Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware Infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 JBR64

JBR64

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 13 August 2012 - 02:04 PM

I have the malware that redirects Google search results to a website http://8.26.70.252. Sometimes alternate numbers are used in the redirect. This malware is discussed in the forums by others who were infected. I am using MS Office Internet Explorer (2007)and Norton 360 v6. Operating system is Windows Vista 64bit.
I am not a computer savy person. I went through the directions to create the two logs which are attached. However there were two steps which I struggled with. The first was the requirement to disable script blocking programs. I could not identify any programs with script blocking, but am not sure I knew what to look for. I do not know if I have any script blocking programs, but if I do, it is not disabled.
The second was to skip step 8 if I have a 64 bit system, which I did. Not sure if I am running in 32 or 64 bit mode, but I skipped step 8.
I read the forums on this malware and have heeded the warnings to not try quick fixes when I don't know what I am doing. As such I did not run Norton Power Eraser, or any other malware removal software. Norton does not detect this malware.
Thanks for any help than can be provided.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 14 August 2012 - 01:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 14 August 2012 - 04:48 PM

Gringo,
Thanks for your help.
The only adverse consequence I have noticed from this malware is the redirect of Google search results. The capability to open Googles search results is gone.
I disabled the Norton and Windows Security, and then ran Security Check by screen317, and pasted the log results in my reply. Unfortunately when I ran Combofix it rebooted my computer it closed my reply and the log results were lost as well. I then reran Security Check by screen317, and it's log results are pasted below. Plese note there resulta are after Combofix had run.

The last thing I have done is I re-enabled the Norton Firewall and Antivirus. I then opened Google, did a search, and clicked one of the search results, AND I WENT TO THE CORRECT SITE WITHOUT THE REDIRECT!!!!! From this one test it appears the Google redirect problem is fixed. Are there additional steps or checks you want me to run?
Thanks again
JBR64

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java™ 6 Update 5
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


The Combofix Log is below.

ComboFix 12-08-14.05 - Byers 08/14/2012 16:52:27.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.2855 [GMT -4:00]
Running from: c:\users\Byers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0QOD7ZO\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Byers\AppData\Local\Apps\Apple Computer\xhksdh.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\Autorun.inf
K:\Autorun.inf
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 21:02 . 2012-08-14 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 18:00 . 2012-08-12 20:30 -------- d-----w- c:\users\Byers\Docs Not Backedup
2012-08-09 02:31 . 2012-08-09 02:30 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-09 02:28 . 2012-08-09 02:28 -------- d-----w- c:\programdata\McAfee
2012-07-26 21:31 . 2012-07-26 21:31 127488 ----a-w- c:\programdata\Microsoft\Windows\DRM\2852.tmp.dat
2012-07-19 00:27 . 2012-08-06 03:42 -------- d-----w- c:\users\Byers\AppData\Roaming\FamilyTreeMaker
2012-07-18 23:52 . 2012-07-18 23:52 -------- d-----w- c:\users\Byers\AppData\Local\IsolatedStorage
2012-07-18 23:50 . 2012-07-18 23:50 -------- d-----w- c:\users\Byers\AppData\Local\Ancestry.com
2012-07-18 23:48 . 2012-07-18 23:51 -------- d-----w- c:\program files (x86)\Family Tree Maker 2012
2012-07-18 23:48 . 2012-07-18 23:48 -------- d-----w- c:\program files (x86)\BCL Technologies
2012-07-18 23:42 . 2012-07-18 23:49 -------- d--h--w- c:\programdata\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 02:30 . 2011-04-15 15:36 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 07:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-13 13:58 . 2012-07-12 07:01 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 08:23 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 08:23 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 08:23 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 08:23 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 08:23 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 08:23 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 02:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 02:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 02:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 02:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 02:21 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 02:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 02:21 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 02:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 02:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 02:21 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-19 02:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-19 02:21 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 02:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-19 02:21 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-12 07:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 07:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 07:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 07:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 07:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 07:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 07:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 07:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 07:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 07:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 08:23 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 08:23 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 08:23 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 08:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 08:23 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2008-12-27 18:56 . 2008-12-27 18:56 163712 ----a-w- c:\program files\pfbackup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2011-04-24 239488]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-01 539800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-11 49152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-05 296056]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Byers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-1-25 2010408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2008-7-12 221247]
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-5-20 237568]
Event Reminder.lnk - c:\program files (x86)\PrintMaster Platinum 18\Remind.exe [2007-9-9 344064]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2011-4-4 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-08-02 14:23]
.
2012-08-12 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-08-02 14:23]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 03:48]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 03:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-16 5453824]
"Skytel"="Skytel.exe" [2008-03-16 1826816]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"combofix"="c:\combofix\CF5458.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: epa.gov
TCP: DhcpNameServer = 192.168.1.254
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///E:/Scripts/LTOCX14N.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Byers\AppData\Local\Apps\Apple Computer\xhksdh.dll
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Family Tree Maker - c:\ftw\Uninst.isu
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-08-14 17:14:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 21:14
.
Pre-Run: 377,674,973,184 bytes free
Post-Run: 376,856,358,912 bytes free
.
- - End Of File - - 9E9E4FF5C512F844120C7B1FECBF155B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 14 August 2012 - 07:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 14 August 2012 - 07:36 PM

Gringo,
Thanks for the quick reply,
I have checked additional internet sites and have not seen any problems from the malware since the last downloads.
Do i need to disable the security (Norton firewall, Antivirus , Spam) before running TDSSKiller and aswMBR?

JBR64

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 14 August 2012 - 08:20 PM

very good and yes it is better to have off as much as possible


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 14 August 2012 - 08:54 PM

Gringo,
I disabled the Norton Security and ran the TDSSKiller and aswMBR scans. The logs are pasted below.
Thanks and best regards,
JBR64

