0F-DBCFC8D7BFF1}"=""
"{E944D938-BB6B-4A7F-9BF9-6E4522BC10CD}"=""
"{6A9B3900-1601-4213-9CE4-257C352B3BD5}"=""
"{E264D108-2E8E-446B-9248-94AC7CF41825}"=""
"{14D53E6D-6AC2-4D34-BA97-083C51A2D2CB}"=""
"{3878B902-0D19-470B-96F2-8716671422D6}"=""
"{5CA05C4E-E7F0-4692-A58D-CF221CB87915}"=""
"{F68BC0EC-4CE8-4B46-83BF-18F64C8253D7}"=""
"{4285B9AD-DF8E-47BF-966F-5ABBA1227587}"=""
"{31C1DAA8-B70C-41CA-892D-4C2A5C6F8AD4}"=""
"{03C277E0-F3B7-410E-ABA1-FBAE53F05CED}"=""
"{4E825C93-2434-4842-9981-F847D594C667}"=""
"{5A8539F3-DBC1-48E9-A215-B67499505AB4}"=""
"{443EA972-E708-48B7-9EB5-E1EDF4796C17}"=""
"{823AC1AF-4724-42F5-B578-A2EABB284616}"=""
"{2017C286-E4AD-4A69-838A-591914BEE498}"=""
"{2E19156D-0AEF-485E-A5B3-EF4D6975D889}"=""
"{644A82B2-CDF1-4320-9B6A-6E02F5E00759}"=""
"{277054E8-88B8-48B4-B68F-516E6BEA0EE3}"=""
"{9CCE1EF7-3D7C-495A-8AEF-4809B4C223C3}"=""
"{460A1B96-8633-4072-9585-199A1EDC7C9B}"=""
"{16D39B1E-5375-434E-8C52-A5F77D431908}"=""
"{B408AA81-E999-436A-AA95-EEC52F367A49}"=""
"{21F809A3-1303-437A-A051-3D292E38EF58}"=""
"{237C9ED3-EE54-4224-BB2A-9BC3D6FB3B38}"=""
"{2959C243-2797-474A-9939-679E45627905}"=""
"{DD0AA3DE-FDB3-4907-8433-2EDFC5D7C3F2}"=""
"{0EBD0755-27B5-4DEA-8AEE-863327CD2907}"=""
"{5F23AB49-3AD1-481C-A99A-FD9001F01684}"=""
"{F214EA59-8F92-433A-8568-2873D216EE6D}"=""
"{7792B39E-656A-47C1-B58C-83539632144A}"=""
"{6782E901-2CAF-491F-A78E-4C727531229D}"=""
"{AC1A6270-CA39-4462-B603-3BCEB3241727}"=""
"{C8E74A6F-0E0D-448B-ADFE-AA64F1294E38}"=""
"{6A359752-BEDC-4ABE-B802-2205E8A6F820}"=""
"{132D56F9-F5F9-4B21-9DF6-15DB8578BCE6}"=""
"{3CA853A9-83C1-47E2-8579-C3CF85CB25F1}"=""
"{2BA3C843-8B7C-4E2C-B9EC-D3FD524ACC11}"=""
"{8CC68F92-9835-4095-A1AC-6A5D58E752F1}"=""
"{F21EF5DD-38AE-4337-B227-0EB2BE152F58}"=""
"{B99C9160-B183-4E30-8598-2205A385A00F}"=""
"{240BD406-494A-488E-9508-1F33AA56DD6B}"=""
"{CA79A695-5546-436F-9DD6-E4E750B021FB}"=""
"{0CACABCA-01D8-408F-9B03-2A9A300B7626}"=""
"{00603366-38E3-4357-AB8C-6C76DAB60DF1}"=""
"{26B6EAD6-C730-4D70-B636-6154068FC239}"=""
"{40AC373F-316D-47C3-8D59-2E59A759824D}"=""
"{E7624298-95D6-4E00-AA29-A1D5C1583734}"=""
"{7BDDE3DA-3C13-4084-B86E-5D1058A3C9F5}"=""
"{40176C0C-18B4-420F-AD09-B1957DB32782}"=""
"{42E2E863-AB99-415D-B630-16B7FD667621}"=""
"{8ED472A1-1811-42E8-9E15-B4DF541CF2F5}"=""
"{2A9C891F-77D0-4FF0-98C3-9DC9B8AA8438}"=""
"{02A29CF4-62FD-4191-93DE-2397618CD2E2}"=""
"{286CE60B-4DBA-4BD7-B640-16884241C5C4}"=""
"{46EA0A9E-4586-48F8-B25D-2464CA9D69DA}"=""
"{97F1E0F2-8A2D-4301-AA09-8D4536622162}"=""
"{85354181-0DD1-40C2-91AD-8E9EB7831039}"=""
"{0CC3F6C7-AD16-48BD-8C2D-2787699E537D}"=""
"{6403B122-2C03-451D-886C-5456539DD2D0}"=""
"{54631F23-5607-4287-AE96-1CFBB87DEA20}"=""
"{CCBD66F6-75A8-453D-9CA5-3CB7809D6F9E}"=""
"{870B8207-1EC2-426A-8349-0866D9184965}"=""
"{359BD217-B8DE-43D8-BE69-51647F070C80}"=""
"{EEA3F6B3-4C09-452A-80AB-A27CD0EAEDD7}"=""
"{2F21B041-1BC7-4A7E-AAFF-8D0E98247B6B}"=""
"{DD9D8C53-61DA-409A-978B-1D9DE6075797}"=""
"{EE9B043A-ED2D-4DC5-AF7B-A2DCBCF82182}"=""
"{B18530FD-C0F0-4B99-B5EE-915B3536CAFD}"=""
"{332C0CBA-B1FE-46F3-AA12-7E3A6525C4FD}"=""
"{60BAD173-58DE-430A-8A6F-947827D737D9}"=""
"{DD5D3D3B-8AE3-497B-ACDA-CA0E8B481A05}"=""
"{E26B5B92-E9B6-4890-BFE8-E5CB7126A677}"=""
"{B7B8CB5C-8DAA-4190-A925-6A4388E22EB9}"=""
"{32982DAF-097F-4037-A3F3-17E02B5583F7}"=""
"{5F2D4144-49EB-4851-90B7-3A0EA83BFDF7}"=""
"{D17D7985-7B39-4A66-8E6C-792A70D41B15}"=""
"{4DAE691C-37A7-4B81-BC42-90AA057B66BF}"=""
"{252F9A06-F6E7-4047-A1B4-3115574231FD}"=""
"{E588DCB8-65DE-41A5-9B3F-4EE5BE91DB20}"=""
"{28A1423D-D5D5-4612-9844-1A4AE1F1A195}"=""
"{3FCECEBF-AC99-4B72-AF4D-C304AFFDEE95}"=""
"{4D8899F3-BEC7-46C4-942C-A6FB887289F7}"=""
"{6699A03B-ABF6-4D17-B9C6-CA878CBACDE0}"=""
"{9F7BB9F0-62C4-46D5-AE91-689327C44CAD}"=""
"{6664F550-9BFC-4C8C-8DD0-AF214C237C42}"=""
"{AADC0D8F-8D12-442F-8669-FFFD00560F67}"=""
"{E6B903F8-DD31-4451-A2A6-7F781BA2E4E7}"=""
"{4BA0E628-CEFA-4C59-AB8A-A36FA861D542}"=""
"{B3C59626-9879-4A9B-BF37-9C6E372F8894}"=""
"{60EB50A1-97F5-4C23-BE36-CCA234FED084}"=""
"{0B547B7C-48CA-447B-8505-9D51FFE653DD}"=""
"{003C1CDF-A170-40A4-AFC0-526AA117983E}"=""
"{CBE60FF2-0E19-45F5-9560-622EF9FAC36A}"=""
"{A56D7E44-C5FB-4A16-B651-0FE6F8CF5C9D}"=""
"{A4520846-5886-4B86-8417-2EF0FAA6554D}"=""
"{E3DD1A54-7885-4275-92D4-0963425BD103}"=""
"{BA0C8448-431E-4E5E-81DE-C5B78ADB9E87}"=""
"{3F1694D4-9974-4D38-8231-61DD39513BE5}"=""
"{D2C09503-DFB4-44B5-A162-4C30C7413F89}"=""
"{917A160E-8025-49ED-B197-DE56D9203C83}"=""
"{BC7070B1-46DE-4AE8-8041-72A2ABBF08F9}"=""
"{D8D7D068-E9B7-4BA8-956B-E0EFAD2DE5A8}"=""
"{8C283840-106F-4187-93C2-704074D76326}"=""
"{825B8D64-C6F1-44C9-852E-E119FF9CB3D8}"=""
"{E9DEC1E5-08CD-49E2-B6A6-B4EBBBB46621}"=""
"{71AC3804-11BD-4E58-9B71-9E7C2FF1992E}"=""
"{C827D29A-46CF-4F1C-9395-D0BDC4A9B01A}"=""
"{F4E2201D-4AA9-490F-AABE-AA9209CFC5BD}"=""
"{892B8A9A-E70A-4AB9-8C9D-447C1AEF2BB9}"=""
"{B7FFFD47-0377-4C88-AA65-A1D42FFCB538}"=""
"{9F93518A-0551-4A43-AEBA-BEB50C0622D4}"=""
"{B0159AB4-F3A7-46B0-A55F-7DC49FA7D909}"=""
"{60C55250-87B7-419D-A720-8A086D836B98}"=""
"{6B6E08A9-7B8B-45F6-8063-DE2FACFED21B}"=""
"{448B62EB-2220-4A78-9B92-F350C68AF6AA}"=""
"{3027E106-F1A4-4CAF-90F1-AF3F5CB53167}"=""
"{B318EDDB-3658-46AC-87D6-DBA8F1DEC47B}"=""
"{ABD43599-2458-4D20-87ED-7F67656E4978}"=""
"{74B8E960-A5FC-4530-8B89-CB3DF2021B8D}"=""
"{023D7DE0-A8CA-4A75-BB7B-6EC1B09CFA1D}"=""
"{26EE9608-6554-4765-970E-7C85ED077126}"=""
"{CDFC7682-5A26-46C9-A6FF-4F7CCD4FB720}"=""
"{DC9855A2-266E-4EE6-8158-19CF821B8D63}"=""
"{2CF552CB-92CC-48CC-BC5B-6E146F1C1920}"=""
"{82B5804F-DA12-4301-9F2F-3BA37812BE28}"=""
"{9F60D78C-9DB1-4150-A5A9-9BF52FC5794E}"=""
"{09791268-3063-4DE3-B6D5-3CA9EFB149D6}"=""
"{3EFB3975-63C5-4474-A93E-D4402D19319B}"=""
"{6F1A6260-6335-4CC4-804E-CF9259706B64}"=""
"{4D16162C-2362-4BF3-B5CA-9120E89F2D0D}"=""
"{55C5FE73-6A82-4A00-93E8-5FFA2AF1EAB2}"=""
"{6845D938-7681-49C0-97B9-3DC8D81E39E7}"=""
"{B429DD42-B8B6-455A-95EF-9859F7DA5A89}"=""
"{110D77C4-33F5-4B48-81DA-E508AED279E8}"=""
"{980EFE96-3A33-48EA-AFB8-5B4175F4913C}"=""
"{6F1760CE-7282-49D2-B02B-2712FDD8EEF2}"=""
"{4D5B5FD5-47F0-43F5-BB86-7945DDFEE0D0}"=""
"{75D759E5-811E-46DA-955C-B76A20072D81}"=""
"{9658660F-0A5B-4EB5-9F87-333F2270F6D3}"=""
"{F5B9856B-EE4E-4F79-9C0B-0C727E0889A2}"=""
"{C3F59212-9EFE-438E-BEA3-D5F9FA2A1893}"=""
"{99010F0E-F7C9-4216-AAB1-222691C518D3}"=""
"{255EE594-53C3-4641-BC21-086F245A1FA2}"=""
"{9C033261-9D27-4BF1-B59A-0C0D01F7333D}"=""
"{BBD6B509-E070-4581-BEC3-250808F56263}"=""
"{13A186F9-2C92-4EB1-82E5-092248500090}"=""
"{B2AE46DA-29A2-4DA4-95FA-0B10AC13288C}"=""
"{701860E4-B268-4BDD-8D25-373FD6F15532}"=""
"{1E5F84B3-B867-49B9-A700-E86453CFA83D}"=""
"{61F40D60-D010-44E8-BEA8-CBA5D83D3285}"=""
"{CF1D0B51-E6D7-4B38-AC2F-DF981A5AB493}"=""
"{90E44415-7CB2-4A17-9EBE-ABAE42D294AA}"=""
"{C167F0BE-3143-4286-82F1-E6841A7055CF}"=""
