Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unidentified Google redirect malware


  • This topic is locked This topic is locked
31 replies to this topic

#1 C Hauesr

C Hauesr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 13 May 2012 - 11:31 AM

Hi, I'm a newbie so let me know if I have missed any steps here.

My Toshiba laptop has some type of Google search redirect malware. Typing in a URL in the address bar works fine, but if I do a Google search for something, then click on a result, I wind up at various sites. The really strange part is that this happens a few times, but then stops. However, the problem will recur.

I did a full system scan using Norton Internet Security and Malwarebytes Anti-malware (both up to date), and neither one detected the malware. Therefore, I cannot get rid of it.

I could not find a help guide on this in the Malware Removal Guide area.

Per your forum's instructions, I used Defogger to stop CD emulation.

I then ran DDS, and got the following log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by cjhauser at 11:49:16 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1649 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
TCP: Interfaces\{953AA761-23C1-4DC1-A20B-4C6574A4D8F3} : DhcpNameServer = 192.168.1.1 74.40.74.40
TCP: Interfaces\{953AA761-23C1-4DC1-A20B-4C6574A4D8F3}\6756E646F62737 : DhcpNameServer = 172.16.8.36 172.16.9.34
TCP: Interfaces\{953AA761-23C1-4DC1-A20B-4C6574A4D8F3}\B4E696768647B4E45445 : DhcpNameServer = 10.101.112.61 10.101.112.60 10.101.112.17
TCP: Interfaces\{953AA761-23C1-4DC1-A20B-4C6574A4D8F3}\C4F45525445435 : DhcpNameServer = 172.16.8.36 172.16.9.34
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cjhauser\AppData\Roaming\Mozilla\Firefox\Profiles\34jv9oxc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-11 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-11 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-27 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-27 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-10-27 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-12 13:25:49 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-12 13:25:49 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-12 13:25:47 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-12 13:25:47 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-12 13:25:46 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 13:25:46 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-12 13:24:36 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-12 13:24:07 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-12 13:24:05 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 13:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 13:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 13:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 13:24:03 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-05 22:48:00 0 ----a-w- C:\windows\SysWow64\sho26E1.tmp
2012-04-26 03:36:35 -------- d-----w- C:\Users\cjhauser\AppData\Local\Spotify
2012-04-26 03:34:37 -------- d-----w- C:\Users\cjhauser\AppData\Roaming\Spotify
2012-04-24 01:08:24 737912 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-04-24 01:08:24 451192 ----a-r- C:\windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-04-24 01:08:24 405624 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-04-24 01:08:24 37496 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-04-24 01:08:24 190072 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-04-24 01:08:24 167048 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-04-24 01:08:24 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-04-24 01:07:59 -------- d-----w- C:\windows\System32\drivers\NISx64\1307000.009
2012-04-21 02:02:02 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-06 09:36:20 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-23 23:02:49 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
.
============= FINISH: 11:50:20.22 ===============

I have attached the ATTACH.TXT log. I have also attached a pdf of my system info. It's 64-bit, so I skipped the GMER step.

Thank you for any advice you can provide. I greatly appreciate the time you all volunteer on this site!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 14 May 2012 - 12:05 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 17 May 2012 - 02:42 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 20 May 2012 - 12:13 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 20 May 2012 - 08:00 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 C Hauesr

C Hauesr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 21 May 2012 - 09:03 PM

I downloaded and ran securitycheck. Here are the contents of the resulting checkup.txt file:

Results of screen317's Security Check version 0.99.33
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SlimCleaner
Java™ 6 Update 25
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

The computer seemed to run OK. I then did a Google search for "Feed the Children" (using firefox), clicked on the first result and got a redirect.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 21 May 2012 - 09:39 PM

Greetings

after the security scan did you run combofix as indicated in the instructions? If you did I would like to see the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 C Hauesr

C Hauesr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 22 May 2012 - 04:29 PM

I got it downloaded. I need to run it, but I need to make sure I have Norton Internet Security completely disabled. The instructions on how to disable Norton are a little different than how NIS looks on my laptop. I should have the report up this evening.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 22 May 2012 - 05:49 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 C Hauesr

C Hauesr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 23 May 2012 - 12:02 AM

OK, I disabled NIS's antivirus, realtime protection and fireawall. I ran combofix, which informed me that a newer version was available, so I downloaded that and ran it.

Holy cats, it took two hours to run. The laptop went in to "sleep" mode a couple of times, so I had to "log back in" - hope that did not cause a problem.

Here is the combofix.txt report:

ComboFix 12-05-22.02 - cjhauser 05/22/2012 22:57:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2425 [GMT -4:00]
Running from: c:\users\cjhauser\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 04:30 . 2012-05-23 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 02:00 . 2012-05-23 02:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-23 02:00 . 2012-05-23 02:00 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-23 02:00 . 2012-05-23 02:00 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-18 20:17 . 2012-05-19 01:50 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005
2012-05-13 20:40 . 2012-05-13 20:40 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 20:40 . 2012-05-13 20:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-12 13:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 13:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 13:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 13:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 13:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 13:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 13:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 13:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 13:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 13:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 13:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 13:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 13:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-05 22:48 . 2012-05-05 22:48 0 ----a-w- c:\windows\SysWow64\sho26E1.tmp
2012-04-26 03:36 . 2012-05-21 02:12 -------- d-----w- c:\users\cjhauser\AppData\Local\Spotify
2012-04-26 03:34 . 2012-05-21 01:52 -------- d-----w- c:\users\cjhauser\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 09:36 . 2012-04-21 02:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 09:36 . 2011-07-22 01:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-12-26 18:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 23:02 . 2012-01-25 02:48 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-01 06:46 . 2012-04-11 21:53 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 21:53 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 21:53 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 21:53 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 21:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 21:53 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 21:53 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 21:57 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 21:57 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 21:57 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 21:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 21:57 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 21:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 21:57 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 21:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-27 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Spotify Web Helper"="c:\users\cjhauser\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-14 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-23 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120522.001\IDSvia64.sys [2012-05-01 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 06:29]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 06:29]
.
2012-04-29 c:\windows\Tasks\hpwebreg_CN15QCR0CP.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 02:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
FF - ProfilePath - c:\users\cjhauser\AppData\Roaming\Mozilla\Firefox\Profiles\34jv9oxc.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 00:41:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 04:41
.
Pre-Run: 261,027,627,008 bytes free
Post-Run: 260,521,922,560 bytes free
.
- - End Of File - - 7D76EFCF12883A2C0760D35739905D29



After running combofix, I re-enabled Norton Internet Security (antivirus, realtime and firewall). When I tried to open firefox, I got the "registry key illegal operation" error, so i rebooted and was then able to open firefox to post this.