21:29:08.0681 3108 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:29:09.0139 3108 ============================================================
21:29:09.0139 3108 Current date / time: 2012/08/14 21:29:09.0139
21:29:09.0139 3108 SystemInfo:
21:29:09.0139 3108
21:29:09.0139 3108 OS Version: 6.0.6002 ServicePack: 2.0
21:29:09.0139 3108 Product type: Workstation
21:29:09.0139 3108 ComputerName: BYERS-HOME-PC
21:29:09.0140 3108 UserName: Byers
21:29:09.0140 3108 Windows directory: C:\Windows
21:29:09.0140 3108 System windows directory: C:\Windows
21:29:09.0140 3108 Running under WOW64
21:29:09.0140 3108 Processor architecture: Intel x64
21:29:09.0140 3108 Number of processors: 4
21:29:09.0140 3108 Page size: 0x1000
21:29:09.0140 3108 Boot type: Normal boot
21:29:09.0140 3108 ============================================================
21:29:11.0156 3108 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:29:11.0265 3108 Drive \Device\Harddisk5\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:29:15.0011 3108 ============================================================
21:29:15.0011 3108 \Device\Harddisk0\DR0:
21:29:15.0011 3108 MBR partitions:
21:29:15.0011 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1EFE6E8
21:29:15.0011 3108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EFE727, BlocksNum 0x4895879A
21:29:15.0011 3108 \Device\Harddisk5\DR5:
21:29:15.0013 3108 MBR partitions:
21:29:15.0013 3108 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542EA70
21:29:15.0013 3108 ============================================================
21:29:15.0045 3108 C: <-> \Device\Harddisk0\DR0\Partition2
21:29:15.0059 3108 D: <-> \Device\Harddisk0\DR0\Partition1
21:29:15.0094 3108 K: <-> \Device\Harddisk5\DR5\Partition1
21:29:15.0094 3108 ============================================================
21:29:15.0095 3108 Initialize success
21:29:15.0095 3108 ============================================================
21:29:34.0030 1652 ============================================================
21:29:34.0030 1652 Scan started
21:29:34.0030 1652 Mode: Manual;
21:29:34.0030 1652 ============================================================
21:29:34.0901 1652 ================ Scan services =============================
21:29:35.0007 1652 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:29:35.0008 1652 ACDaemon - ok
21:29:35.0101 1652 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:29:35.0105 1652 ACPI - ok
21:29:35.0185 1652 [ c245e08ec469a52a622efdc9787a0dcc ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
21:29:35.0186 1652 AdobeActiveFileMonitor10.0 - ok
21:29:35.0257 1652 [ 177ff6608b48638d4066726f3a3f8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
21:29:35.0258 1652 AdobeActiveFileMonitor5.0 - ok
21:29:35.0322 1652 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:35.0323 1652 AdobeARMservice - ok
21:29:35.0380 1652 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:29:35.0397 1652 adp94xx - ok
21:29:35.0439 1652 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:29:35.0444 1652 adpahci - ok
21:29:35.0464 1652 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:29:35.0466 1652 adpu160m - ok
21:29:35.0481 1652 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:29:35.0485 1652 adpu320 - ok
21:29:35.0518 1652 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:29:35.0519 1652 AeLookupSvc - ok
21:29:35.0619 1652 [ 0d0e5281784c2c526ba43c2ecd374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
21:29:35.0619 1652 Afc - ok
21:29:35.0670 1652 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
21:29:35.0675 1652 AFD - ok
21:29:35.0710 1652 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:29:35.0712 1652 agp440 - ok
21:29:35.0731 1652 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:29:35.0733 1652 aic78xx - ok
21:29:35.0750 1652 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
21:29:35.0751 1652 ALG - ok
21:29:35.0762 1652 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
21:29:35.0763 1652 aliide - ok
21:29:35.0803 1652 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
21:29:35.0804 1652 amdide - ok
21:29:35.0824 1652 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:29:35.0825 1652 AmdK8 - ok
21:29:35.0875 1652 [ dc45ab27932447b598848b10650313c5 ] APC UPS Service C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
21:29:35.0876 1652 APC UPS Service - ok
21:29:35.0974 1652 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
21:29:35.0975 1652 Appinfo - ok
21:29:36.0076 1652 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
21:29:36.0117 1652 arc - ok
21:29:36.0158 1652 [ 29e7252fa743b15bce1a2245c5643a02 ] archlp C:\Windows\syswow64\drivers\archlp.sys
21:29:36.0160 1652 archlp - ok
21:29:36.0193 1652 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:29:36.0195 1652 arcsas - ok
21:29:36.0246 1652 Aspi32 - ok
21:29:36.0328 1652 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:29:36.0330 1652 aspnet_state - ok
21:29:36.0365 1652 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:36.0366 1652 AsyncMac - ok
21:29:36.0394 1652 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
21:29:36.0394 1652 atapi - ok
21:29:36.0457 1652 [ 18985fee743da6f1ae382bdf7d889430 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:29:36.0464 1652 Ati External Event Utility - ok
21:29:36.0590 1652 [ 3471469d4a85564cdd72e4459d106f0b ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:36.0664 1652 atikmdag - ok
21:29:36.0715 1652 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:29:36.0719 1652 AudioEndpointBuilder - ok
21:29:36.0732 1652 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:29:36.0735 1652 AudioSrv - ok
21:29:36.0770 1652 [ 1777e5ac9fc74f7991b2aba25ea34759 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:36.0774 1652 b57nd60a - ok
21:29:36.0805 1652 [ a2160c5d70f3517fc7356b689abd6fcd ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
21:29:36.0822 1652 BCM43XV - ok
21:29:36.0827 1652 Beep - ok
21:29:36.0876 1652 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
21:29:36.0879 1652 BFE - ok
21:29:37.0076 1652 [ e99f59342171101ee2446d0cd1a60a8d ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
21:29:37.0101 1652 BHDrvx64 - ok
21:29:37.0180 1652 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
21:29:37.0188 1652 BITS - ok
21:29:37.0211 1652 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:29:37.0213 1652 blbdrive - ok
21:29:37.0240 1652 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:29:37.0242 1652 bowser - ok
21:29:37.0277 1652 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:29:37.0278 1652 BrFiltLo - ok
21:29:37.0298 1652 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:29:37.0299 1652 BrFiltUp - ok
21:29:37.0347 1652 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
21:29:37.0348 1652 Browser - ok
21:29:37.0380 1652 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
21:29:37.0381 1652 Brserid - ok
21:29:37.0393 1652 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:29:37.0394 1652 BrSerWdm - ok
21:29:37.0413 1652 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:29:37.0414 1652 BrUsbMdm - ok
21:29:37.0425 1652 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:29:37.0426 1652 BrUsbSer - ok
21:29:37.0452 1652 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:29:37.0453 1652 BTHMODEM - ok
21:29:37.0475 1652 catchme - ok