"{4EB1EF58-3175-4FD9-9DD2-8DD2899C4B52}"=""
"{C0E001F2-62AB-41E1-AE22-82C5C595C655}"=""
"{1681F0C9-71FE-4E60-BF49-218915E692D5}"=""
"{0627299A-30C9-4F60-ADFE-890DE5D20B7C}"=""
"{0027F812-627E-4F59-9F77-2D2294F80910}"=""
"{E7FA0DA8-D2FF-48CA-A2E9-69BF479F81F0}"=""
"{A1917A39-970F-45AA-A8BE-9F6F2F891662}"=""
"{82B7FDBE-0F21-4132-86C9-2F9484B9CCF7}"=""
"{E6ADF336-6690-4EA3-880A-A1012BDC22F1}"=""
"{3AA55EF2-320F-4663-8C37-87874417BA97}"=""
"{DF3EC552-333B-42C5-A576-94F1F32D8B45}"=""
"{9A15FD6A-CA57-41A0-9C82-43DDAB05E01F}"=""
"{8D128C96-8AB6-46AA-A835-BF4AD19ACD5A}"=""
"{DF01E3F3-80A8-446B-A49A-385A61A537AB}"=""
"{E2C677D2-77E8-4A5E-94DE-31797B436293}"=""
"{3A21AC41-309D-407B-98A7-835F1AD26347}"=""
"{C72B5CD3-6B4E-49DD-8B55-1950F3BC2E1B}"=""
"{DCA5EA86-EADB-4711-ADD8-FD430677228F}"=""
"{B5344FAB-7CF1-4076-B606-80DA06830E15}"=""
"{BD53CF1F-11AF-4890-B95B-D0AB974F738D}"=""
"{A6F9F244-DAED-484C-845C-B503396590D4}"=""
"{8111ECF8-D982-437D-B724-215E787E1FB0}"=""
"{F2E44A2D-C4ED-4C03-81A4-C43870C906DF}"=""
"{7CFF9C31-46A0-4B12-BC9C-74F5AE76C9F4}"=""
"{614F6B93-7D06-4387-94DB-BEC954A17850}"=""
"{F92E0664-8536-4712-BE98-DECDC94FB001}"=""
"{71F274FC-35D7-42D5-B0A3-B7D759CA00B6}"=""
"{30D3E731-DCFC-4796-BCB4-0C9628F2AC8A}"=""
"{FD70CFF1-19E4-4D29-839D-6F74E049A05B}"=""
"{3F2E61BA-4C43-4585-8A9F-D8D06BB51036}"=""
"{A4178038-802E-41C3-83DB-93A4BCC7CB13}"=""
"{E01F7282-16CB-4ED3-B5D5-B3BCAF9F34DD}"=""
"{CF412088-9991-4693-9CBE-A84E0E167911}"=""
"{8F1ED8CA-CE4D-40A6-AF91-47F3F7B8271C}"=""
"{927B8E98-B084-4803-A94E-14BA4F97A0C4}"=""
"{D36443C3-B670-4926-9043-FC22CD3DD492}"=""
"{34957E69-2198-4ED3-9503-A5AF136B46EE}"=""
"{54CCF7FA-4FC1-4741-869E-0ECCDB1EDEA7}"=""
"{4848CFEC-9799-4698-8C92-B036D659CA9B}"=""
"{7DEE6D9B-1935-4AEA-9F73-E7703CA34309}"=""
"{3B845762-BEE9-440A-8B8A-12623AFA1214}"=""
"{D8D60E9A-583F-4A9B-A9C5-202762FA9C64}"=""
"{66BAB7B9-BD50-4D2F-ADC9-836BFBF2667E}"=""
"{57F9D210-2BB1-4883-9EE8-1C25C578367A}"=""
"{085A6574-601F-4950-80C3-0FEFCDBB8456}"=""
"{8ECECE2D-1994-4A8F-A527-F5C02C4EC890}"=""
"{BB0ADECF-7134-486B-827A-C4F80B81CCE8}"=""
"{E29FCFDA-8571-4D5A-A798-6B5536C8D9F3}"=""
"{E1BF8773-64CD-48A6-8178-154C8E87368D}"=""
"{F94C8471-2250-4A37-AAC7-C043A89E8076}"=""
"{DFBDBA27-A797-4C3A-898A-C5AD3DA43161}"=""
"{ECDE15D4-AD16-4A90-A862-27C371541313}"=""
"{B1CB6309-EAD7-4E14-8CAD-AA81A568ED52}"=""
"{BD6FC2F0-E75A-4433-A7FB-98765022C7B9}"=""
"{28FA111B-2DAB-401C-92F1-C3788EEBD0E8}"=""
"{ED740466-46A0-42EA-A859-5BC125EF5CA7}"=""
"{1E76507A-4598-47D2-95A6-E5B0AB7E77AD}"=""
"{35F84B01-F9B7-40F2-99FE-C00CD760AF8E}"=""
"{A986C0F2-283F-4B04-8229-3BB31E6C4467}"=""
"{8060133B-ADF7-47D8-B301-7D3E0ACA1257}"=""
"{9EB013CA-4B69-43B8-8689-EA549EBC9A38}"=""
"{E091E2F0-DA6B-4164-BF1C-FB0F0C362AE4}"=""
"{8D4F96DC-3406-442E-950B-618EEC16B2CC}"=""
"{001955DB-7C20-4D27-9447-67A6AFB207A8}"=""
"{F6BC0AA9-6209-4AD3-8D77-7E6FC4109F6A}"=""
"{805375C7-AD96-4388-B3A3-46607A7E203D}"=""
"{0E29F88D-A08D-4377-8D23-C5BA5C59E72E}"=""
"{FC834618-8B6E-4164-BC93-FE906BA5EB85}"=""
"{0A20EC26-27F3-460A-A4A5-23F51F4E8214}"=""
"{2E79EF34-5187-4DF2-BC05-673BA3CD4C09}"=""
"{D78F7361-30B7-4079-B41E-F638BB830339}"=""
"{028DB19D-851D-4DDC-A55C-7528D83FEE8B}"=""
"{8F870810-866D-4A83-9B58-6E8B82D545F6}"=""
"{740D003C-0332-40D3-96B3-D217C0D896A2}"=""
"{41714C98-86C1-4927-BCDD-68A5E6A32560}"=""
"{A45EFB56-56F9-49B1-A01B-61D65817DF3D}"=""
"{F8979FA6-CE9D-408A-BBFD-67412AF849FA}"=""
"{52D0A632-DECE-460E-B1DB-FFA472649991}"=""
"{F0E8533D-174E-4A51-83DB-D697F04D0BC4}"=""
"{A58B7F3E-DA01-4006-850F-2EBE7A2B43B7}"=""
"{92196EE4-419F-46AA-9623-A6B6EF4F2E2B}"=""
"{8FD76323-CAB5-4D58-8EB2-A7C2A529CF92}"=""
"{95EF845F-1E74-4F94-9D27-38AD11404BCD}"=""
"{74880DA5-0962-47BB-B66E-AD461E66650B}"=""
"{1DD61542-7039-4F71-A50C-BDCAE1910CCF}"=""
"{CEA2F43C-F941-4595-A85E-F815C296A010}"=""
"{0DD09539-BC0B-47F0-8640-3DE40608AF30}"=""
"{ADB098D8-185D-40A5-927B-9165A24DD366}"=""
"{A1D4A3EF-78DB-432D-BC4E-1CFFFA2BEE1F}"=""
"{B9B4EC32-5956-4F6D-AB84-AEF3D020990B}"=""
"{529F585D-7A8E-4314-86E9-2A17E54BE5B5}"=""
"{5A4E7AEF-BAC7-4CA8-A773-BDF590DBBB8B}"=""
"{CF79ECAE-AE1F-471F-95F9-7EBF137400E6}"=""
"{DC266A0D-3B46-4842-B8B6-AEC8E75EF173}"=""
"{E1F2A306-2ABF-4ADD-B2B2-7EBE165CB231}"=""
"{48BED2D5-78DC-459F-A15F-BF1AD5AA509A}"=""
"{AFFE41FA-1963-4F04-BD8F-79F9D1175E9C}"=""
"{9F1EF66B-9442-46C6-B88A-F0E695C35C8A}"=""
"{9345F42F-9DC6-4B9C-9FE7-BFBC3ABD5924}"=""
"{779A2BE3-49DC-4D39-9149-043D134C1509}"=""
"{DD9B91B9-D175-4EA7-8A4A-708B79BF6504}"=""
"{B5F599FB-F59F-4D72-85E0-84954B1FBF46}"=""
"{AF53E788-A368-41E9-B6D7-2C5EDFC09DCD}"=""
"{A34663FE-0A00-4CE2-A3CF-2E7C87CA328E}"=""
"{13E66BFD-B82E-413D-B346-A47D9D37D7FE}"=""
"{13857B69-90AE-4893-B0C4-F29BE197940A}"=""
"{DB936779-CA31-4F50-9186-CDC23D6F8C62}"=""
"{70CAF147-447A-4EC6-BAE2-15ACA6A0679A}"=""
"{34F8E4D0-0AB0-4B22-9FCC-567D5A979E43}"=""
"{C2316F69-00EA-4420-8A58-D42175382031}"=""
"{0003AFA2-C334-4EC7-AD41-658A018D7516}"=""
"{66316257-E519-499C-B652-AAD998DA5753}"=""
"{31835FD0-C055-4067-B9E0-9388A1EBF460}"=""
"{F5B1933A-A50C-4C9D-81F9-73E596846F5F}"=""
"{DF45D1DB-7943-4B24-A4D5-DFB5EBD3DA13}"=""
"{4B36E2D2-EEC7-401F-BB17-420CF108F7FC}"=""
"{AEA97B70-05C1-4079-8C31-BBE312488CED}"=""
"{3FFDDF57-82B2-4602-AC82-6581C9742A9D}"=""
"{28A8B3F8-AA36-4EFD-8E12-5EB82BBBD400}"=""
"{741E2293-44EB-4F70-8045-E5FEED81590F}"=""
"{2EC6A2E6-8EBA-4BD5-AD6A-201A686E146D}"=""
"{06ADEC5F-1558-4B9A-9723-BE5431F168BB}"=""
"{8114E2FA-85CF-406A-8A48-10DBE0B7B615}"=""
"{B221F02D-5ACA-4A09-AE4D-93F55239EB43}"=""
"{60B5796C-0139-44C3-8E7A-FF9C048720C1}"=""
"{1700A363-59B7-4507-A47E-34860599EAD1}"=""
"{8342A9E6-153B-4FE5-AC27-824D6CC64C3A}"=""
"{E82562FD-AC14-4519-9C34-D34E44BB1FC9}"=""
"{0245F2DF-719B-42B5-A787-21F0687CC2B1}"=""
"{1BBEFC23-95BA-4BED-804F-19896B98C178}"=""
"{B2AE359E-4C61-44A9-BAEC-FC606DC15C8C}"=""
"{390CBF36-98B1-4F47-A177-9C4D0E408B37}"=""
"{865EB2F3-25CE-44A8-9B4F-4A2E5ABE6FBB}"=""
"{07DEA6E7-D2BF-4781-A3C3-FF34CDB7E5FD}"=""
"{2462113B-6426-4E80-A0D2-4E6B5673C6D6}"=""
"{97DBBA49-7308-4456-90E0-1C0B00BFEDFC}"=""
"{07071013-DD5B-442A-BB28-66C67244F588}"=""
"{DE2C3A7C-914A-4543-B39B-73B6D4EC4C6C}"=""
"{C65D908E-CF20-4541-9E15-562D438A549C}"=""
"{1EE46B75-0B2F-4A84-B47E-84F8CB07A43B}"=""
"{39B16301-E266-4D95-96BF-B49790686F89}"=""
"{CF55EFBB-37B1-4040-A4B8-4BDFDBEC1E2F}"=""
"{D602FD26-B788-4028-9E40-6093502EB172}"=""
"{8C6283D5-8034-45DC-8373-45F52AA0C958}"=""
"{E71B4A49-0E76-4CF3-8CC6-5B1BCB42FFB3}"=""
"{DA4C953A-D4D2-4C4C-8D88-451E32980182}"=""
"{4CB6CE32-1822-4BE9-B49A-F76FA118A6E8}"=""
"{3B6C6225-6541-4876-96C8-B0AA1EC43355}"=""
"{C2D8F422-D741-4742-BD91-0F54B7CF86FB}"=""
"{F88D6868-F476-42DD-A839-03B291D84CE2}"=""
"{944D33A8-B0BC-446B-BF22-28A2F7F8DD17}"=""
"{CE0B839F-EEB3-4AD9-99B6-003E83772B83}"=""
"{C12D2073-3858-4A20-B9B0-4BAC27944282}"=""
"{FAEF647D-B75B-4B4C-ABF8-A88054723977}"=""