I did a google search on "feed the children", clicked on the first result and got a redirect. I backed up to the results again and clicked the first result again, and went to the correct site. I then googled "St Marys University", clicked on the first result and got aa redirect, so the problem is still there apparently.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 23 May 2012 - 08:18 AM

Greetings C Hauesr

I would like to know which browsers are redirecting - Verify all of them that are installed on the computer IE.. FireFox, Internet explorer and any others that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 C Hauesr

C Hauesr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 23 May 2012 - 08:35 PM

gringo-

I have the following browsers installed:

firefox 12 (it just automatically updated to v. 12 minutes ago) - has redirect problem
chrome - can't confirm if it has problem or not
IE 9 - can't confirm if it has problem or not

The reason I can't "confirm" things either way is because problem is intermittent.

Do I need to disable Norton Internet Security before I run TDSSKiller or aswMBR?

Chris

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:25 AM

Posted 24 May 2012 - 09:03 AM

yes go ahead and turn norton off to run the scans

Uninstall firefox and if asked about user data or settings then remove that also.

restart the computer and reinstall firefox - check for redirects, let me know when you give me the TDSSKiller and aswMBR reports



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 C Hauesr

C Hauesr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 24 May 2012 - 06:32 PM

OK, I disabled Norton and ran TDSSKiller. It reported no infections. Here's the report file:

19:27:29.0429 0740 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
19:27:29.0866 0740 ============================================================
19:27:29.0866 0740 Current date / time: 2012/05/24 19:27:29.0866
19:27:29.0866 0740 SystemInfo:
19:27:29.0866 0740
19:27:29.0866 0740 OS Version: 6.1.7601 ServicePack: 1.0
19:27:29.0866 0740 Product type: Workstation
19:27:29.0866 0740 ComputerName: CJHAUSER-TLAP
19:27:29.0866 0740 UserName: cjhauser
19:27:29.0866 0740 Windows directory: C:\windows
19:27:29.0866 0740 System windows directory: C:\windows
19:27:29.0866 0740 Running under WOW64
19:27:29.0866 0740 Processor architecture: Intel x64
19:27:29.0866 0740 Number of processors: 2
19:27:29.0866 0740 Page size: 0x1000
19:27:29.0866 0740 Boot type: Normal boot
19:27:29.0866 0740 ============================================================
19:27:31.0863 0740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:31.0879 0740 ============================================================
19:27:31.0879 0740 \Device\Harddisk0\DR0:
19:27:31.0879 0740 MBR partitions:
19:27:31.0879 0740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
19:27:31.0879 0740 ============================================================
19:27:31.0926 0740 C: <-> \Device\Harddisk0\DR0\Partition0
19:27:31.0926 0740 ============================================================
19:27:31.0926 0740 Initialize success
19:27:31.0926 0740 ============================================================
19:27:41.0754 3432 ============================================================
19:27:41.0754 3432 Scan started
19:27:41.0754 3432 Mode: Manual;
19:27:41.0754 3432 ============================================================
19:27:42.0830 3432 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:27:42.0830 3432 1394ohci - ok
19:27:42.0892 3432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:27:42.0892 3432 ACPI - ok
19:27:42.0924 3432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:27:42.0924 3432 AcpiPmi - ok
19:27:43.0033 3432 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:27:43.0033 3432 AdobeARMservice - ok
19:27:43.0173 3432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:27:43.0173 3432 adp94xx - ok
19:27:43.0236 3432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:27:43.0236 3432 adpahci - ok
19:27:43.0267 3432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:27:43.0267 3432 adpu320 - ok
19:27:43.0314 3432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:27:43.0314 3432 AeLookupSvc - ok
19:27:43.0423 3432 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:27:43.0423 3432 AFD - ok
19:27:43.0485 3432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:27:43.0485 3432 agp440 - ok
19:27:43.0532 3432 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:27:43.0532 3432 ALG - ok
19:27:43.0594 3432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:27:43.0594 3432 aliide - ok
19:27:43.0657 3432 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
19:27:43.0672 3432 AMD External Events Utility - ok
19:27:43.0688 3432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:27:43.0688 3432 amdide - ok
19:27:43.0750 3432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:27:43.0750 3432 AmdK8 - ok
19:27:44.0593 3432 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
19:27:44.0796 3432 amdkmdag - ok
19:27:44.0983 3432 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
19:27:44.0983 3432 amdkmdap - ok
19:27:45.0076 3432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:27:45.0092 3432 AmdPPM - ok
19:27:45.0108 3432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:27:45.0108 3432 amdsata - ok
19:27:45.0139 3432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:27:45.0170 3432 amdsbs - ok
19:27:45.0170 3432 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:27:45.0170 3432 amdxata - ok
19:27:45.0217 3432 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
19:27:45.0217 3432 amd_sata - ok
19:27:45.0248 3432 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
19:27:45.0248 3432 amd_xata - ok
19:27:45.0295 3432 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:27:45.0295 3432 AppID - ok
19:27:45.0326 3432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:27:45.0342 3432 AppIDSvc - ok
19:27:45.0342 3432 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:27:45.0342 3432 Appinfo - ok
19:27:45.0420 3432 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:27:45.0420 3432 arc - ok
19:27:45.0435 3432 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:27:45.0435 3432 arcsas - ok
19:27:45.0466 3432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:27:45.0466 3432 AsyncMac - ok
19:27:45.0466 3432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:27:45.0466 3432 atapi - ok
19:27:45.0576 3432 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:45.0591 3432 AudioEndpointBuilder - ok
19:27:45.0607 3432 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:45.0607 3432 AudioSrv - ok
19:27:45.0654 3432 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:27:45.0654 3432 AxInstSV - ok
19:27:45.0747 3432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:27:45.0747 3432 b06bdrv - ok
19:27:45.0810 3432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:27:45.0825 3432 b57nd60a - ok
19:27:45.0888 3432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:27:45.0888 3432 BDESVC - ok
19:27:45.0919 3432 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:27:45.0919 3432 Beep - ok
19:27:46.0012 3432 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:27:46.0028 3432 BFE - ok
19:27:46.0324 3432 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
19:27:46.0340 3432 BHDrvx64 - ok
19:27:46.0543 3432 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:27:46.0543 3432 BITS - ok
19:27:46.0636 3432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:27:46.0636 3432 blbdrive - ok
19:27:46.0683 3432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:27:46.0699 3432 bowser - ok
19:27:46.0714 3432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:27:46.0714 3432 BrFiltLo - ok
19:27:46.0730 3432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:27:46.0730 3432 BrFiltUp - ok
19:27:46.0761 3432 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:27:46.0761 3432 BridgeMP - ok
19:27:46.0792 3432 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:27:46.0792 3432 Browser - ok
19:27:46.0855 3432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:27:46.0870 3432 Brserid - ok
19:27:46.0886 3432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:27:46.0886 3432 BrSerWdm - ok
19:27:46.0886 3432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:27:46.0886 3432 BrUsbMdm - ok
19:27:46.0902 3432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:27:46.0902 3432 BrUsbSer - ok
19:27:46.0917 3432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:27:46.0917 3432 BTHMODEM - ok
19:27:46.0964 3432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:27:46.0964 3432 bthserv - ok
19:27:47.0073 3432 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
19:27:47.0073 3432 ccSet_NIS - ok
19:27:47.0167 3432 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:27:47.0182 3432 cdfs - ok
19:27:47.0214 3432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:27:47.0214 3432 cdrom - ok
19:27:47.0260 3432 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:27:47.0260 3432 CertPropSvc - ok
19:27:47.0292 3432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:27:47.0292 3432 circlass - ok
19:27:47.0338 3432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:27:47.0338 3432 CLFS - ok
19:27:47.0416 3432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:47.0432 3432 clr_optimization_v2.0.50727_32 - ok
19:27:47.0463 3432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:27:47.0479 3432 clr_optimization_v2.0.50727_64 - ok
19:27:47.0572 3432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:47.0572 3432 clr_optimization_v4.0.30319_32 - ok
19:27:47.0619 3432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:27:47.0619 3432 clr_optimization_v4.0.30319_64 - ok
19:27:47.0650 3432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:27:47.0650 3432 CmBatt - ok
19:27:47.0666 3432 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:27:47.0666 3432 cmdide - ok
19:27:47.0760 3432 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:27:47.0775 3432 CNG - ok
19:27:47.0962 3432 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
19:27:47.0978 3432 CnxtHdAudService - ok
19:27:48.0118 3432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
19:27:48.0118 3432 Compbatt - ok
19:27:48.0150 3432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:27:48.0150 3432 CompositeBus - ok
19:27:48.0165 3432 COMSysApp - ok
19:27:48.0165 3432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:27:48.0181 3432 crcdisk - ok
19:27:48.0228 3432 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:27:48.0228 3432 CryptSvc - ok
19:27:48.0415 3432 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:27:48.0430 3432 cvhsvc - ok