21:29:37.0509 1652 [ 797c36e597f9fc4efd88e6e0e98abe37 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
21:29:37.0515 1652 CAXHWBS2 - ok
21:29:37.0600 1652 [ 0e1737a63aec0f6de231bb59836c0a11 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
21:29:37.0603 1652 ccSet_N360 - ok
21:29:37.0615 1652 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:29:37.0617 1652 cdfs - ok
21:29:37.0643 1652 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:29:37.0646 1652 cdrom - ok
21:29:37.0669 1652 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
21:29:37.0670 1652 CertPropSvc - ok
21:29:37.0680 1652 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:29:37.0682 1652 circlass - ok
21:29:37.0707 1652 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
21:29:37.0713 1652 CLFS - ok
21:29:37.0774 1652 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:37.0776 1652 clr_optimization_v2.0.50727_32 - ok
21:29:37.0824 1652 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:29:37.0826 1652 clr_optimization_v2.0.50727_64 - ok
21:29:37.0912 1652 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:37.0914 1652 clr_optimization_v4.0.30319_32 - ok
21:29:37.0970 1652 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:29:37.0972 1652 clr_optimization_v4.0.30319_64 - ok
21:29:38.0009 1652 [ b52d9a14ce4101577900a364ba86f3df ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:38.0010 1652 CmBatt - ok
21:29:38.0023 1652 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:29:38.0025 1652 cmdide - ok
21:29:38.0031 1652 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:29:38.0032 1652 Compbatt - ok
21:29:38.0037 1652 COMSysApp - ok
21:29:38.0044 1652 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:29:38.0046 1652 crcdisk - ok
21:29:38.0103 1652 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:29:38.0105 1652 CryptSvc - ok
21:29:38.0124 1652 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
21:29:38.0130 1652 DcomLaunch - ok
21:29:38.0174 1652 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:29:38.0175 1652 DfsC - ok
21:29:38.0266 1652 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
21:29:38.0338 1652 DFSR - ok
21:29:38.0399 1652 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:29:38.0401 1652 Dhcp - ok
21:29:38.0429 1652 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
21:29:38.0430 1652 disk - ok
21:29:38.0477 1652 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:29:38.0478 1652 Dnscache - ok
21:29:38.0504 1652 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
21:29:38.0507 1652 dot3svc - ok
21:29:38.0530 1652 [ 74c02b1717740c3b8039539e23e4b53f ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:29:38.0532 1652 Dot4 - ok
21:29:38.0568 1652 [ 08321d1860235bf42cf2854234337aea ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:29:38.0570 1652 Dot4Print - ok
21:29:38.0593 1652 [ 4adccf0124f2b6911d3786a5d0e779e5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:29:38.0594 1652 dot4usb - ok
21:29:38.0635 1652 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
21:29:38.0637 1652 DPS - ok
21:29:38.0674 1652 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:29:38.0675 1652 drmkaud - ok
21:29:38.0716 1652 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:29:38.0722 1652 DXGKrnl - ok
21:29:38.0777 1652 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:29:38.0781 1652 E1G60 - ok
21:29:38.0819 1652 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
21:29:38.0821 1652 EapHost - ok
21:29:38.0840 1652 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
21:29:38.0842 1652 Ecache - ok
21:29:38.0911 1652 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:29:38.0927 1652 eeCtrl - ok
21:29:38.0948 1652 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:29:38.0953 1652 ehRecvr - ok
21:29:38.0965 1652 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
21:29:38.0968 1652 ehSched - ok
21:29:38.0975 1652 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
21:29:38.0975 1652 ehstart - ok
21:29:38.0999 1652 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:29:39.0006 1652 elxstor - ok
21:29:39.0047 1652 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:29:39.0050 1652 EMDMgmt - ok
21:29:39.0131 1652 [ 757305c7ad34222f4a46d86fe0bee241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
21:29:39.0137 1652 EpsonCustomerParticipation - ok
21:29:39.0187 1652 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:29:39.0190 1652 EraserUtilRebootDrv - ok
21:29:39.0225 1652 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:29:39.0226 1652 ErrDev - ok
21:29:39.0285 1652 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
21:29:39.0288 1652 EventSystem - ok
21:29:39.0320 1652 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
21:29:39.0323 1652 exfat - ok
21:29:39.0360 1652 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:29:39.0364 1652 fastfat - ok
21:29:39.0374 1652 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:29:39.0376 1652 fdc - ok
21:29:39.0393 1652 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
21:29:39.0394 1652 fdPHost - ok
21:29:39.0406 1652 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
21:29:39.0407 1652 FDResPub - ok
21:29:39.0413 1652 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:29:39.0415 1652 FileInfo - ok
21:29:39.0451 1652 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:29:39.0452 1652 Filetrace - ok
21:29:39.0469 1652 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:39.0470 1652 flpydisk - ok
21:29:39.0495 1652 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:29:39.0499 1652 FltMgr - ok
21:29:39.0585 1652 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
21:29:39.0593 1652 FontCache - ok
21:29:39.0634 1652 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:39.0635 1652 FontCache3.0.0.0 - ok
21:29:39.0662 1652 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:29:39.0663 1652 Fs_Rec - ok
21:29:39.0676 1652 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:29:39.0678 1652 gagp30kx - ok
21:29:39.0722 1652 [ 3eafdd637416393722aa98e940dfd0a0 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
21:29:39.0725 1652 GameConsoleService - ok
21:29:39.0777 1652 [ af4dee5531395dee72b35b36c9671fd0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:29:39.0779 1652 GEARAspiWDM - ok
21:29:39.0813 1652 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
21:29:39.0819 1652 gpsvc - ok
21:29:39.0887 1652 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:39.0888 1652 gupdate - ok
21:29:39.0903 1652 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:29:39.0904 1652 gupdatem - ok
21:29:39.0960 1652 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:29:39.0963 1652 gusvc - ok
21:29:39.0996 1652 [ df45f8142dc6df9d18c39b3effbd0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:29:40.0001 1652 HdAudAddService - ok
21:29:40.0043 1652 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:40.0060 1652 HDAudBus - ok
21:29:40.0110 1652 [ 68214c82fa6222591873677a72df2a66 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:40.0111 1652 HidBatt - ok
21:29:40.0122 1652 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:29:40.0124 1652 HidBth - ok
21:29:40.0135 1652 [ 5f47839455d01ff6403b008d481a6f5b ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:29:40.0136 1652 HidIr - ok