"{C2DD4BAF-A73C-4BA0-B016-17B14FBFF065}"=""
"{65260C90-6D02-4560-B14E-2A9746B51786}"=""
"{54A84FA1-DB70-4216-94FD-93C4E436B6A1}"=""
"{637E96CD-13F9-487C-B717-56332D807CF8}"=""
"{4BA08D18-ECFE-48A4-A453-DEB7249F6794}"=""
"{72151107-9AD8-489F-AE51-511032888007}"=""
"{BB0BA701-4A22-4DAA-A158-05B3C5BC4158}"=""
"{616C75AA-F647-49E9-A6C1-A7B57A4D91AC}"=""
"{E782C861-E6B7-4719-994A-310508894B54}"=""
"{94F5DCED-61F6-49DC-A18A-445E41251D4D}"=""
"{C6D34B57-1795-4B46-8E41-EA6B59766778}"=""
"{7C23176F-10EB-4A27-B960-13E532D4FE1B}"=""
"{6D91EED4-D548-4AAA-8853-451BDBEAA43D}"=""
"{700065DC-E65C-4F40-82D2-3EBEFD21E543}"=""
"{D98D2E14-D0D3-4D40-B104-DC255D7821BA}"=""
"{AA2712F9-D4C9-4DCD-9B10-F513722D5A35}"=""
"{3C0991E5-8595-48C3-94E7-D3EC114D5435}"=""
"{3D731B75-8F4A-479F-B72B-C8D7DE81D2CE}"=""
"{8C577446-F69B-4CF4-B28F-33BFAB73F488}"=""
"{2FAC2786-E523-48F1-A964-D8C6322BDEC6}"=""
"{989E1A88-2343-480C-8078-DEC6BED4FEF8}"=""
"{5A6EBEC9-7EC6-4204-8802-810385A8190D}"=""
"{09A88260-6E8B-4696-A9D5-FD85D12EF2BC}"=""
"{C7F26776-B032-472B-A590-84F4FE34D673}"=""
"{4231DC8E-3172-469F-8955-5485EADCD64C}"=""
"{F1A7D2E9-60F6-4545-A472-F4D7A934655A}"=""
"{8E83C0CD-1F24-4640-8A01-C6392E7E4923}"=""
"{A1E1A3C5-B4CB-4B94-9D75-0A5FC03E00C4}"=""
"{002E2302-824D-4E37-AD30-CA1F518458DB}"=""
"{38900B9A-1883-48A8-A2A9-236CD01794BD}"=""
"{F753E569-A7E0-46D4-9937-D6F7508200C4}"=""
"{D8C68992-DD5E-4F4A-A302-D3196BCE79C7}"=""
"{D233BCA1-94B0-4D7A-A08D-F7F1B5674D94}"=""
"{3C47E248-9556-495D-95C6-2CF153FF12E8}"=""
"{5A9DE7E9-C202-4968-9D3A-C3748ED70031}"=""
"{05C9FEB2-5B36-435D-BDEE-009DC2EE5BA4}"=""
"{63D19F30-F631-4C7C-9C08-0B25803892C7}"=""
"{22796A41-2159-40A0-8EFB-89372EB89761}"=""
"{16EC9F12-B377-4C99-B6EB-BF1CEEB23877}"=""
"{9F274017-0373-494E-87DC-D5ACD1CCB4CA}"=""
"{FA3C4734-1C58-4470-9C26-7156C7964232}"=""
"{7A99430D-2317-4975-A7FE-17D289DF0DF0}"=""
"{AF8C6FFA-CF66-4FCD-8266-A17FD3ABE7CA}"=""
"{D6F6230B-DA36-4BBE-804D-AF4358C9B9A1}"=""
"{47FA269B-0740-44A3-9847-4402BF79486E}"=""
"{90E12DBA-5CC0-4064-86CF-E20800AB4FCD}"=""
"{F4FE4008-DF05-4BF3-B62F-7A9B87EF0466}"=""
"{A6D660AE-F773-453A-B2A5-89C9BB7B4312}"=""
"{5635DEC3-164A-47C1-9461-B33BB2163B08}"=""
"{932818F3-BCFC-4A8A-AD89-58E948E9DE7A}"=""
"{845A3824-BDC4-4A0D-80AE-865A62E818D8}"=""
"{B2153C9D-1A4D-46E7-8DA0-6092D6887D32}"=""
"{F95D2062-8115-422B-BBAC-3EF5D1A4A386}"=""
"{EA47D33C-4B2C-4407-B6D4-76EE9C2EDF4E}"=""
"{D2A43895-BDC1-4A55-A506-D7C9C8D9464A}"=""
"{C62C6846-67C6-4EE9-B0CA-44021F164AD4}"=""
"{4A0E5444-A28E-444A-B765-64368A0CB414}"=""
"{68FC7DCB-F22D-4876-B842-61744E8E2FB4}"=""
"{08D8D756-D94D-4EEC-A6E8-FCD609FF817A}"=""
"{E799EEF1-6E85-4E76-86CB-12EB76E0D6C1}"=""
"{58F7F8F8-E8EC-49BA-BAF1-BF9464E8F3BC}"=""
"{04E18EED-53E1-4C61-A3FC-632BB43DDC5F}"=""
"{16099500-9916-4A8A-BE7A-2943F8B953E9}"=""
"{3E35D2F7-44A1-4E6D-9707-3E4F6C39BBE0}"=""
"{577672AD-3DCD-478D-9B17-CBE8534B7A63}"=""
"{7358713F-6992-427F-927B-D8F6D5C56626}"=""
"{5A0EB9B9-3492-4094-8EA7-BA4871352DCD}"=""
"{5C222D86-7071-4584-9982-EA55865C8DEA}"=""
"{A47EDA86-7A6B-48EC-97FB-9B08714484BB}"=""
"{74B8D950-6CDA-4A24-92C2-818C1DB7D728}"=""
"{6C922400-ED0C-4209-9DD1-2C6AEB985DD0}"=""
"{5DCD11E7-0722-4236-B677-CEB772536134}"=""
"{F8B17606-A115-4F91-AFE9-1D1326F4A171}"=""
"{C34993CB-4F77-44A6-8D7F-36D4115C7DDC}"=""
"{CE6B05AA-71ED-4F14-8C38-9FEC0577F19E}"=""
"{45FF281A-8250-4191-A420-7E226138E6B5}"=""
"{91F82A89-1BEB-4309-8EB5-5422BB214CD8}"=""
"{4CB0A9D0-2CFB-417A-82EC-7F37C44E1216}"=""
"{16EAA488-E94C-4981-8A4D-F41ED3823834}"=""
"{ECA0BDC8-00CB-413B-970C-229D29F3D4F6}"=""
"{05C20449-090F-4895-90DA-3E7B19A80993}"=""
"{AAA911E1-591C-4BC2-A348-C6E0CF710D68}"=""
"{7FF31845-52C4-44B0-A62A-97C03EF597E4}"=""
"{96767D54-1F79-4BD9-984D-ABC69854AB78}"=""
"{FDDA7DC6-3159-4AFA-8133-D1E47B976C4E}"=""
"{AC4EC952-38A6-4BE2-965B-79F0257E435E}"=""
"{A7899FCB-6CB2-43EF-8EF0-198172FC458A}"=""
"{43697A52-188D-4D28-A692-0CD8C0A98CC1}"=""
"{5D98B5CD-CE53-4A98-A6BE-570B41B1B21B}"=""
"{06C5C58A-C8CC-4DF4-BF88-6A57E37053F5}"=""
"{94315EBB-8BCE-4FBA-BB42-CB42D9559C25}"=""
"{907AA5A8-E86B-4804-A84E-88BCBE3CFD4E}"=""
"{965EADCF-98E6-44EA-B153-AAE43D37DA9D}"=""
"{13B34796-10D8-4A2A-9097-718336090EDB}"=""
"{6B9CF3F2-03C4-4F96-88D6-8C782907175E}"=""
"{766CED77-E780-4EFF-BDFB-3E5E28431916}"=""
"{998C016C-81F3-4804-9D96-A1159C6968F2}"=""
"{BA9BC8B0-8979-4E41-A28C-5D4B5399FAD8}"=""
"{99A8ACC6-D117-49A5-ADE2-868323E03F49}"=""
"{2B725E61-0D0F-46CE-9FEA-3595129C0578}"=""
"{E0374170-2A1A-464A-B022-03940A66997A}"=""
"{7932CAB4-5F98-41D8-8A2B-C220636E7486}"=""
"{6DB48CA9-7D59-4FFD-B8C6-A11D6103CE6E}"=""
"{9079205E-707D-4867-BBB1-CEF60B06D7B0}"=""
"{9BB171B4-68DE-47E8-90E0-E3D4CB301BA9}"=""
"{6C73FF96-6711-4144-9306-1BA32855623D}"=""
"{F35720CE-2601-4440-A34C-B359AED3457F}"=""
"{21C5AF33-7AC3-4CBF-A090-2FFF91C3B592}"=""
"{7E2C5FF0-606F-4E6F-A227-21F55B365575}"=""
"{68988362-1758-4E61-924A-CA899DB73715}"=""
"{9E6B7A51-7CF8-48A2-A28C-C504E2BD7362}"=""
"{90393A06-94DD-4646-9659-A0A8E0011FD7}"=""
"{E35FB331-D979-4ED3-BD13-649D9DBC9016}"=""
"{D0165D50-204B-4FE7-99DA-129876BBBB93}"=""
"{8FE2C349-3E90-4D39-8077-67C27380269C}"=""
"{12734B98-2130-40CE-B98B-45DC08A11040}"=""
"{DD2EC0CF-20CE-4617-A402-3CF94A3894F5}"=""
"{29480B3D-23A9-4C63-BF31-D1D886502F8F}"=""
"{C4259BD9-693A-467D-83A4-414C7CC46206}"=""
"{ACAEA99D-A567-436B-A9DE-F2CD05752295}"=""
"{9034FD9D-1E54-4FCE-97C1-0A4FDA3CFD9B}"=""
"{D8E22006-E39E-4494-AF21-0ABD0B4B074B}"=""
"{5AE9CF9A-64B3-46C2-9770-7E352A0E9288}"=""
"{5D09D7C1-4373-4394-929C-898658E3E15F}"=""
"{DA7A42B8-9C12-4DA5-8669-9972EFC6538D}"=""
"{FBDF06DD-DCD1-494F-A62F-C7E5D131C945}"=""
"{CBEEC90A-81AD-4F45-A55C-FC53B2BC5F52}"=""
"{8788F473-9DD0-444F-BA10-57598B391907}"=""
"{EB48DB7A-D64D-489E-B20F-42B112D2C58E}"=""
"{B77BA95F-7DE6-420A-BADD-9CE412EF6E90}"=""
"{A5F72D4A-16BF-463B-87C6-23ABA2BDD536}"=""
"{F829974E-BC60-42DE-B220-47A9EC4BF51A}"=""
"{573C7327-51B3-473A-A094-968B888199DF}"=""
"{53DF5BE2-8CF2-4B70-9464-7C298B8D5DE2}"=""
"{7D43ABF1-F614-4E6E-B6ED-DF33772EF7F8}"=""
"{B980B7BA-0A0C-4C3E-AD4A-E8CDD09DB047}"=""
"{53E1B233-6A57-4B0A-B0C9-A69591193743}"=""
"{8293E075-ECC8-47AE-99E4-5769F0E4CA9C}"=""
"{0830DB56-8E52-4174-B3D9-8F0B8AA8B058}"=""
"{6814636B-2862-4916-9F59-A695932A9CE6}"=""
"{A30B3F28-7C6B-45CC-8FD1-FECF11E32B30}"=""
"{FEABA736-70F4-4A9B-8D92-411BF7CF8C56}"=""
"{B81AD021-2CFD-4CC8-A633-A45C070BF669}"=""
"{85B76F7C-1388-4811-96BC-D45215C50121}"=""
"{23B08435-8444-4DFB-B319-350F535FD7B0}"=""
"{D8C057BC-7E42-4F4E-A4E9-66D8C405E363}"=""
"{085619FB-F795-43EC-8E53-33F27E39934A}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7044)
c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-20 11:52:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 15:52
.
Pre-Run: 122,605,568,000 bytes free
Post-Run: 123,314,823,168 bytes free
.
- - End Of File - - 22F01EB1A3DF83660AA35D5190038086