19:27:48.0524 3432 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:27:48.0540 3432 DcomLaunch - ok
19:27:48.0602 3432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:27:48.0618 3432 defragsvc - ok
19:27:48.0711 3432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:27:48.0711 3432 DfsC - ok
19:27:48.0789 3432 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:27:48.0789 3432 Dhcp - ok
19:27:48.0820 3432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:27:48.0820 3432 discache - ok
19:27:48.0867 3432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:27:48.0883 3432 Disk - ok
19:27:48.0930 3432 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:27:48.0945 3432 Dnscache - ok
19:27:48.0976 3432 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:27:48.0976 3432 dot3svc - ok
19:27:49.0023 3432 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:27:49.0023 3432 DPS - ok
19:27:49.0070 3432 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:27:49.0070 3432 drmkaud - ok
19:27:49.0179 3432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:27:49.0195 3432 DXGKrnl - ok
19:27:49.0242 3432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:27:49.0242 3432 EapHost - ok
19:27:49.0554 3432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:27:49.0600 3432 ebdrv - ok
19:27:50.0006 3432 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:27:50.0006 3432 eeCtrl - ok
19:27:50.0131 3432 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:27:50.0131 3432 EFS - ok
19:27:50.0256 3432 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:27:50.0287 3432 ehRecvr - ok
19:27:50.0302 3432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:27:50.0302 3432 ehSched - ok
19:27:50.0443 3432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:27:50.0458 3432 elxstor - ok
19:27:50.0568 3432 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:27:50.0568 3432 EraserUtilRebootDrv - ok
19:27:50.0599 3432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:27:50.0599 3432 ErrDev - ok
19:27:50.0661 3432 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
19:27:50.0661 3432 ETD - ok
19:27:50.0739 3432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:27:50.0755 3432 EventSystem - ok
19:27:50.0817 3432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:27:50.0817 3432 exfat - ok
19:27:50.0833 3432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:27:50.0848 3432 fastfat - ok
19:27:50.0958 3432 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:27:50.0973 3432 Fax - ok
19:27:50.0973 3432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:27:50.0989 3432 fdc - ok
19:27:51.0036 3432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:27:51.0036 3432 fdPHost - ok
19:27:51.0036 3432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:27:51.0036 3432 FDResPub - ok
19:27:51.0098 3432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:27:51.0098 3432 FileInfo - ok
19:27:51.0114 3432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:27:51.0114 3432 Filetrace - ok
19:27:51.0114 3432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:27:51.0114 3432 flpydisk - ok
19:27:51.0145 3432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:27:51.0160 3432 FltMgr - ok
19:27:51.0285 3432 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:27:51.0301 3432 FontCache - ok
19:27:51.0394 3432 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:51.0394 3432 FontCache3.0.0.0 - ok
19:27:51.0457 3432 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:27:51.0472 3432 FsDepends - ok
19:27:51.0504 3432 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:27:51.0504 3432 Fs_Rec - ok
19:27:51.0550 3432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:27:51.0566 3432 fvevol - ok
19:27:51.0597 3432 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:27:51.0597 3432 FwLnk - ok
19:27:51.0660 3432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:27:51.0660 3432 gagp30kx - ok
19:27:51.0769 3432 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:27:51.0769 3432 GamesAppService - ok
19:27:51.0894 3432 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:27:51.0909 3432 gpsvc - ok
19:27:51.0987 3432 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:27:51.0987 3432 gupdate - ok
19:27:52.0003 3432 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:27:52.0003 3432 gupdatem - ok
19:27:52.0050 3432 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:27:52.0050 3432 gusvc - ok
19:27:52.0096 3432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:27:52.0096 3432 hcw85cir - ok
19:27:52.0159 3432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:27:52.0174 3432 HdAudAddService - ok
19:27:52.0190 3432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:27:52.0206 3432 HDAudBus - ok
19:27:52.0206 3432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:27:52.0206 3432 HidBatt - ok
19:27:52.0221 3432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:27:52.0221 3432 HidBth - ok
19:27:52.0252 3432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:27:52.0252 3432 HidIr - ok
19:27:52.0284 3432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:27:52.0284 3432 hidserv - ok
19:27:52.0330 3432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:27:52.0330 3432 HidUsb - ok
19:27:52.0362 3432 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:27:52.0362 3432 hkmsvc - ok
19:27:52.0408 3432 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:27:52.0408 3432 HomeGroupListener - ok
19:27:52.0455 3432 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:27:52.0455 3432 HomeGroupProvider - ok
19:27:52.0502 3432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:27:52.0502 3432 HpSAMD - ok
19:27:52.0596 3432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:27:52.0611 3432 HTTP - ok
19:27:52.0642 3432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:27:52.0642 3432 hwpolicy - ok
19:27:52.0674 3432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:27:52.0689 3432 i8042prt - ok
19:27:52.0736 3432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:27:52.0752 3432 iaStorV - ok
19:27:52.0861 3432 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:27:52.0876 3432 idsvc - ok
19:27:53.0157 3432 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120524.001\IDSvia64.sys
19:27:53.0157 3432 IDSVia64 - ok
19:27:53.0313 3432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:27:53.0313 3432 iirsp - ok
19:27:53.0422 3432 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:27:53.0438 3432 IKEEXT - ok
19:27:53.0454 3432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:27:53.0454 3432 intelide - ok
19:27:53.0485 3432 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
19:27:53.0485 3432 intelppm - ok
19:27:53.0625 3432 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:27:53.0625 3432 IntuitUpdateServiceV4 - ok
19:27:53.0688 3432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:27:53.0688 3432 IPBusEnum - ok
19:27:53.0734 3432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:27:53.0734 3432 IpFilterDriver - ok
19:27:53.0812 3432 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:27:53.0828 3432 iphlpsvc - ok
19:27:53.0844 3432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:27:53.0844 3432 IPMIDRV - ok
19:27:53.0859 3432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:27:53.0859 3432 IPNAT - ok
19:27:53.0890 3432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:27:53.0890 3432 IRENUM - ok
19:27:53.0906 3432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:27:53.0906 3432 isapnp - ok
19:27:53.0937 3432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:27:53.0953 3432 iScsiPrt - ok
19:27:54.0000 3432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:27:54.0000 3432 kbdclass - ok
19:27:54.0031 3432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:27:54.0031 3432 kbdhid - ok
19:27:54.0078 3432 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:54.0078 3432 KeyIso - ok
19:27:54.0109 3432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:27:54.0109 3432 KSecDD - ok
19:27:54.0140 3432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:27:54.0156 3432 KSecPkg - ok
19:27:54.0171 3432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:27:54.0171 3432 ksthunk - ok
19:27:54.0234 3432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:27:54.0249 3432 KtmRm - ok
19:27:54.0296 3432 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
19:27:54.0296 3432 L1C - ok
19:27:54.0343 3432 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:27:54.0358 3432 LanmanServer - ok
19:27:54.0421 3432 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:27:54.0421 3432 LanmanWorkstation - ok
19:27:54.0499 3432 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:27:54.0499 3432 lltdio - ok
19:27:54.0561 3432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:27:54.0561 3432 lltdsvc - ok
19:27:54.0592 3432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:27:54.0592 3432 lmhosts - ok
19:27:54.0624 3432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:27:54.0624 3432 LSI_FC - ok