21:29:40.0161 1652 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
21:29:40.0162 1652 hidserv - ok
21:29:40.0193 1652 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:29:40.0194 1652 HidUsb - ok
21:29:40.0216 1652 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
21:29:40.0219 1652 hkmsvc - ok
21:29:40.0250 1652 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:29:40.0251 1652 HpCISSs - ok
21:29:40.0328 1652 [ fcb563b0a23643e5f80b6ff1e60f610f ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:29:40.0331 1652 hpqcxs08 - ok
21:29:40.0339 1652 [ 25e443e27165c652723a92d9bdfd4649 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:29:40.0341 1652 hpqddsvc - ok
21:29:40.0406 1652 [ 1e260b33f6555146a0b826f047238c00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:29:40.0430 1652 HSF_DPV - ok
21:29:40.0464 1652 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:29:40.0482 1652 HTTP - ok
21:29:40.0500 1652 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:29:40.0502 1652 i2omp - ok
21:29:40.0535 1652 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:40.0537 1652 i8042prt - ok
21:29:40.0557 1652 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:29:40.0561 1652 iaStorV - ok
21:29:40.0635 1652 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:40.0651 1652 idsvc - ok
21:29:40.0729 1652 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120813.001\IDSvia64.sys
21:29:40.0746 1652 IDSVia64 - ok
21:29:40.0768 1652 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:29:40.0770 1652 iirsp - ok
21:29:40.0806 1652 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
21:29:40.0810 1652 IKEEXT - ok
21:29:40.0848 1652 [ e28d6b50a12bfa3df0bd7c31e19599f3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:29:40.0873 1652 IntcAzAudAddService - ok
21:29:40.0908 1652 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
21:29:40.0909 1652 intelide - ok
21:29:40.0925 1652 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:29:40.0927 1652 intelppm - ok
21:29:40.0949 1652 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:29:40.0951 1652 IPBusEnum - ok
21:29:40.0984 1652 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:40.0986 1652 IpFilterDriver - ok
21:29:41.0013 1652 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:29:41.0015 1652 iphlpsvc - ok
21:29:41.0020 1652 IpInIp - ok
21:29:41.0042 1652 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:29:41.0044 1652 IPMIDRV - ok
21:29:41.0062 1652 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:29:41.0064 1652 IPNAT - ok
21:29:41.0086 1652 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:29:41.0087 1652 IRENUM - ok
21:29:41.0124 1652 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:29:41.0125 1652 isapnp - ok
21:29:41.0167 1652 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:29:41.0168 1652 iScsiPrt - ok
21:29:41.0181 1652 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:29:41.0182 1652 iteatapi - ok
21:29:41.0213 1652 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:29:41.0214 1652 iteraid - ok
21:29:41.0233 1652 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:41.0235 1652 kbdclass - ok
21:29:41.0258 1652 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:41.0259 1652 kbdhid - ok
21:29:41.0282 1652 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
21:29:41.0283 1652 KeyIso - ok
21:29:41.0317 1652 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:29:41.0333 1652 KSecDD - ok
21:29:41.0391 1652 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:29:41.0392 1652 ksthunk - ok
21:29:41.0441 1652 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
21:29:41.0444 1652 KtmRm - ok
21:29:41.0497 1652 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:29:41.0499 1652 LanmanServer - ok
21:29:41.0555 1652 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:29:41.0557 1652 LanmanWorkstation - ok
21:29:41.0597 1652 [ dfeff67508d3a9aeb1a85d7b0f513b24 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:29:41.0599 1652 LightScribeService - ok
21:29:41.0606 1652 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:29:41.0608 1652 lltdio - ok
21:29:41.0632 1652 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:29:41.0635 1652 lltdsvc - ok
21:29:41.0646 1652 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:29:41.0647 1652 lmhosts - ok
21:29:41.0691 1652 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:29:41.0694 1652 LSI_FC - ok
21:29:41.0730 1652 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:29:41.0732 1652 LSI_SAS - ok
21:29:41.0749 1652 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:29:41.0751 1652 LSI_SCSI - ok
21:29:41.0770 1652 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
21:29:41.0772 1652 luafv - ok
21:29:41.0790 1652 LVcKap64 - ok
21:29:41.0830 1652 [ b2085e335f2b57077b0cbadb6f1245cd ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys
21:29:41.0834 1652 lvpopf64 - ok
21:29:41.0882 1652 [ ded333dbdbbcc3555a6e6244522e2f1a ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:29:41.0882 1652 LVPr2M64 - ok
21:29:41.0904 1652 [ ded333dbdbbcc3555a6e6244522e2f1a ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:29:41.0905 1652 LVPr2Mon - ok
21:29:41.0977 1652 [ a35679e56e78091e1042a2d7adbf2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:29:41.0979 1652 LVPrcS64 - ok
21:29:41.0993 1652 [ 986c1cb787a007baa5f74e7d316d7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:29:41.0998 1652 LVRS64 - ok
21:29:42.0020 1652 [ f1cc5f4341df18da482531e55e0bb074 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
21:29:42.0021 1652 LVUSBS64 - ok
21:29:42.0137 1652 [ 5747bc465abea2858c5d037252aed84e ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:29:42.0253 1652 LVUVC64 - ok
21:29:42.0272 1652 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:29:42.0275 1652 Mcx2Svc - ok
21:29:42.0299 1652 [ e4f44ec214b3e381e1fc844a02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:29:42.0301 1652 mdmxsdk - ok
21:29:42.0343 1652 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
21:29:42.0345 1652 megasas - ok
21:29:42.0378 1652 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:29:42.0385 1652 MegaSR - ok
21:29:42.0438 1652 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:29:42.0440 1652 Microsoft Office Groove Audit Service - ok
21:29:42.0445 1652 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
21:29:42.0446 1652 MMCSS - ok
21:29:42.0457 1652 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
21:29:42.0458 1652 Modem - ok
21:29:42.0500 1652 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:29:42.0501 1652 monitor - ok
21:29:42.0517 1652 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:29:42.0518 1652 mouclass - ok
21:29:42.0556 1652 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:29:42.0557 1652 mouhid - ok
21:29:42.0565 1652 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:29:42.0567 1652 MountMgr - ok
21:29:42.0600 1652 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
21:29:42.0603 1652 mpio - ok
21:29:42.0621 1652 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:29:42.0623 1652 mpsdrv - ok
21:29:42.0647 1652 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
21:29:42.0653 1652 MpsSvc - ok
21:29:42.0674 1652 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:29:42.0676 1652 Mraid35x - ok
21:29:42.0707 1652 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:29:42.0709 1652 MRxDAV - ok