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 20 April 2012 - 01:20 PM

Greetings

I want you to check all the browsers that are installed on the computer and let me know which ones are redirecting

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Yu Yu

Yu Yu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 20 April 2012 - 02:30 PM

Before running combofix, the redirect was occurring in chrome and firefox. After running combofix, neither browser has had problems with redirects. Is it possible that combofix has removed or quarantined the virus?
As I mentioned, my computer now seems to be operating with no problems, no bad redirects. I’ve pasted the log information for TSDKILLER and asw below.

TSDKILLER:
5:09:41.0850 6660 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:09:47.0234 6660 ============================================================
15:09:47.0234 6660 Current date / time: 2012/04/20 15:09:47.0234
15:09:47.0234 6660 SystemInfo:
15:09:47.0234 6660
15:09:47.0235 6660 OS Version: 6.1.7601 ServicePack: 1.0
15:09:47.0235 6660 Product type: Workstation
15:09:47.0235 6660 ComputerName: NEILS_PC
15:09:47.0235 6660 UserName: Neil
15:09:47.0235 6660 Windows directory: C:\Windows
15:09:47.0235 6660 System windows directory: C:\Windows
15:09:47.0235 6660 Processor architecture: Intel x86
15:09:47.0235 6660 Number of processors: 4
15:09:47.0235 6660 Page size: 0x1000
15:09:47.0235 6660 Boot type: Normal boot
15:09:47.0235 6660 ============================================================
15:09:47.0573 6660 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:09:47.0575 6660 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:09:47.0577 6660 Drive \Device\Harddisk2\DR2 - Size: 0x1E100000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:09:47.0578 6660 \Device\Harddisk0\DR0:
15:09:47.0578 6660 MBR used
15:09:47.0578 6660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
15:09:47.0578 6660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
15:09:47.0578 6660 \Device\Harddisk1\DR1:
15:09:47.0579 6660 MBR used
15:09:47.0579 6660 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
15:09:47.0579 6660 \Device\Harddisk2\DR2:
15:09:47.0579 6660 MBR used
15:09:47.0637 6660 Initialize success
15:09:47.0637 6660 ============================================================
15:09:48.0892 5540 ============================================================
15:09:48.0892 5540 Scan started
15:09:48.0892 5540 Mode: Manual;
15:09:48.0892 5540 ============================================================
15:09:49.0842 5540 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:09:49.0845 5540 1394ohci - ok
15:09:49.0907 5540 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:09:49.0910 5540 ACPI - ok
15:09:49.0958 5540 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:09:49.0959 5540 AcpiPmi - ok
15:09:50.0011 5540 ADIHdAudAddService (96d3349d0b71b282e06a33d124f4ce27) C:\Windows\system32\drivers\ADIHdAud.sys
15:09:50.0015 5540 ADIHdAudAddService - ok
15:09:50.0102 5540 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:09:50.0107 5540 adp94xx - ok
15:09:50.0132 5540 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:09:50.0136 5540 adpahci - ok
15:09:50.0149 5540 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:09:50.0152 5540 adpu320 - ok
15:09:50.0188 5540 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:09:50.0189 5540 AeLookupSvc - ok
15:09:50.0235 5540 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:09:50.0238 5540 AFD - ok
15:09:50.0269 5540 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:09:50.0269 5540 agp440 - ok
15:09:50.0362 5540 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:09:50.0364 5540 aic78xx - ok
15:09:50.0425 5540 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:09:50.0427 5540 ALG - ok
15:09:50.0496 5540 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:09:50.0497 5540 aliide - ok
15:09:50.0519 5540 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:09:50.0521 5540 amdagp - ok
15:09:50.0550 5540 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:09:50.0551 5540 amdide - ok
15:09:50.0589 5540 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:09:50.0591 5540 AmdK8 - ok
15:09:50.0656 5540 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:09:50.0657 5540 AmdPPM - ok
15:09:50.0689 5540 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:09:50.0691 5540 amdsata - ok
15:09:50.0787 5540 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:09:50.0789 5540 amdsbs - ok
15:09:50.0851 5540 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:09:50.0852 5540 amdxata - ok
15:09:50.0940 5540 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:09:50.0942 5540 AppID - ok
15:09:51.0007 5540 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:09:51.0008 5540 AppIDSvc - ok
15:09:51.0064 5540 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:09:51.0065 5540 Appinfo - ok
15:09:51.0134 5540 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:09:51.0136 5540 AppMgmt - ok
15:09:51.0192 5540 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:09:51.0194 5540 arc - ok
15:09:51.0206 5540 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:09:51.0208 5540 arcsas - ok
15:09:51.0283 5540 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
15:09:51.0285 5540 ASFIPmon - ok
15:09:51.0402 5540 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:09:51.0402 5540 AsyncMac - ok
15:09:51.0469 5540 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:09:51.0469 5540 atapi - ok
15:09:51.0587 5540 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:09:51.0591 5540 AudioEndpointBuilder - ok
15:09:51.0600 5540 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:09:51.0602 5540 Audiosrv - ok
15:09:51.0653 5540 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:09:51.0655 5540 AxInstSV - ok
15:09:51.0707 5540 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:09:51.0712 5540 b06bdrv - ok
15:09:51.0797 5540 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:09:51.0801 5540 b57nd60x - ok
15:09:51.0871 5540 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
15:09:51.0872 5540 BASFND - ok
15:09:51.0971 5540 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:09:51.0973 5540 BDESVC - ok
15:09:52.0018 5540 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:09:52.0018 5540 Beep - ok
15:09:52.0063 5540 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:09:52.0068 5540 BFE - ok
15:09:52.0239 5540 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx86.sys
15:09:52.0265 5540 BHDrvx86 - ok
15:09:52.0366 5540 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
15:09:52.0371 5540 BITS - ok
15:09:52.0432 5540 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:09:52.0433 5540 blbdrive - ok
15:09:52.0489 5540 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:09:52.0490 5540 bowser - ok
15:09:52.0522 5540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:09:52.0522 5540 BrFiltLo - ok
15:09:52.0545 5540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:09:52.0546 5540 BrFiltUp - ok
15:09:52.0676 5540 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:09:52.0678 5540 BridgeMP - ok
15:09:52.0761 5540 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:09:52.0762 5540 Browser - ok
15:09:52.0811 5540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:09:52.0815 5540 Brserid - ok
15:09:52.0840 5540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:09:52.0842 5540 BrSerWdm - ok
15:09:52.0861 5540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:09:52.0862 5540 BrUsbMdm - ok
15:09:52.0885 5540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:09:52.0886 5540 BrUsbSer - ok
15:09:52.0907 5540 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:09:52.0909 5540 BTHMODEM - ok
15:09:53.0019 5540 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:09:53.0021 5540 bthserv - ok
15:09:53.0086 5540 catchme - ok
15:09:53.0175 5540 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:09:53.0176 5540 cdfs - ok
15:09:53.0242 5540 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:09:53.0245 5540 cdrom - ok
15:09:53.0290 5540 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:09:53.0292 5540 CertPropSvc - ok
15:09:53.0352 5540 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:09:53.0354 5540 circlass - ok
15:09:53.0390 5540 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:09:53.0394 5540 CLFS - ok
15:09:53.0462 5540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:09:53.0464 5540 clr_optimization_v2.0.50727_32 - ok
15:09:53.0511 5540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:09:53.0513 5540 clr_optimization_v4.0.30319_32 - ok
15:09:53.0567 5540 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:09:53.0568 5540 CmBatt - ok
15:09:53.0606 5540 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:09:53.0607 5540 cmdide - ok
15:09:53.0650 5540 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:09:53.0654 5540 CNG - ok
15:09:53.0691 5540 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:09:53.0692 5540 Compbatt - ok
15:09:53.0747 5540 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:09:53.0748 5540 CompositeBus - ok
15:09:53.0768 5540 COMSysApp - ok
15:09:53.0806 5540 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:09:53.0807 5540 crcdisk - ok
15:09:53.0865 5540 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:09:53.0867 5540 CryptSvc - ok
15:09:53.0910 5540 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:09:53.0914 5540 CSC - ok
15:09:53.0932 5540 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
15:09:53.0939 5540 CscService - ok
15:09:53.0961 5540 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:09:53.0965 5540 DcomLaunch - ok
15:09:54.0008 5540 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:09:54.0011 5540 defragsvc - ok
15:09:54.0056 5540 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:09:54.0057 5540 DfsC - ok
15:09:54.0137 5540 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:09:54.0141 5540 Dhcp - ok
15:09:54.0187 5540 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:09:54.0188 5540 discache - ok
15:09:54.0262 5540 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:09:54.0264 5540 Disk - ok
15:09:54.0300 5540 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:09:54.0302 5540 Dnscache - ok
15:09:54.0342 5540 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:09:54.0346 5540 dot3svc - ok
15:09:54.0389 5540 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:09:54.0391 5540 DPS - ok
15:09:54.0448 5540 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:09:54.0449 5540 drmkaud - ok
15:09:54.0497 5540 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:09:54.0522 5540 DXGKrnl - ok
15:09:54.0563 5540 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:09:54.0566 5540 EapHost - ok
15:09:54.0705 5540 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:09:54.0781 5540 ebdrv - ok
15:09:54.0880 5540 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:09:54.0885 5540 eeCtrl - ok
15:09:54.0985 5540 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:09:54.0987 5540 EFS - ok
15:09:55.0035 5540 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:09:55.0041 5540 ehRecvr - ok
15:09:55.0086 5540 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:09:55.0088 5540 ehSched - ok
15:09:55.0155 5540 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:09:55.0156 5540 ElbyCDIO - ok
15:09:55.0234 5540 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:09:55.0239 5540 elxstor - ok
15:09:55.0359 5540 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:09:55.0361 5540 EraserUtilRebootDrv - ok
15:09:55.0456 5540 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:09:55.0457 5540 ErrDev - ok
15:09:55.0518 5540 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:09:55.0520 5540 EventSystem - ok
15:09:55.0564 5540 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:09:55.0567 5540 exfat - ok
15:09:55.0592 5540 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:09:55.0594 5540 fastfat - ok
15:09:55.0644 5540 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:09:55.0650 5540 Fax - ok
15:09:55.0699 5540 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:09:55.0700 5540 fdc - ok
15:09:55.0734 5540 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:09:55.0735 5540 fdPHost - ok
15:09:55.0752 5540 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:09:55.0753 5540 FDResPub - ok
15:09:55.0803 5540 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:09:55.0804 5540 FileInfo - ok
15:09:55.0814 5540 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:09:55.0815 5540 Filetrace - ok
15:09:55.0914 5540 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:09:55.0924 5540 FLEXnet Licensing Service - ok
15:09:56.0022 5540 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:09:56.0023 5540 flpydisk - ok
15:09:56.0068 5540 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:09:56.0071 5540 FltMgr - ok
15:09:56.0118 5540 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:09:56.0128 5540 FontCache - ok
15:09:56.0203 5540 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:09:56.0205 5540 FontCache3.0.0.0 - ok
15:09:56.0278 5540 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:09:56.0280 5540 FsDepends - ok
15:09:56.0322 5540 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
15:09:56.0324 5540 Fs_Rec - ok
15:09:56.0382 5540 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:09:56.0385 5540 fvevol - ok
15:09:56.0433 5540 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:09:56.0434 5540 gagp30kx - ok
15:09:56.0536 5540 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:09:56.0537 5540 GoogleDesktopManager-051210-111108 - ok
15:09:56.0643 5540 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:09:56.0650 5540 gpsvc - ok
15:09:56.0768 5540 gupdate1c986423489bf80 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:09:56.0770 5540 gupdate1c986423489bf80 - ok
15:09:56.0794 5540 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:09:56.0795 5540 gupdatem - ok
15:09:56.0839 5540 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:09:56.0842 5540 gusvc - ok
15:09:56.0945 5540 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:09:56.0946 5540 hcw85cir - ok
15:09:57.0011 5540 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:09:57.0013 5540 HDAudBus - ok
15:09:57.0049 5540 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:09:57.0050 5540 HidBatt - ok
15:09:57.0065 5540 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:09:57.0066 5540 HidBth - ok
15:09:57.0139 5540 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:09:57.0140 5540 HidIr - ok
15:09:57.0166 5540 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:09:57.0168 5540 hidserv - ok
15:09:57.0235 5540 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:09:57.0236 5540 HidUsb - ok
15:09:57.0272 5540 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:09:57.0274 5540 hkmsvc - ok
15:09:57.0315 5540 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:09:57.0319 5540 HomeGroupListener - ok
15:09:57.0357 5540 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:09:57.0361 5540 HomeGroupProvider - ok
15:09:57.0468 5540 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:09:57.0469 5540 HpSAMD - ok
15:09:57.0526 5540 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:09:57.0532 5540 HTTP - ok
15:09:57.0572 5540 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:09:57.0572 5540 hwpolicy - ok
15:09:57.0615 5540 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:09:57.0617 5540 i8042prt - ok
15:09:57.0712 5540 IAANTMON (6ac8ac8e3b413fa1ee8256e65fe0ba72) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:09:57.0716 5540 IAANTMON - ok
15:09:57.0835 5540 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\Windows\system32\DRIVERS\iaStor.sys
15:09:57.0837 5540 iaStor - ok
15:09:57.0893 5540 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:09:57.0897 5540 iaStorV - ok