19:27:54.0655 3432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:27:54.0655 3432 LSI_SAS - ok
19:27:54.0686 3432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:27:54.0686 3432 LSI_SAS2 - ok
19:27:54.0702 3432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:27:54.0702 3432 LSI_SCSI - ok
19:27:54.0717 3432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:27:54.0717 3432 luafv - ok
19:27:54.0764 3432 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:27:54.0764 3432 Mcx2Svc - ok
19:27:54.0780 3432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:27:54.0780 3432 megasas - ok
19:27:54.0826 3432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:27:54.0826 3432 MegaSR - ok
19:27:54.0858 3432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:27:54.0858 3432 MMCSS - ok
19:27:54.0904 3432 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:27:54.0904 3432 Modem - ok
19:27:54.0920 3432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:27:54.0920 3432 monitor - ok
19:27:54.0936 3432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:27:54.0936 3432 mouclass - ok
19:27:54.0951 3432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:27:54.0951 3432 mouhid - ok
19:27:54.0982 3432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:27:54.0982 3432 mountmgr - ok
19:27:55.0107 3432 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:27:55.0123 3432 MozillaMaintenance - ok
19:27:55.0154 3432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:27:55.0154 3432 mpio - ok
19:27:55.0185 3432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:27:55.0201 3432 mpsdrv - ok
19:27:55.0294 3432 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:27:55.0310 3432 MpsSvc - ok
19:27:55.0326 3432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:27:55.0326 3432 MRxDAV - ok
19:27:55.0357 3432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:27:55.0357 3432 mrxsmb - ok
19:27:55.0419 3432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:27:55.0419 3432 mrxsmb10 - ok
19:27:55.0435 3432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:27:55.0450 3432 mrxsmb20 - ok
19:27:55.0466 3432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:27:55.0466 3432 msahci - ok
19:27:55.0497 3432 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:27:55.0513 3432 msdsm - ok
19:27:55.0544 3432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:27:55.0560 3432 MSDTC - ok
19:27:55.0575 3432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:27:55.0575 3432 Msfs - ok
19:27:55.0591 3432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:27:55.0591 3432 mshidkmdf - ok
19:27:55.0591 3432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:27:55.0606 3432 msisadrv - ok
19:27:55.0653 3432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:27:55.0653 3432 MSiSCSI - ok
19:27:55.0669 3432 msiserver - ok
19:27:55.0716 3432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:27:55.0731 3432 MSKSSRV - ok
19:27:55.0731 3432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:27:55.0731 3432 MSPCLOCK - ok
19:27:55.0747 3432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:27:55.0747 3432 MSPQM - ok
19:27:55.0794 3432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:27:55.0794 3432 MsRPC - ok
19:27:55.0840 3432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:27:55.0840 3432 mssmbios - ok
19:27:55.0840 3432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:27:55.0840 3432 MSTEE - ok
19:27:55.0856 3432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:27:55.0856 3432 MTConfig - ok
19:27:55.0872 3432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:27:55.0872 3432 Mup - ok
19:27:55.0950 3432 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:27:55.0965 3432 napagent - ok
19:27:56.0028 3432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:27:56.0043 3432 NativeWifiP - ok
19:27:56.0215 3432 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120524.003\ENG64.SYS
19:27:56.0215 3432 NAVENG - ok
19:27:56.0418 3432 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120524.003\EX64.SYS
19:27:56.0449 3432 NAVEX15 - ok
19:27:56.0730 3432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:27:56.0745 3432 NDIS - ok
19:27:56.0776 3432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:27:56.0792 3432 NdisCap - ok
19:27:56.0808 3432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:27:56.0808 3432 NdisTapi - ok
19:27:56.0839 3432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:27:56.0839 3432 Ndisuio - ok
19:27:56.0854 3432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:27:56.0854 3432 NdisWan - ok
19:27:56.0886 3432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:27:56.0886 3432 NDProxy - ok
19:27:56.0901 3432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:27:56.0901 3432 NetBIOS - ok
19:27:56.0948 3432 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:27:56.0948 3432 NetBT - ok
19:27:57.0057 3432 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:57.0073 3432 Netlogon - ok
19:27:57.0198 3432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:27:57.0213 3432 Netman - ok
19:27:57.0291 3432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:27:57.0291 3432 netprofm - ok
19:27:57.0369 3432 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:57.0385 3432 NetTcpPortSharing - ok
19:27:57.0432 3432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:27:57.0447 3432 nfrd960 - ok
19:27:57.0650 3432 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
19:27:57.0650 3432 NIS - ok
19:27:57.0712 3432 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:27:57.0728 3432 NlaSvc - ok
19:27:57.0759 3432 Norton PC Checkup Application Launcher - ok
19:27:57.0790 3432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:27:57.0790 3432 Npfs - ok
19:27:57.0806 3432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:27:57.0806 3432 nsi - ok
19:27:57.0837 3432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:27:57.0837 3432 nsiproxy - ok
19:27:57.0993 3432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:27:58.0024 3432 Ntfs - ok
19:27:58.0149 3432 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:27:58.0149 3432 Null - ok
19:27:58.0196 3432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:27:58.0212 3432 nvraid - ok
19:27:58.0243 3432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:27:58.0243 3432 nvstor - ok
19:27:58.0274 3432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:27:58.0274 3432 nv_agp - ok
19:27:58.0305 3432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:27:58.0305 3432 ohci1394 - ok
19:27:58.0399 3432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:58.0399 3432 ose - ok
19:27:58.0898 3432 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:27:59.0007 3432 osppsvc - ok
19:27:59.0179 3432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:59.0179 3432 p2pimsvc - ok
19:27:59.0241 3432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:27:59.0257 3432 p2psvc - ok
19:27:59.0319 3432 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:27:59.0319 3432 Parport - ok
19:27:59.0350 3432 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:27:59.0350 3432 partmgr - ok
19:27:59.0397 3432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:27:59.0413 3432 PcaSvc - ok
19:27:59.0491 3432 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
19:27:59.0506 3432 PCCUJobMgr - ok
19:27:59.0553 3432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:27:59.0553 3432 pci - ok
19:27:59.0569 3432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:27:59.0569 3432 pciide - ok
19:27:59.0584 3432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:27:59.0600 3432 pcmcia - ok
19:27:59.0600 3432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:27:59.0600 3432 pcw - ok
19:27:59.0678 3432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:27:59.0694 3432 PEAUTH - ok
19:27:59.0803 3432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:27:59.0803 3432 PerfHost - ok
19:27:59.0865 3432 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
19:27:59.0865 3432 PGEffect - ok
19:28:00.0021 3432 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:28:00.0052 3432 pla - ok
19:28:00.0130 3432 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:28:00.0130 3432 PlugPlay - ok
19:28:00.0162 3432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:28:00.0177 3432 PNRPAutoReg - ok
19:28:00.0208 3432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:28:00.0208 3432 PNRPsvc - ok
19:28:00.0302 3432 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:28:00.0302 3432 PolicyAgent - ok
19:28:00.0349 3432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:28:00.0364 3432 Power - ok
19:28:00.0458 3432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:28:00.0458 3432 PptpMiniport - ok
19:28:00.0474 3432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:28:00.0474 3432 Processor - ok
19:28:00.0536 3432 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:28:00.0536 3432 ProfSvc - ok
19:28:00.0567 3432 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:00.0567 3432 ProtectedStorage - ok