21:29:42.0777 1652 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:42.0780 1652 mrxsmb - ok
21:29:42.0810 1652 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:42.0815 1652 mrxsmb10 - ok
21:29:42.0821 1652 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:42.0823 1652 mrxsmb20 - ok
21:29:42.0840 1652 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
21:29:42.0841 1652 msahci - ok
21:29:42.0858 1652 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:29:42.0861 1652 msdsm - ok
21:29:42.0881 1652 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
21:29:42.0883 1652 MSDTC - ok
21:29:42.0902 1652 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:29:42.0903 1652 Msfs - ok
21:29:42.0932 1652 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:29:42.0934 1652 msisadrv - ok
21:29:42.0958 1652 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:29:42.0963 1652 MSiSCSI - ok
21:29:42.0970 1652 msiserver - ok
21:29:43.0012 1652 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:29:43.0013 1652 MSKSSRV - ok
21:29:43.0045 1652 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:43.0046 1652 MSPCLOCK - ok
21:29:43.0063 1652 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:29:43.0064 1652 MSPQM - ok
21:29:43.0088 1652 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:29:43.0092 1652 MsRPC - ok
21:29:43.0131 1652 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:29:43.0132 1652 mssmbios - ok
21:29:43.0148 1652 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:29:43.0149 1652 MSTEE - ok
21:29:43.0166 1652 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
21:29:43.0167 1652 Mup - ok
21:29:43.0257 1652 [ c6948f034d7edabcfa2234d399fc78bc ] N360 C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
21:29:43.0258 1652 N360 - ok
21:29:43.0277 1652 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
21:29:43.0281 1652 napagent - ok
21:29:43.0326 1652 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:29:43.0329 1652 NativeWifiP - ok
21:29:43.0407 1652 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120814.002\ENG64.SYS
21:29:43.0408 1652 NAVENG - ok
21:29:43.0451 1652 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120814.002\EX64.SYS
21:29:43.0465 1652 NAVEX15 - ok
21:29:43.0520 1652 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:29:43.0525 1652 NDIS - ok
21:29:43.0532 1652 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:43.0533 1652 NdisTapi - ok
21:29:43.0546 1652 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:43.0547 1652 Ndisuio - ok
21:29:43.0570 1652 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:43.0573 1652 NdisWan - ok
21:29:43.0580 1652 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:29:43.0582 1652 NDProxy - ok
21:29:43.0629 1652 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:29:43.0631 1652 Net Driver HPZ12 - ok
21:29:43.0657 1652 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:29:43.0661 1652 NetBIOS - ok
21:29:43.0678 1652 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:29:43.0695 1652 netbt - ok
21:29:43.0749 1652 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
21:29:43.0750 1652 Netlogon - ok
21:29:43.0770 1652 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
21:29:43.0774 1652 Netman - ok
21:29:43.0836 1652 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:43.0839 1652 NetMsmqActivator - ok
21:29:43.0844 1652 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:43.0846 1652 NetPipeActivator - ok
21:29:43.0869 1652 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
21:29:43.0872 1652 netprofm - ok
21:29:43.0878 1652 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:43.0879 1652 NetTcpActivator - ok
21:29:43.0884 1652 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:29:43.0886 1652 NetTcpPortSharing - ok
21:29:43.0908 1652 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:29:43.0909 1652 nfrd960 - ok
21:29:43.0926 1652 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
21:29:43.0928 1652 NlaSvc - ok
21:29:43.0944 1652 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:29:43.0945 1652 Npfs - ok
21:29:43.0962 1652 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
21:29:43.0963 1652 nsi - ok
21:29:43.0976 1652 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:29:43.0978 1652 nsiproxy - ok
21:29:44.0020 1652 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:29:44.0030 1652 Ntfs - ok
21:29:44.0036 1652 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
21:29:44.0038 1652 Null - ok
21:29:44.0056 1652 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:29:44.0058 1652 nvraid - ok
21:29:44.0072 1652 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:29:44.0073 1652 nvstor - ok
21:29:44.0089 1652 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:29:44.0090 1652 nv_agp - ok
21:29:44.0095 1652 NwlnkFlt - ok
21:29:44.0101 1652 NwlnkFwd - ok
21:29:44.0200 1652 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:44.0203 1652 odserv - ok
21:29:44.0250 1652 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:29:44.0251 1652 ohci1394 - ok
21:29:44.0283 1652 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:44.0285 1652 ose - ok
21:29:44.0324 1652 [ bbd46a3539276fd5e55d2b55daadabcd ] OV550I C:\Windows\system32\Drivers\OVTX16.sys
21:29:44.0325 1652 OV550I - ok
21:29:44.0359 1652 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:29:44.0376 1652 p2pimsvc - ok
21:29:44.0398 1652 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
21:29:44.0407 1652 p2psvc - ok
21:29:44.0429 1652 [ 4c6a7fd04ddf4db88791048382e3edb1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:29:44.0432 1652 Parport - ok
21:29:44.0452 1652 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:29:44.0454 1652 partmgr - ok
21:29:44.0478 1652 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
21:29:44.0480 1652 PcaSvc - ok
21:29:44.0493 1652 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
21:29:44.0496 1652 pci - ok
21:29:44.0539 1652 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
21:29:44.0540 1652 pciide - ok
21:29:44.0574 1652 [ a2d6b9c3f532baa27cb0c158d8ef4da6 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:44.0578 1652 pcmcia - ok
21:29:44.0601 1652 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:29:44.0618 1652 PEAUTH - ok
21:29:44.0673 1652 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:29:44.0675 1652 PerfHost - ok
21:29:44.0755 1652 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
21:29:44.0781 1652 pla - ok
21:29:44.0809 1652 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:29:44.0812 1652 PlugPlay - ok
21:29:44.0836 1652 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:29:44.0837 1652 Pml Driver HPZ12 - ok
21:29:44.0851 1652 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:29:44.0857 1652 PNRPAutoReg - ok
21:29:44.0871 1652 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:29:44.0877 1652 PNRPsvc - ok
21:29:44.0905 1652 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:29:44.0922 1652 PolicyAgent - ok
21:29:44.0948 1652 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:29:44.0950 1652 PptpMiniport - ok
21:29:44.0965 1652 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:29:44.0966 1652 Processor - ok
21:29:44.0994 1652 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
21:29:44.0997 1652 ProfSvc - ok