15:09:57.0958 5540 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:09:57.0992 5540 idsvc - ok
15:09:58.0164 5540 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111018.030\IDSvix86.sys
15:09:58.0169 5540 IDSVix86 - ok
15:09:58.0281 5540 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:09:58.0283 5540 iirsp - ok
15:09:58.0356 5540 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:09:58.0390 5540 IKEEXT - ok
15:09:58.0431 5540 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:09:58.0432 5540 intelide - ok
15:09:58.0475 5540 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:09:58.0476 5540 intelppm - ok
15:09:58.0587 5540 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:09:58.0590 5540 IPBusEnum - ok
15:09:58.0639 5540 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:09:58.0641 5540 IpFilterDriver - ok
15:09:58.0756 5540 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:09:58.0762 5540 iphlpsvc - ok
15:09:58.0806 5540 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:09:58.0808 5540 IPMIDRV - ok
15:09:58.0849 5540 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:09:58.0851 5540 IPNAT - ok
15:09:58.0951 5540 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:09:58.0951 5540 IRENUM - ok
15:09:58.0993 5540 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:09:58.0994 5540 isapnp - ok
15:09:59.0030 5540 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:09:59.0033 5540 iScsiPrt - ok
15:09:59.0065 5540 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:09:59.0066 5540 kbdclass - ok
15:09:59.0100 5540 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:09:59.0101 5540 kbdhid - ok
15:09:59.0159 5540 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:09:59.0161 5540 KeyIso - ok
15:09:59.0193 5540 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:09:59.0195 5540 KSecDD - ok
15:09:59.0208 5540 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:09:59.0210 5540 KSecPkg - ok
15:09:59.0244 5540 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:09:59.0251 5540 KtmRm - ok
15:09:59.0292 5540 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:09:59.0295 5540 LanmanServer - ok
15:09:59.0337 5540 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:09:59.0340 5540 LanmanWorkstation - ok
15:09:59.0463 5540 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
15:09:59.0469 5540 LiveUpdate Notice Service - ok
15:09:59.0594 5540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:09:59.0596 5540 lltdio - ok
15:09:59.0632 5540 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:09:59.0636 5540 lltdsvc - ok
15:09:59.0659 5540 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:09:59.0661 5540 lmhosts - ok
15:09:59.0736 5540 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:09:59.0738 5540 LSI_FC - ok
15:09:59.0760 5540 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:09:59.0762 5540 LSI_SAS - ok
15:09:59.0847 5540 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:09:59.0848 5540 LSI_SAS2 - ok
15:09:59.0872 5540 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:09:59.0874 5540 LSI_SCSI - ok
15:09:59.0888 5540 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:09:59.0891 5540 luafv - ok
15:09:59.0934 5540 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
15:09:59.0935 5540 LVPr2Mon - ok
15:10:00.0002 5540 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:10:00.0004 5540 LVPrcSrv - ok
15:10:00.0103 5540 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
15:10:00.0108 5540 LVRS - ok
15:10:00.0304 5540 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
15:10:00.0462 5540 LVUVC - ok
15:10:00.0558 5540 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:10:00.0561 5540 Mcx2Svc - ok
15:10:00.0611 5540 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:10:00.0612 5540 megasas - ok
15:10:00.0702 5540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:10:00.0706 5540 MegaSR - ok
15:10:00.0805 5540 Microsoft SharePoint Workspace Audit Service - ok
15:10:00.0872 5540 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:10:00.0874 5540 MMCSS - ok
15:10:00.0920 5540 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:10:00.0922 5540 Modem - ok
15:10:01.0011 5540 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:10:01.0012 5540 monitor - ok
15:10:01.0067 5540 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:10:01.0068 5540 mouclass - ok
15:10:01.0136 5540 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:10:01.0137 5540 mouhid - ok
15:10:01.0186 5540 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:10:01.0188 5540 mountmgr - ok
15:10:01.0233 5540 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:10:01.0235 5540 mpio - ok
15:10:01.0297 5540 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:10:01.0299 5540 mpsdrv - ok
15:10:01.0358 5540 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:10:01.0366 5540 MpsSvc - ok
15:10:01.0410 5540 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:10:01.0413 5540 MRxDAV - ok
15:10:01.0462 5540 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:10:01.0464 5540 mrxsmb - ok
15:10:01.0494 5540 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:10:01.0498 5540 mrxsmb10 - ok
15:10:01.0542 5540 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:10:01.0544 5540 mrxsmb20 - ok
15:10:01.0632 5540 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:10:01.0633 5540 msahci - ok
15:10:01.0678 5540 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:10:01.0680 5540 msdsm - ok
15:10:01.0718 5540 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:10:01.0721 5540 MSDTC - ok
15:10:01.0776 5540 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:10:01.0777 5540 Msfs - ok
15:10:01.0788 5540 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:10:01.0788 5540 mshidkmdf - ok
15:10:01.0822 5540 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:10:01.0823 5540 msisadrv - ok
15:10:01.0898 5540 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:10:01.0901 5540 MSiSCSI - ok
15:10:01.0908 5540 msiserver - ok
15:10:01.0975 5540 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:10:01.0976 5540 MSKSSRV - ok
15:10:01.0994 5540 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:10:01.0995 5540 MSPCLOCK - ok
15:10:02.0047 5540 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:10:02.0048 5540 MSPQM - ok
15:10:02.0069 5540 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:10:02.0071 5540 MsRPC - ok
15:10:02.0117 5540 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:10:02.0118 5540 mssmbios - ok
15:10:02.0165 5540 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:10:02.0166 5540 MSTEE - ok
15:10:02.0183 5540 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:10:02.0184 5540 MTConfig - ok
15:10:02.0201 5540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:10:02.0202 5540 Mup - ok
15:10:02.0236 5540 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:10:02.0243 5540 napagent - ok
15:10:02.0333 5540 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:10:02.0336 5540 NativeWifiP - ok
15:10:02.0457 5540 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
15:10:02.0458 5540 NAV - ok
15:10:02.0600 5540 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111018.033\NAVENG.SYS
15:10:02.0601 5540 NAVENG - ok
15:10:02.0814 5540 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111018.033\NAVEX15.SYS
15:10:02.0874 5540 NAVEX15 - ok
15:10:03.0018 5540 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:10:03.0022 5540 NDIS - ok
15:10:03.0078 5540 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:10:03.0079 5540 NdisCap - ok
15:10:03.0129 5540 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:10:03.0131 5540 NdisTapi - ok
15:10:03.0216 5540 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:10:03.0218 5540 Ndisuio - ok
15:10:03.0274 5540 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:10:03.0277 5540 NdisWan - ok
15:10:03.0351 5540 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:10:03.0353 5540 NDProxy - ok
15:10:03.0423 5540 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:10:03.0425 5540 NetBIOS - ok
15:10:03.0496 5540 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:10:03.0499 5540 NetBT - ok
15:10:03.0541 5540 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:10:03.0542 5540 Netlogon - ok
15:10:03.0632 5540 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:10:03.0635 5540 Netman - ok
15:10:03.0692 5540 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:10:03.0697 5540 netprofm - ok
15:10:03.0748 5540 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:10:03.0751 5540 NetTcpPortSharing - ok
15:10:03.0843 5540 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:10:03.0844 5540 nfrd960 - ok
15:10:03.0910 5540 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:10:03.0913 5540 NlaSvc - ok
15:10:03.0945 5540 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:10:03.0947 5540 Npfs - ok
15:10:04.0006 5540 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:10:04.0007 5540 nsi - ok
15:10:04.0061 5540 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:10:04.0062 5540 nsiproxy - ok
15:10:04.0136 5540 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:10:04.0143 5540 Ntfs - ok
15:10:04.0175 5540 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:10:04.0175 5540 Null - ok
15:10:04.0401 5540 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:10:04.0586 5540 nvlddmkm - ok
15:10:04.0696 5540 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:10:04.0698 5540 nvraid - ok
15:10:04.0717 5540 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:10:04.0719 5540 nvstor - ok
15:10:04.0799 5540 nvsvc (387dc341e2aed29eb8f67b6ee53bb43b) C:\Windows\system32\nvvsvc.exe
15:10:04.0803 5540 nvsvc - ok
15:10:04.0857 5540 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:10:04.0860 5540 nv_agp - ok
15:10:04.0977 5540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:10:04.0981 5540 odserv - ok
15:10:05.0093 5540 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:10:05.0095 5540 ohci1394 - ok
15:10:05.0168 5540 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:10:05.0171 5540 ose - ok
15:10:05.0351 5540 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:10:05.0444 5540 osppsvc - ok
15:10:05.0550 5540 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:10:05.0555 5540 p2pimsvc - ok
15:10:05.0587 5540 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:10:05.0595 5540 p2psvc - ok
15:10:05.0696 5540 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:10:05.0698 5540 Parport - ok
15:10:05.0732 5540 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:10:05.0734 5540 partmgr - ok
15:10:05.0771 5540 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:10:05.0772 5540 Parvdm - ok
15:10:05.0811 5540 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:10:05.0815 5540 PcaSvc - ok
15:10:05.0855 5540 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:10:05.0858 5540 pci - ok
15:10:05.0876 5540 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:10:05.0877 5540 pciide - ok
15:10:05.0915 5540 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:10:05.0919 5540 pcmcia - ok
15:10:06.0055 5540 PCToolsSSDMonitorSvc (1171c834c5e6515765684c6938b609a1) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
15:10:06.0072 5540 PCToolsSSDMonitorSvc - ok
15:10:06.0180 5540 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:10:06.0181 5540 pcw - ok
15:10:06.0244 5540 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:10:06.0263 5540 PEAUTH - ok
15:10:06.0342 5540 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:10:06.0376 5540 PeerDistSvc - ok
15:10:06.0483 5540 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:10:06.0526 5540 pla - ok
15:10:06.0593 5540 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:10:06.0599 5540 PlugPlay - ok
15:10:06.0632 5540 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:10:06.0635 5540 PNRPAutoReg - ok
15:10:06.0658 5540 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:10:06.0661 5540 PNRPsvc - ok
15:10:06.0698 5540 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:10:06.0704 5540 PolicyAgent - ok
15:10:06.0736 5540 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:10:06.0739 5540 Power - ok
15:10:06.0799 5540 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:10:06.0801 5540 PptpMiniport - ok
15:10:06.0834 5540 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:10:06.0836 5540 Processor - ok
15:10:06.0871 5540 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
15:10:06.0875 5540 ProfSvc - ok
15:10:06.0914 5540 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:10:06.0915 5540 ProtectedStorage - ok
15:10:06.0970 5540 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:10:06.0972 5540 Psched - ok
15:10:07.0008 5540 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
15:10:07.0009 5540 PxHelp20 - ok
15:10:07.0066 5540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:10:07.0117 5540 ql2300 - ok
15:10:07.0148 5540 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:10:07.0150 5540 ql40xx - ok
15:10:07.0189 5540 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:10:07.0194 5540 QWAVE - ok
15:10:07.0209 5540 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:10:07.0210 5540 QWAVEdrv - ok
15:10:07.0229 5540 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:10:07.0230 5540 RasAcd - ok
15:10:07.0260 5540 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:10:07.0261 5540 RasAgileVpn - ok
15:10:07.0300 5540 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:10:07.0304 5540 RasAuto - ok
15:10:07.0347 5540 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:10:07.0349 5540 Rasl2tp - ok
15:10:07.0403 5540 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:10:07.0408 5540 RasMan - ok
15:10:07.0452 5540 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:10:07.0454 5540 RasPppoe - ok
15:10:07.0470 5540 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:10:07.0472 5540 RasSstp - ok
15:10:07.0520 5540 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:10:07.0523 5540 rdbss - ok
15:10:07.0535 5540 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:10:07.0536 5540 rdpbus - ok
15:10:07.0576 5540 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:10:07.0577 5540 RDPCDD - ok
15:10:07.0616 5540 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:10:07.0619 5540 RDPDR - ok
15:10:07.0716 5540 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:10:07.0717 5540 RDPENCDD - ok
15:10:07.0748 5540 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:10:07.0749 5540 RDPREFMP - ok
15:10:07.0793 5540 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
15:10:07.0797 5540 RDPWD - ok
15:10:07.0831 5540 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:10:07.0834 5540 rdyboost - ok
15:10:07.0870 5540 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:10:07.0873 5540 RemoteAccess - ok
15:10:07.0914 5540 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:10:07.0917 5540 RemoteRegistry - ok
15:10:07.0956 5540 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:10:07.0958 5540 RpcEptMapper - ok
15:10:07.0973 5540 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:10:07.0975 5540 RpcLocator - ok
15:10:08.0013 5540 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:10:08.0017 5540 RpcSs - ok
15:10:08.0057 5540 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:10:08.0059 5540 rspndr - ok
15:10:08.0088 5540 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:10:08.0089 5540 s3cap - ok
15:10:08.0130 5540 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:10:08.0131 5540 SamSs - ok
15:10:08.0181 5540 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:10:08.0183 5540 sbp2port - ok
15:10:08.0217 5540 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:10:08.0220 5540 SCardSvr - ok
15:10:08.0259 5540 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:10:08.0260 5540 scfilter - ok
15:10:08.0348 5540 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:10:08.0354 5540 Schedule - ok