19:28:00.0614 3432 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:28:00.0614 3432 Psched - ok
19:28:00.0786 3432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:28:00.0817 3432 ql2300 - ok
19:28:00.0957 3432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:28:00.0957 3432 ql40xx - ok
19:28:01.0035 3432 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:28:01.0051 3432 QWAVE - ok
19:28:01.0051 3432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:28:01.0066 3432 QWAVEdrv - ok
19:28:01.0066 3432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:28:01.0066 3432 RasAcd - ok
19:28:01.0129 3432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:28:01.0129 3432 RasAgileVpn - ok
19:28:01.0160 3432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:28:01.0160 3432 RasAuto - ok
19:28:01.0191 3432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:28:01.0191 3432 Rasl2tp - ok
19:28:01.0269 3432 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:28:01.0269 3432 RasMan - ok
19:28:01.0316 3432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:28:01.0316 3432 RasPppoe - ok
19:28:01.0332 3432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:28:01.0347 3432 RasSstp - ok
19:28:01.0394 3432 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:28:01.0394 3432 rdbss - ok
19:28:01.0410 3432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:28:01.0410 3432 rdpbus - ok
19:28:01.0425 3432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:28:01.0425 3432 RDPCDD - ok
19:28:01.0441 3432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:28:01.0441 3432 RDPENCDD - ok
19:28:01.0456 3432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:28:01.0456 3432 RDPREFMP - ok
19:28:01.0519 3432 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:28:01.0519 3432 RDPWD - ok
19:28:01.0581 3432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:28:01.0581 3432 rdyboost - ok
19:28:01.0612 3432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:28:01.0628 3432 RemoteAccess - ok
19:28:01.0659 3432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:28:01.0675 3432 RemoteRegistry - ok
19:28:01.0690 3432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:28:01.0690 3432 RpcEptMapper - ok
19:28:01.0722 3432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:28:01.0722 3432 RpcLocator - ok
19:28:01.0800 3432 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:28:01.0800 3432 RpcSs - ok
19:28:01.0846 3432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:28:01.0862 3432 rspndr - ok
19:28:01.0924 3432 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
19:28:01.0924 3432 RSUSBSTOR - ok
19:28:02.0065 3432 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
19:28:02.0065 3432 RTL8192Ce - ok
19:28:02.0096 3432 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:02.0096 3432 SamSs - ok
19:28:02.0143 3432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:28:02.0143 3432 sbp2port - ok
19:28:02.0190 3432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:28:02.0190 3432 SCardSvr - ok
19:28:02.0205 3432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:28:02.0205 3432 scfilter - ok
19:28:02.0330 3432 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:28:02.0346 3432 Schedule - ok
19:28:02.0377 3432 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:28:02.0377 3432 SCPolicySvc - ok
19:28:02.0408 3432 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:28:02.0424 3432 SDRSVC - ok
19:28:02.0486 3432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:28:02.0486 3432 secdrv - ok
19:28:02.0548 3432 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:28:02.0548 3432 seclogon - ok
19:28:02.0580 3432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:28:02.0580 3432 SENS - ok
19:28:02.0595 3432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:28:02.0611 3432 SensrSvc - ok
19:28:02.0611 3432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:28:02.0611 3432 Serenum - ok
19:28:02.0658 3432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:28:02.0658 3432 Serial - ok
19:28:02.0689 3432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:28:02.0689 3432 sermouse - ok
19:28:02.0736 3432 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:28:02.0751 3432 SessionEnv - ok
19:28:02.0751 3432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:28:02.0751 3432 sffdisk - ok
19:28:02.0767 3432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:28:02.0767 3432 sffp_mmc - ok
19:28:02.0782 3432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:28:02.0782 3432 sffp_sd - ok
19:28:02.0782 3432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:28:02.0782 3432 sfloppy - ok
19:28:02.0892 3432 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:28:02.0907 3432 Sftfs - ok
19:28:03.0063 3432 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:28:03.0079 3432 sftlist - ok
19:28:03.0126 3432 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:28:03.0126 3432 Sftplay - ok
19:28:03.0157 3432 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:28:03.0157 3432 Sftredir - ok
19:28:03.0204 3432 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:28:03.0204 3432 Sftvol - ok
19:28:03.0266 3432 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:28:03.0266 3432 sftvsa - ok
19:28:03.0344 3432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:28:03.0360 3432 SharedAccess - ok
19:28:03.0438 3432 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:28:03.0438 3432 ShellHWDetection - ok
19:28:03.0500 3432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:28:03.0500 3432 SiSRaid2 - ok
19:28:03.0516 3432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:28:03.0516 3432 SiSRaid4 - ok
19:28:03.0547 3432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:28:03.0547 3432 Smb - ok
19:28:03.0594 3432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:28:03.0594 3432 SNMPTRAP - ok
19:28:03.0609 3432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:28:03.0609 3432 spldr - ok
19:28:03.0672 3432 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:28:03.0687 3432 Spooler - ok
19:28:03.0999 3432 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:28:04.0046 3432 sppsvc - ok
19:28:04.0171 3432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:28:04.0186 3432 sppuinotify - ok
19:28:04.0358 3432 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
19:28:04.0374 3432 SRTSP - ok
19:28:04.0405 3432 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
19:28:04.0405 3432 SRTSPX - ok
19:28:04.0483 3432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:28:04.0483 3432 srv - ok
19:28:04.0545 3432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:28:04.0545 3432 srv2 - ok
19:28:04.0576 3432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:28:04.0576 3432 srvnet - ok
19:28:04.0654 3432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:28:04.0654 3432 SSDPSRV - ok
19:28:04.0670 3432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:28:04.0686 3432 SstpSvc - ok
19:28:04.0701 3432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:28:04.0701 3432 stexstor - ok
19:28:04.0748 3432 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
19:28:04.0748 3432 StillCam - ok
19:28:04.0842 3432 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:28:04.0842 3432 stisvc - ok
19:28:04.0888 3432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:28:04.0888 3432 swenum - ok
19:28:04.0982 3432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:28:04.0982 3432 swprv - ok
19:28:05.0481 3432 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
19:28:05.0497 3432 SymDS - ok
19:28:05.0622 3432 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
19:28:05.0637 3432 SymEFA - ok
19:28:05.0715 3432 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:28:05.0715 3432 SymEvent - ok
19:28:05.0762 3432 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
19:28:05.0762 3432 SymIRON - ok
19:28:05.0824 3432 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
19:28:05.0840 3432 SymNetS - ok
19:28:06.0027 3432 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:28:06.0058 3432 SysMain - ok
19:28:06.0199 3432 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:28:06.0199 3432 TabletInputService - ok
19:28:06.0246 3432 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:28:06.0261 3432 TapiSrv - ok
19:28:06.0277 3432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:28:06.0277 3432 TBS - ok
19:28:06.0511 3432 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:28:06.0542 3432 Tcpip - ok
19:28:06.0901 3432 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:28:06.0916 3432 TCPIP6 - ok
19:28:07.0088 3432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:28:07.0088 3432 tcpipreg - ok
19:28:07.0135 3432 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:28:07.0135 3432 tdcmdpst - ok
19:28:07.0150 3432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:28:07.0150 3432 TDPIPE - ok
19:28:07.0197 3432 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:28:07.0197 3432 TDTCP - ok
19:28:07.0228 3432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:28:07.0228 3432 tdx - ok