21:29:45.0007 1652 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
21:29:45.0008 1652 ProtectedStorage - ok
21:29:45.0026 1652 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:29:45.0027 1652 PSched - ok
21:29:45.0047 1652 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:29:45.0049 1652 PxHlpa64 - ok
21:29:45.0092 1652 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:29:45.0116 1652 ql2300 - ok
21:29:45.0141 1652 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:29:45.0143 1652 ql40xx - ok
21:29:45.0171 1652 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
21:29:45.0175 1652 QWAVE - ok
21:29:45.0191 1652 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:29:45.0192 1652 QWAVEdrv - ok
21:29:45.0306 1652 [ 3471469d4a85564cdd72e4459d106f0b ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:45.0337 1652 R300 - ok
21:29:45.0350 1652 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:29:45.0351 1652 RasAcd - ok
21:29:45.0389 1652 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
21:29:45.0392 1652 RasAuto - ok
21:29:45.0402 1652 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:45.0405 1652 Rasl2tp - ok
21:29:45.0423 1652 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
21:29:45.0426 1652 RasMan - ok
21:29:45.0447 1652 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:45.0449 1652 RasPppoe - ok
21:29:45.0474 1652 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:29:45.0476 1652 RasSstp - ok
21:29:45.0505 1652 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:29:45.0510 1652 rdbss - ok
21:29:45.0540 1652 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:45.0542 1652 RDPCDD - ok
21:29:45.0565 1652 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:29:45.0571 1652 rdpdr - ok
21:29:45.0576 1652 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:29:45.0577 1652 RDPENCDD - ok
21:29:45.0605 1652 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:29:45.0610 1652 RDPWD - ok
21:29:45.0658 1652 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:29:45.0661 1652 RemoteAccess - ok
21:29:45.0694 1652 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:29:45.0697 1652 RemoteRegistry - ok
21:29:45.0781 1652 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:29:45.0782 1652 RimUsb - ok
21:29:45.0800 1652 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
21:29:45.0802 1652 RpcLocator - ok
21:29:45.0832 1652 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
21:29:45.0837 1652 RpcSs - ok
21:29:45.0850 1652 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:29:45.0852 1652 rspndr - ok
21:29:45.0902 1652 [ 0328ffdf9d805723d0e420018136fa7b ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:29:45.0905 1652 RTHDMIAzAudService - ok
21:29:45.0916 1652 [ fe1d4924e1680a192f9617c5eca19c93 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
21:29:45.0917 1652 RTSTOR - ok
21:29:45.0932 1652 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
21:29:45.0933 1652 SamSs - ok
21:29:45.0947 1652 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:29:45.0949 1652 sbp2port - ok
21:29:45.0975 1652 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:29:45.0979 1652 SCardSvr - ok
21:29:46.0011 1652 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
21:29:46.0018 1652 Schedule - ok
21:29:46.0043 1652 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:29:46.0043 1652 SCPolicySvc - ok
21:29:46.0060 1652 [ b42ee50f7d24f837f925332eb349eca5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:29:46.0062 1652 sdbus - ok
21:29:46.0090 1652 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:29:46.0092 1652 SDRSVC - ok
21:29:46.0105 1652 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:29:46.0106 1652 secdrv - ok
21:29:46.0114 1652 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
21:29:46.0115 1652 seclogon - ok
21:29:46.0130 1652 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\system32\sens.dll
21:29:46.0132 1652 SENS - ok
21:29:46.0148 1652 [ 2449316316411d65bd2c761a6ffb2ce2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:29:46.0149 1652 Serenum - ok
21:29:46.0185 1652 [ 4b438170be2fc8e0bd35ee87a960f84f ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:29:46.0187 1652 Serial - ok
21:29:46.0199 1652 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:29:46.0201 1652 sermouse - ok
21:29:46.0223 1652 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
21:29:46.0225 1652 SessionEnv - ok
21:29:46.0236 1652 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:29:46.0237 1652 sffdisk - ok
21:29:46.0251 1652 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:29:46.0252 1652 sffp_mmc - ok
21:29:46.0257 1652 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:29:46.0258 1652 sffp_sd - ok
21:29:46.0302 1652 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:29:46.0304 1652 sfloppy - ok
21:29:46.0333 1652 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:29:46.0338 1652 SharedAccess - ok
21:29:46.0382 1652 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:29:46.0386 1652 ShellHWDetection - ok
21:29:46.0403 1652 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:29:46.0405 1652 SiSRaid2 - ok
21:29:46.0424 1652 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:29:46.0426 1652 SiSRaid4 - ok
21:29:46.0483 1652 [ 579ba0a911ff5ea70cb604cd3b744b0a ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:29:46.0486 1652 SkypeUpdate - ok
21:29:46.0551 1652 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
21:29:46.0569 1652 slsvc - ok
21:29:46.0592 1652 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:29:46.0594 1652 SLUINotify - ok
21:29:46.0611 1652 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:29:46.0614 1652 Smb - ok
21:29:46.0627 1652 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:29:46.0629 1652 SNMPTRAP - ok
21:29:46.0647 1652 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
21:29:46.0649 1652 spldr - ok
21:29:46.0680 1652 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
21:29:46.0683 1652 Spooler - ok
21:29:46.0730 1652 [ 06b9a7ba94356ec5207c5ddb59540378 ] SRTSP C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
21:29:46.0735 1652 SRTSP - ok
21:29:46.0777 1652 [ fbb8945a61e55a2345d12487c74a9d76 ] SRTSPX C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
21:29:46.0778 1652 SRTSPX - ok
21:29:46.0806 1652 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
21:29:46.0814 1652 srv - ok
21:29:46.0875 1652 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:29:46.0878 1652 srv2 - ok
21:29:46.0898 1652 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:29:46.0900 1652 srvnet - ok
21:29:46.0916 1652 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:29:46.0919 1652 SSDPSRV - ok
21:29:46.0969 1652 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:29:46.0972 1652 SstpSvc - ok
21:29:47.0023 1652 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
21:29:47.0040 1652 stisvc - ok
21:29:47.0059 1652 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:29:47.0061 1652 swenum - ok
21:29:47.0089 1652 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
21:29:47.0094 1652 swprv - ok
21:29:47.0106 1652 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:29:47.0108 1652 Symc8xx - ok
21:29:47.0162 1652 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
21:29:47.0169 1652 SymDS - ok