15:10:08.0383 5540 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:10:08.0384 5540 SCPolicySvc - ok
15:10:08.0428 5540 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:10:08.0431 5540 SDRSVC - ok
15:10:08.0501 5540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:10:08.0502 5540 secdrv - ok
15:10:08.0538 5540 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:10:08.0540 5540 seclogon - ok
15:10:08.0554 5540 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
15:10:08.0556 5540 SENS - ok
15:10:08.0576 5540 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:10:08.0579 5540 SensrSvc - ok
15:10:08.0627 5540 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:10:08.0628 5540 Serenum - ok
15:10:08.0644 5540 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:10:08.0646 5540 Serial - ok
15:10:08.0681 5540 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:10:08.0682 5540 sermouse - ok
15:10:08.0722 5540 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:10:08.0726 5540 SessionEnv - ok
15:10:08.0745 5540 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:10:08.0746 5540 sffdisk - ok
15:10:08.0760 5540 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:10:08.0761 5540 sffp_mmc - ok
15:10:08.0782 5540 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:10:08.0783 5540 sffp_sd - ok
15:10:08.0818 5540 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:10:08.0819 5540 sfloppy - ok
15:10:08.0877 5540 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:10:08.0881 5540 SharedAccess - ok
15:10:08.0920 5540 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:10:08.0923 5540 ShellHWDetection - ok
15:10:08.0964 5540 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:10:08.0965 5540 sisagp - ok
15:10:09.0020 5540 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:10:09.0021 5540 SiSRaid2 - ok
15:10:09.0035 5540 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:10:09.0037 5540 SiSRaid4 - ok
15:10:09.0067 5540 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:10:09.0068 5540 Smb - ok
15:10:09.0120 5540 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:10:09.0123 5540 SNMPTRAP - ok
15:10:09.0149 5540 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:10:09.0150 5540 spldr - ok
15:10:09.0186 5540 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:10:09.0189 5540 Spooler - ok
15:10:09.0298 5540 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:10:09.0366 5540 sppsvc - ok
15:10:09.0441 5540 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:10:09.0444 5540 sppuinotify - ok
15:10:09.0519 5540 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS
15:10:09.0524 5540 SRTSP - ok
15:10:09.0581 5540 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS
15:10:09.0582 5540 SRTSPX - ok
15:10:09.0613 5540 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:10:09.0617 5540 srv - ok
15:10:09.0647 5540 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:10:09.0652 5540 srv2 - ok
15:10:09.0666 5540 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:10:09.0669 5540 srvnet - ok
15:10:09.0713 5540 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:10:09.0716 5540 SSDPSRV - ok
15:10:09.0732 5540 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:10:09.0734 5540 SstpSvc - ok
15:10:09.0764 5540 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:10:09.0764 5540 stexstor - ok
15:10:09.0812 5540 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:10:09.0816 5540 StiSvc - ok
15:10:09.0916 5540 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:10:09.0918 5540 stllssvr - ok
15:10:09.0998 5540 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:10:09.0999 5540 storflt - ok
15:10:10.0045 5540 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:10:10.0048 5540 StorSvc - ok
15:10:10.0123 5540 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:10:10.0125 5540 storvsc - ok
15:10:10.0154 5540 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:10:10.0155 5540 swenum - ok
15:10:10.0203 5540 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:10:10.0209 5540 swprv - ok
15:10:10.0297 5540 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NAV\1207010.003\SYMDS.SYS
15:10:10.0301 5540 SymDS - ok
15:10:10.0333 5540 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NAV\1207010.003\SYMEFA.SYS
15:10:10.0368 5540 SymEFA - ok
15:10:10.0409 5540 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:10:10.0412 5540 SymEvent - ok
15:10:10.0442 5540 SYMFW - ok
15:10:10.0496 5540 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS
15:10:10.0498 5540 SymIRON - ok
15:10:10.0507 5540 SYMNDISV - ok
15:10:10.0588 5540 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\System32\Drivers\NAV\1207010.003\SYMNETS.SYS
15:10:10.0591 5540 SymNetS - ok
15:10:10.0692 5540 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:10:10.0719 5540 SysMain - ok
15:10:10.0766 5540 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:10:10.0770 5540 TabletInputService - ok
15:10:10.0790 5540 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:10:10.0793 5540 TapiSrv - ok
15:10:10.0831 5540 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:10:10.0833 5540 TBS - ok
15:10:10.0905 5540 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:10:10.0913 5540 Tcpip - ok
15:10:10.0980 5540 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:10:10.0987 5540 TCPIP6 - ok
15:10:11.0031 5540 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:10:11.0033 5540 tcpipreg - ok
15:10:11.0072 5540 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:10:11.0073 5540 TDPIPE - ok
15:10:11.0106 5540 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:10:11.0107 5540 TDTCP - ok
15:10:11.0140 5540 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:10:11.0141 5540 tdx - ok
15:10:11.0183 5540 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:10:11.0184 5540 TermDD - ok
15:10:11.0225 5540 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:10:11.0230 5540 TermService - ok
15:10:11.0275 5540 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:10:11.0277 5540 Themes - ok
15:10:11.0308 5540 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:10:11.0310 5540 THREADORDER - ok
15:10:11.0331 5540 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:10:11.0334 5540 TrkWks - ok
15:10:11.0366 5540 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:10:11.0369 5540 TrustedInstaller - ok
15:10:11.0399 5540 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:10:11.0400 5540 tssecsrv - ok
15:10:11.0438 5540 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:10:11.0439 5540 TsUsbFlt - ok
15:10:11.0490 5540 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:10:11.0493 5540 tunnel - ok
15:10:11.0524 5540 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:10:11.0526 5540 uagp35 - ok
15:10:11.0561 5540 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:10:11.0564 5540 udfs - ok
15:10:11.0613 5540 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:10:11.0616 5540 UI0Detect - ok
15:10:11.0674 5540 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:10:11.0675 5540 uliagpkx - ok
15:10:11.0710 5540 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
15:10:11.0711 5540 umbus - ok
15:10:11.0756 5540 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:10:11.0757 5540 UmPass - ok
15:10:11.0795 5540 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
15:10:11.0799 5540 UmRdpService - ok
15:10:11.0834 5540 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:10:11.0837 5540 upnphost - ok
15:10:11.0901 5540 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
15:10:11.0903 5540 usbaudio - ok
15:10:11.0927 5540 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
15:10:11.0929 5540 usbccgp - ok
15:10:11.0993 5540 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:10:11.0995 5540 usbcir - ok
15:10:12.0017 5540 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
15:10:12.0018 5540 usbehci - ok
15:10:12.0067 5540 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:10:12.0070 5540 usbhub - ok
15:10:12.0112 5540 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:10:12.0113 5540 usbohci - ok
15:10:12.0139 5540 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:10:12.0140 5540 usbprint - ok
15:10:12.0173 5540 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:10:12.0175 5540 USBSTOR - ok
15:10:12.0223 5540 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:10:12.0225 5540 usbuhci - ok
15:10:12.0268 5540 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
15:10:12.0271 5540 usbvideo - ok
15:10:12.0303 5540 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:10:12.0306 5540 UxSms - ok
15:10:12.0344 5540 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:10:12.0346 5540 VaultSvc - ok
15:10:12.0473 5540 VBoxDrv (103b23ec82c08fc4bdbc369552ffab2a) C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:10:12.0477 5540 VBoxDrv - ok
15:10:12.0524 5540 VBoxNetAdp (226cd9e42be28a84ec56430fbb57224f) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:10:12.0527 5540 VBoxNetAdp - ok
15:10:12.0565 5540 VBoxNetFlt (0a5d6512dcb14135a388d0e7e69e01bb) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:10:12.0567 5540 VBoxNetFlt - ok
15:10:12.0702 5540 VBoxUSBMon (96a478edfb1fbf1fc663beb09b4175a8) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:10:12.0704 5540 VBoxUSBMon - ok
15:10:12.0740 5540 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
15:10:12.0742 5540 VClone - ok
15:10:12.0765 5540 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:10:12.0766 5540 vdrvroot - ok
15:10:12.0803 5540 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:10:12.0811 5540 vds - ok
15:10:12.0858 5540 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:10:12.0859 5540 vga - ok
15:10:12.0882 5540 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:10:12.0883 5540 VgaSave - ok
15:10:12.0924 5540 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:10:12.0927 5540 vhdmp - ok
15:10:12.0959 5540 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:10:12.0961 5540 viaagp - ok
15:10:12.0989 5540 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:10:12.0990 5540 ViaC7 - ok
15:10:13.0031 5540 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:10:13.0032 5540 viaide - ok
15:10:13.0052 5540 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:10:13.0056 5540 vmbus - ok
15:10:13.0078 5540 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:10:13.0079 5540 VMBusHID - ok
15:10:13.0089 5540 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:10:13.0090 5540 volmgr - ok
15:10:13.0133 5540 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:10:13.0138 5540 volmgrx - ok
15:10:13.0182 5540 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:10:13.0186 5540 volsnap - ok
15:10:13.0221 5540 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:10:13.0224 5540 vsmraid - ok
15:10:13.0276 5540 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:10:13.0335 5540 VSS - ok
15:10:13.0394 5540 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:10:13.0395 5540 vwifibus - ok
15:10:13.0433 5540 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:10:13.0437 5540 W32Time - ok
15:10:13.0473 5540 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:10:13.0474 5540 WacomPen - ok
15:10:13.0575 5540 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
15:10:13.0576 5540 wampapache - ok
15:10:13.0618 5540 wampmysqld - ok
15:10:13.0730 5540 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:10:13.0732 5540 WANARP - ok
15:10:13.0736 5540 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:10:13.0737 5540 Wanarpv6 - ok
15:10:13.0829 5540 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:10:13.0864 5540 WatAdminSvc - ok
15:10:13.0936 5540 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:10:13.0961 5540 wbengine - ok
15:10:14.0014 5540 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:10:14.0019 5540 WbioSrvc - ok
15:10:14.0062 5540 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:10:14.0068 5540 wcncsvc - ok
15:10:14.0099 5540 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:10:14.0102 5540 WcsPlugInService - ok
15:10:14.0139 5540 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:10:14.0140 5540 Wd - ok
15:10:14.0169 5540 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:10:14.0176 5540 Wdf01000 - ok
15:10:14.0220 5540 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:10:14.0223 5540 WdiServiceHost - ok
15:10:14.0227 5540 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:10:14.0229 5540 WdiSystemHost - ok
15:10:14.0277 5540 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:10:14.0282 5540 WebClient - ok
15:10:14.0323 5540 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:10:14.0328 5540 Wecsvc - ok
15:10:14.0343 5540 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:10:14.0346 5540 wercplsupport - ok
15:10:14.0379 5540 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:10:14.0382 5540 WerSvc - ok
15:10:14.0456 5540 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:10:14.0457 5540 WfpLwf - ok
15:10:14.0470 5540 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:10:14.0471 5540 WIMMount - ok
15:10:14.0554 5540 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:10:14.0560 5540 WinDefend - ok
15:10:14.0565 5540 WinHttpAutoProxySvc - ok
15:10:14.0693 5540 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:10:14.0694 5540 Winmgmt - ok
15:10:14.0761 5540 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:10:14.0795 5540 WinRM - ok
15:10:14.0861 5540 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:10:14.0895 5540 Wlansvc - ok
15:10:14.0938 5540 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:10:14.0940 5540 WmiAcpi - ok
15:10:15.0003 5540 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:10:15.0005 5540 wmiApSrv - ok
15:10:15.0125 5540 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:10:15.0159 5540 WMPNetworkSvc - ok
15:10:15.0253 5540 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:10:15.0256 5540 WPCSvc - ok
15:10:15.0302 5540 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:10:15.0305 5540 WPDBusEnum - ok
15:10:15.0362 5540 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:10:15.0363 5540 ws2ifsl - ok
15:10:15.0438 5540 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:10:15.0442 5540 wscsvc - ok
15:10:15.0450 5540 WSearch - ok
15:10:15.0561 5540 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
15:10:15.0604 5540 wuauserv - ok
15:10:15.0651 5540 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:10:15.0653 5540 WudfPf - ok
15:10:15.0746 5540 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:10:15.0750 5540 WUDFRd - ok
15:10:15.0806 5540 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:10:15.0809 5540 wudfsvc - ok
15:10:15.0856 5540 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:10:15.0864 5540 WwanSvc - ok
15:10:15.0885 5540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:10:15.0930 5540 \Device\Harddisk0\DR0 - ok
15:10:15.0936 5540 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:10:15.0940 5540 \Device\Harddisk1\DR1 - ok
15:10:15.0945 5540 MBR (0x1B8) (5f0362d6bc9bc654367c6507c59278ef) \Device\Harddisk2\DR2
15:10:17.0733 5540 \Device\Harddisk2\DR2 - ok
15:10:17.0748 5540 Boot (0x1200) (3aab18da177d8754f5719627ed55f627) \Device\Harddisk0\DR0\Partition0
15:10:17.0749 5540 \Device\Harddisk0\DR0\Partition0 - ok
15:10:17.0763 5540 Boot (0x1200) (af3df3541ab612c7fa58e9aa43ef18b9) \Device\Harddisk0\DR0\Partition1
15:10:17.0765 5540 \Device\Harddisk0\DR0\Partition1 - ok
15:10:17.0768 5540 Boot (0x1200) (6b366799150caced37763f3991864dd5) \Device\Harddisk1\DR1\Partition0
15:10:17.0769 5540 \Device\Harddisk1\DR1\Partition0 - ok
15:10:17.0770 5540 ============================================================
15:10:17.0770 5540 Scan finished
15:10:17.0770 5540 ============================================================
15:10:17.0780 5164 Detected object count: 0
15:10:17.0780 5164 Actual detected object count: 0


aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 15:13:40
-----------------------------
15:13:40.431 OS Version: Windows 6.1.7601 Service Pack 1
15:13:40.431 Number of processors: 4 586 0xF0B
15:13:40.432 ComputerName: NEILS_PC UserName: Neil
15:13:41.838 Initialize success
15:17:11.934 AVAST engine defs: 12042001
15:17:24.924 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:17:24.928 Disk 0 Vendor: ST325031 3.AD Size: 238418MB BusType: 3
15:17:24.931 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077
15:17:24.934 Disk 1 Vendor: Size: 238418MB BusType: 0
15:17:24.938 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000079
15:17:24.941 Disk 2 Vendor: Size: 238418MB BusType: 0
15:17:24.953 Disk 0 MBR read successfully
15:17:24.957 Disk 0 MBR scan
15:17:24.964 Disk 0 Windows 7 default MBR code
15:17:24.968 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
15:17:24.982 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
15:17:24.998 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160
15:17:25.020 Disk 0 scanning sectors +488278016
15:17:25.433 Disk 0 scanning C:\Windows\system32\drivers
15:17:36.782 Service scanning
15:18:06.333 Modules scanning
15:18:16.497 Disk 0 trace - called modules:
15:18:16.521 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:18:16.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87120030]
15:18:16.533 3 CLASSPNP.SYS[8bfad59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86bd8030]
15:18:17.649 AVAST engine scan C:\Windows
15:18:20.432 AVAST engine scan C:\Windows\system32
15:21:07.540 AVAST engine scan C:\Windows\system32\drivers
15:21:19.035 AVAST engine scan C:\Users\Neil
15:21:59.718 Disk 0 MBR has been saved successfully to "C:\Users\Neil\Documents\MBR.dat"
15:21:59.728 The log file has been saved successfully to "C:\Users\Neil\Documents\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 20 April 2012 - 02:39 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 23 April 2012 - 12:06 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Yu Yu