19:28:07.0244 3432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:28:07.0244 3432 TermDD - ok
19:28:07.0322 3432 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:28:07.0338 3432 TermService - ok
19:28:07.0353 3432 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:28:07.0353 3432 Themes - ok
19:28:07.0384 3432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:28:07.0400 3432 THREADORDER - ok
19:28:07.0509 3432 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:28:07.0509 3432 TMachInfo - ok
19:28:07.0572 3432 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
19:28:07.0587 3432 TODDSrv - ok
19:28:07.0712 3432 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:28:07.0728 3432 TosCoSrv - ok
19:28:07.0837 3432 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:28:07.0837 3432 TOSHIBA HDD SSD Alert Service - ok
19:28:07.0884 3432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:28:07.0884 3432 TrkWks - ok
19:28:07.0962 3432 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:28:07.0962 3432 TrustedInstaller - ok
19:28:08.0008 3432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:28:08.0024 3432 tssecsrv - ok
19:28:08.0040 3432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:28:08.0040 3432 TsUsbFlt - ok
19:28:08.0055 3432 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:28:08.0055 3432 TsUsbGD - ok
19:28:08.0086 3432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:28:08.0086 3432 tunnel - ok
19:28:08.0133 3432 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:28:08.0133 3432 TVALZ - ok
19:28:08.0164 3432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:28:08.0164 3432 uagp35 - ok
19:28:08.0242 3432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:28:08.0242 3432 udfs - ok
19:28:08.0289 3432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:28:08.0289 3432 UI0Detect - ok
19:28:08.0336 3432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:28:08.0336 3432 uliagpkx - ok
19:28:08.0367 3432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:28:08.0367 3432 umbus - ok
19:28:08.0383 3432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:28:08.0383 3432 UmPass - ok
19:28:08.0430 3432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:28:08.0445 3432 upnphost - ok
19:28:08.0476 3432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:28:08.0476 3432 usbccgp - ok
19:28:08.0508 3432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:28:08.0523 3432 usbcir - ok
19:28:08.0554 3432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:28:08.0554 3432 usbehci - ok
19:28:08.0617 3432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:28:08.0617 3432 usbhub - ok
19:28:08.0632 3432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:28:08.0648 3432 usbohci - ok
19:28:08.0664 3432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
19:28:08.0664 3432 usbprint - ok
19:28:08.0679 3432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:28:08.0679 3432 USBSTOR - ok
19:28:08.0695 3432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:28:08.0695 3432 usbuhci - ok
19:28:08.0742 3432 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:28:08.0757 3432 usbvideo - ok
19:28:08.0788 3432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:28:08.0788 3432 UxSms - ok
19:28:08.0820 3432 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:08.0820 3432 VaultSvc - ok
19:28:08.0866 3432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:28:08.0866 3432 vdrvroot - ok
19:28:08.0929 3432 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:28:08.0944 3432 vds - ok
19:28:08.0976 3432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:28:08.0976 3432 vga - ok
19:28:08.0976 3432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:28:08.0976 3432 VgaSave - ok
19:28:09.0022 3432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:28:09.0038 3432 vhdmp - ok
19:28:09.0054 3432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:28:09.0054 3432 viaide - ok
19:28:09.0069 3432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:28:09.0069 3432 volmgr - ok
19:28:09.0116 3432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:28:09.0132 3432 volmgrx - ok
19:28:09.0163 3432 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
19:28:09.0178 3432 volsnap - ok
19:28:09.0241 3432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:28:09.0241 3432 vsmraid - ok
19:28:09.0428 3432 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:28:09.0444 3432 VSS - ok
19:28:09.0600 3432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:28:09.0600 3432 vwifibus - ok
19:28:09.0631 3432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:28:09.0646 3432 vwififlt - ok
19:28:09.0724 3432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:28:09.0740 3432 W32Time - ok
19:28:09.0771 3432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:28:09.0771 3432 WacomPen - ok
19:28:09.0802 3432 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:09.0802 3432 WANARP - ok
19:28:09.0802 3432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:09.0802 3432 Wanarpv6 - ok
19:28:09.0974 3432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:28:09.0990 3432 WatAdminSvc - ok
19:28:10.0146 3432 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:28:10.0177 3432 wbengine - ok
19:28:10.0317 3432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:28:10.0317 3432 WbioSrvc - ok
19:28:10.0364 3432 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:28:10.0364 3432 wcncsvc - ok
19:28:10.0380 3432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:28:10.0395 3432 WcsPlugInService - ok
19:28:10.0458 3432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:28:10.0458 3432 Wd - ok
19:28:10.0536 3432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:28:10.0536 3432 Wdf01000 - ok
19:28:10.0582 3432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:10.0582 3432 WdiServiceHost - ok
19:28:10.0598 3432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:10.0598 3432 WdiSystemHost - ok
19:28:10.0629 3432 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:28:10.0645 3432 WebClient - ok
19:28:10.0676 3432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:28:10.0692 3432 Wecsvc - ok
19:28:10.0707 3432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:28:10.0707 3432 wercplsupport - ok
19:28:10.0770 3432 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:28:10.0770 3432 WerSvc - ok
19:28:10.0848 3432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:28:10.0848 3432 WfpLwf - ok
19:28:10.0848 3432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:28:10.0848 3432 WIMMount - ok
19:28:10.0894 3432 WinDefend - ok
19:28:10.0910 3432 WinHttpAutoProxySvc - ok
19:28:10.0972 3432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:28:10.0972 3432 Winmgmt - ok
19:28:11.0206 3432 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:28:11.0222 3432 WinRM - ok
19:28:11.0472 3432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:28:11.0472 3432 Wlansvc - ok
19:28:11.0581 3432 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:28:11.0581 3432 wlcrasvc - ok
19:28:11.0846 3432 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:11.0877 3432 wlidsvc - ok
19:28:12.0018 3432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:28:12.0018 3432 WmiAcpi - ok
19:28:12.0096 3432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:28:12.0111 3432 wmiApSrv - ok
19:28:12.0142 3432 WMPNetworkSvc - ok
19:28:12.0189 3432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:28:12.0189 3432 WPCSvc - ok
19:28:12.0205 3432 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:28:12.0205 3432 WPDBusEnum - ok
19:28:12.0252 3432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:28:12.0252 3432 ws2ifsl - ok
19:28:12.0283 3432 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:28:12.0283 3432 wscsvc - ok
19:28:12.0330 3432 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
19:28:12.0330 3432 WSDPrintDevice - ok
19:28:12.0330 3432 WSearch - ok
19:28:12.0579 3432 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:28:12.0610 3432 wuauserv - ok
19:28:12.0766 3432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:28:12.0766 3432 WudfPf - ok
19:28:12.0798 3432 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:28:12.0798 3432 WUDFRd - ok
19:28:12.0844 3432 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:28:12.0844 3432 wudfsvc - ok
19:28:12.0876 3432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:28:12.0891 3432 WwanSvc - ok
19:28:12.0938 3432 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:28:13.0328 3432 \Device\Harddisk0\DR0 - ok
19:28:13.0344 3432 Boot (0x1200) (d35c9208c5e13d2aff2de93101550b67) \Device\Harddisk0\DR0\Partition0
19:28:13.0344 3432 \Device\Harddisk0\DR0\Partition0 - ok
19:28:13.0344 3432 ============================================================
19:28:13.0344 3432 Scan finished
19:28:13.0344 3432 ============================================================
19:28:13.0375 3232 Detected object count: 0
19:28:13.0375 3232 Actual detected object count: 0