21:29:47.0214 1652 [ f90c7a190399165d3ab2245048d34786 ] SymEFA C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
21:29:47.0240 1652 SymEFA - ok
21:29:47.0279 1652 [ 898bb48c797483420df523b2bbc1ecdb ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:29:47.0283 1652 SymEvent - ok
21:29:47.0307 1652 SYMFW - ok
21:29:47.0317 1652 SymIMMP - ok
21:29:47.0353 1652 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
21:29:47.0357 1652 SymIRON - ok
21:29:47.0361 1652 SYMNDISV - ok
21:29:47.0378 1652 [ a25fee245c78804601d83431386a0bee ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0602010.005\SYMTDIV.SYS
21:29:47.0394 1652 SYMTDIv - ok
21:29:47.0407 1652 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:29:47.0409 1652 Sym_hi - ok
21:29:47.0426 1652 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:29:47.0428 1652 Sym_u3 - ok
21:29:47.0467 1652 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
21:29:47.0475 1652 SysMain - ok
21:29:47.0485 1652 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:29:47.0488 1652 TabletInputService - ok
21:29:47.0523 1652 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:29:47.0526 1652 TapiSrv - ok
21:29:47.0539 1652 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
21:29:47.0541 1652 TBS - ok
21:29:47.0592 1652 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:29:47.0602 1652 Tcpip - ok
21:29:47.0633 1652 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:29:47.0643 1652 Tcpip6 - ok
21:29:47.0666 1652 [ c7e72a4071ee0200e3c075dacfb2b334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:29:47.0667 1652 tcpipreg - ok
21:29:47.0680 1652 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:29:47.0687 1652 TDPIPE - ok
21:29:47.0735 1652 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:29:47.0736 1652 TDTCP - ok
21:29:47.0757 1652 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:29:47.0759 1652 tdx - ok
21:29:47.0783 1652 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:29:47.0784 1652 TermDD - ok
21:29:47.0817 1652 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
21:29:47.0822 1652 TermService - ok
21:29:47.0841 1652 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
21:29:47.0844 1652 Themes - ok
21:29:47.0866 1652 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
21:29:47.0867 1652 THREADORDER - ok
21:29:47.0879 1652 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
21:29:47.0882 1652 TrkWks - ok
21:29:47.0907 1652 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:29:47.0908 1652 TrustedInstaller - ok
21:29:47.0928 1652 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:47.0929 1652 tssecsrv - ok
21:29:47.0942 1652 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:29:47.0943 1652 tunmp - ok
21:29:47.0988 1652 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:29:48.0007 1652 tunnel - ok
21:29:48.0079 1652 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:29:48.0122 1652 uagp35 - ok
21:29:48.0164 1652 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:29:48.0220 1652 udfs - ok
21:29:48.0247 1652 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:29:48.0249 1652 UI0Detect - ok
21:29:48.0294 1652 [ 332d341d92b933600d41953b08360dfb ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:29:48.0294 1652 UleadBurningHelper - ok
21:29:48.0311 1652 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:29:48.0313 1652 uliagpkx - ok
21:29:48.0329 1652 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:29:48.0334 1652 uliahci - ok
21:29:48.0350 1652 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:29:48.0353 1652 UlSata - ok
21:29:48.0367 1652 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:29:48.0370 1652 ulsata2 - ok
21:29:48.0387 1652 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:29:48.0388 1652 umbus - ok
21:29:48.0402 1652 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
21:29:48.0407 1652 upnphost - ok
21:29:48.0432 1652 [ c6ba890de6e41857fbe84175519cae7d ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:29:48.0434 1652 usbaudio - ok
21:29:48.0476 1652 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:48.0478 1652 usbccgp - ok
21:29:48.0498 1652 [ 8c39d53e1a343f4c47ee8f3c052126d8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:29:48.0500 1652 usbcir - ok
21:29:48.0522 1652 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:29:48.0524 1652 usbehci - ok
21:29:48.0549 1652 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:29:48.0554 1652 usbhub - ok
21:29:48.0570 1652 [ e406b003a354776d317762694956b0fc ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:29:48.0571 1652 usbohci - ok
21:29:48.0591 1652 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:29:48.0592 1652 usbprint - ok
21:29:48.0637 1652 [ ea0bf666868964fbe8cb10e50c97b9f1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:29:48.0639 1652 usbscan - ok
21:29:48.0666 1652 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:48.0668 1652 USBSTOR - ok
21:29:48.0679 1652 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:29:48.0686 1652 usbuhci - ok
21:29:48.0751 1652 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
21:29:48.0753 1652 UxSms - ok
21:29:48.0786 1652 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
21:29:48.0791 1652 vds - ok
21:29:48.0804 1652 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:48.0805 1652 vga - ok
21:29:48.0810 1652 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:29:48.0811 1652 VgaSave - ok
21:29:48.0827 1652 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
21:29:48.0829 1652 viaide - ok
21:29:48.0846 1652 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:29:48.0847 1652 volmgr - ok
21:29:48.0874 1652 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:29:48.0880 1652 volmgrx - ok
21:29:48.0902 1652 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:29:48.0907 1652 volsnap - ok
21:29:48.0930 1652 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:29:48.0933 1652 vsmraid - ok
21:29:48.0972 1652 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
21:29:48.0999 1652 VSS - ok
21:29:49.0015 1652 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
21:29:49.0019 1652 W32Time - ok
21:29:49.0041 1652 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:29:49.0043 1652 WacomPen - ok
21:29:49.0060 1652 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:29:49.0062 1652 Wanarp - ok
21:29:49.0067 1652 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:29:49.0069 1652 Wanarpv6 - ok
21:29:49.0121 1652 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:29:49.0137 1652 wcncsvc - ok
21:29:49.0159 1652 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:29:49.0161 1652 WcsPlugInService - ok
21:29:49.0180 1652 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
21:29:49.0182 1652 Wd - ok
21:29:49.0207 1652 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:29:49.0224 1652 Wdf01000 - ok
21:29:49.0232 1652 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:29:49.0234 1652 WdiServiceHost - ok
21:29:49.0238 1652 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:29:49.0240 1652 WdiSystemHost - ok
21:29:49.0254 1652 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
21:29:49.0257 1652 WebClient - ok
21:29:49.0276 1652 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:29:49.0281 1652 Wecsvc - ok
21:29:49.0295 1652 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:29:49.0297 1652 wercplsupport - ok