Yu Yu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 23 April 2012 - 09:25 AM

Thanks for your patience Gringo,
I attempted to run the combofix diagnostic, however, mid-way through the test, I received a blue screen of death with something about a "hardware failure." The blue screen told me to contact my vendor.
Before I was infected with happili, I had problems with this computer's ram. I'm ordering new ram which should get here within the week. In the meantime, I will continue trying to run the combofix test, but it is possible that the test will not be able to finish until I fix my memory problems.
Is it possible that the virus would cause a blue screen?
With Love and Peace,
Yuyu

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 23 April 2012 - 09:47 PM

Hello


this virus would not cause a blue screen in my opinion, have you gotten any more redirects?

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 26 April 2012 - 01:03 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Yu Yu

Yu Yu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 April 2012 - 07:57 AM

Dear Mr. Gringo,
Thank you so much for the help. After changing out ram did not stop my blue screen problem, even in safe mode, my boss agreed to provide me a new machine. Thus, I am virus free.
One last question:
I would like to prevent this machine from accumulating the spyware that gave me problems on my last computer. What freeware programs would you recommend to use to prevent viruses, malware, and other bad things from eating away this computer?
With Love and Peace,
Joey

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 26 April 2012 - 12:45 PM

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Yu Yu

Yu Yu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 26 April 2012 - 12:53 PM

Thanks Gringo,
I'll be sure to load these.
With Love and Peace,
Yu Yu

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 26 April 2012 - 02:31 PM

Thank you and you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:18 AM

Posted 28 April 2012 - 11:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users