I'll let you know what aswMBR says shortly...

#15 C Hauesr

C Hauesr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 24 May 2012 - 07:08 PM

I have now run aswMBR. Here is the report from aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 19:34:13
-----------------------------
19:34:13.027 OS Version: Windows x64 6.1.7601 Service Pack 1
19:34:13.027 Number of processors: 2 586 0x200
19:34:13.027 ComputerName: CJHAUSER-TLAP UserName: cjhauser
19:34:15.383 Initialize success
19:49:41.527 AVAST engine defs: 12052402
19:50:26.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
19:50:26.502 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
19:50:26.517 Disk 0 MBR read successfully
19:50:26.533 Disk 0 MBR scan
19:50:26.533 Disk 0 Windows VISTA default MBR code
19:50:26.548 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:50:26.580 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291228 MB offset 3074048
19:50:26.611 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12516 MB offset 599508992
19:50:26.689 Disk 0 scanning C:\windows\system32\drivers
19:50:36.626 Service scanning
19:51:20.681 Modules scanning
19:51:20.696 Disk 0 trace - called modules:
19:51:20.743 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:51:20.743 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800411d060]
19:51:20.759 3 CLASSPNP.SYS[fffff88001bc143f] -> nt!IofCallDriver -> [0xfffffa8003c0c040]
19:51:20.774 5 amd_xata.sys[fffff880010a28b4] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8003c032c0]
19:51:22.412 AVAST engine scan C:\windows
19:51:26.141 AVAST engine scan C:\windows\system32
19:55:41.123 AVAST engine scan C:\windows\system32\drivers
19:56:00.061 AVAST engine scan C:\Users\cjhauser
20:01:22.155 AVAST engine scan C:\ProgramData
20:02:22.449 Scan finished successfully
20:03:20.793 Disk 0 MBR has been saved successfully to "C:\Users\cjhauser\Desktop\MBR.dat"
20:03:20.809 The log file has been saved successfully to "C:\Users\cjhauser\Desktop\aswMBR.txt"


I will now uninstall and re-install firefox and let you know what happens.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users