21:29:49.0307 1652 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
21:29:49.0309 1652 WerSvc - ok
21:29:49.0345 1652 [ cbdeb4b3b5cf8c49acc221d45f1c50c1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:29:49.0363 1652 winachsf - ok
21:29:49.0370 1652 WinDefend - ok
21:29:49.0378 1652 WinHttpAutoProxySvc - ok
21:29:49.0430 1652 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:29:49.0432 1652 Winmgmt - ok
21:29:49.0480 1652 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
21:29:49.0514 1652 WinRM - ok
21:29:49.0552 1652 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:29:49.0557 1652 Wlansvc - ok
21:29:49.0673 1652 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:49.0688 1652 wlidsvc - ok
21:29:49.0699 1652 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:29:49.0701 1652 WmiAcpi - ok
21:29:49.0729 1652 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:29:49.0731 1652 wmiApSrv - ok
21:29:49.0745 1652 WMPNetworkSvc - ok
21:29:49.0769 1652 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:29:49.0773 1652 WPCSvc - ok
21:29:49.0796 1652 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:29:49.0799 1652 WPDBusEnum - ok
21:29:49.0825 1652 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:29:49.0826 1652 WpdUsb - ok
21:29:49.0912 1652 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:29:49.0919 1652 WPFFontCache_v0400 - ok
21:29:49.0927 1652 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:29:49.0928 1652 ws2ifsl - ok
21:29:49.0953 1652 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\system32\wscsvc.dll
21:29:49.0955 1652 wscsvc - ok
21:29:49.0960 1652 WSearch - ok
21:29:50.0032 1652 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:29:50.0059 1652 wuauserv - ok
21:29:50.0099 1652 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:50.0102 1652 WUDFRd - ok
21:29:50.0133 1652 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:29:50.0135 1652 wudfsvc - ok
21:29:50.0153 1652 [ 2f2ce5e47b014f52bc722ae28b19cbf3 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
21:29:50.0154 1652 XAudio - ok
21:29:50.0172 1652 [ a337887a4e3396a3ea5d6e54fa431c84 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
21:29:50.0181 1652 XAudioService - ok
21:29:50.0221 1652 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:29:50.0239 1652 YahooAUService - ok
21:29:50.0265 1652 [ 2ae06b41b36549fabf0886b2af89a599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
21:29:50.0268 1652 yukonx64 - ok
21:29:50.0272 1652 ================ Scan global ===============================
21:29:50.0323 1652 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
21:29:50.0349 1652 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
21:29:50.0373 1652 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
21:29:50.0401 1652 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
21:29:50.0405 1652 [Global] - ok
21:29:50.0405 1652 ================ Scan MBR ==================================
21:29:50.0420 1652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:29:50.0612 1652 \Device\Harddisk0\DR0 - ok
21:29:50.0617 1652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
21:29:50.0624 1652 \Device\Harddisk5\DR5 - ok
21:29:50.0624 1652 ================ Scan VBR ==================================
21:29:50.0628 1652 Boot (0x1200) (98d111df26fbb4dc4a497776e6fe4243) \Device\Harddisk0\DR0\Partition1
21:29:50.0629 1652 \Device\Harddisk0\DR0\Partition1 - ok
21:29:50.0633 1652 Boot (0x1200) (7d04666a4010b04f5664bd6b07b5a662) \Device\Harddisk0\DR0\Partition2
21:29:50.0635 1652 \Device\Harddisk0\DR0\Partition2 - ok
21:29:50.0640 1652 Boot (0x1200) (4fc8afef160ccf65633ecf2ee9e63f12) \Device\Harddisk5\DR5\Partition1
21:29:50.0644 1652 \Device\Harddisk5\DR5\Partition1 - ok
21:29:50.0645 1652 ============================================================
21:29:50.0645 1652 Scan finished
21:29:50.0645 1652 ============================================================
21:29:50.0656 2712 Detected object count: 0
21:29:50.0656 2712 Actual detected object count: 0
21:30:16.0084 4088 ============================================================
21:30:16.0084 4088 Scan started
21:30:16.0084 4088 Mode: Manual;
21:30:16.0084 4088 ============================================================
21:30:16.0404 4088 ================ Scan services =============================
21:30:16.0470 4088 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:30:16.0471 4088 ACDaemon - ok
21:30:16.0573 4088 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:30:16.0575 4088 ACPI - ok
21:30:16.0623 4088 [ c245e08ec469a52a622efdc9787a0dcc ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
21:30:16.0625 4088 AdobeActiveFileMonitor10.0 - ok
21:30:16.0662 4088 [ 177ff6608b48638d4066726f3a3f8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
21:30:16.0663 4088 AdobeActiveFileMonitor5.0 - ok
21:30:16.0694 4088 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:30:16.0694 4088 AdobeARMservice - ok
21:30:16.0726 4088 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:30:16.0729 4088 adp94xx - ok
21:30:16.0752 4088 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:30:16.0755 4088 adpahci - ok
21:30:16.0769 4088 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:30:16.0770 4088 adpu160m - ok
21:30:16.0786 4088 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:30:16.0788 4088 adpu320 - ok
21:30:16.0808 4088 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:30:16.0809 4088 AeLookupSvc - ok
21:30:16.0899 4088 [ 0d0e5281784c2c526ba43c2ecd374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
21:30:16.0899 4088 Afc - ok
21:30:16.0933 4088 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
21:30:16.0936 4088 AFD - ok
21:30:16.0948 4088 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:30:16.0949 4088 agp440 - ok
21:30:16.0969 4088 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:30:16.0970 4088 aic78xx - ok
21:30:16.0988 4088 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
21:30:16.0989 4088 ALG - ok
21:30:17.0000 4088 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
21:30:17.0001 4088 aliide - ok
21:30:17.0008 4088 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
21:30:17.0008 4088 amdide - ok
21:30:17.0029 4088 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:30:17.0030 4088 AmdK8 - ok
21:30:17.0063 4088 [ dc45ab27932447b598848b10650313c5 ] APC UPS Service C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
21:30:17.0065 4088 APC UPS Service - ok
21:30:17.0079 4088 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
21:30:17.0080 4088 Appinfo - ok
21:30:17.0106 4088 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
21:30:17.0107 4088 arc - ok
21:30:17.0138 4088 [ 29e7252fa743b15bce1a2245c5643a02 ] archlp C:\Windows\syswow64\drivers\archlp.sys
21:30:17.0139 4088 archlp - ok
21:30:17.0156 4088 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:30:17.0157 4088 arcsas - ok
21:30:17.0176 4088 Aspi32 - ok
21:30:17.0250 4088 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:30:17.0251 4088 aspnet_state - ok
21:30:17.0261 4088 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:17.0262 4088 AsyncMac - ok
21:30:17.0291 4088 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
21:30:17.0291 4088 atapi - ok
21:30:17.0329 4088 [ 18985fee743da6f1ae382bdf7d889430 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:30:17.0335 4088 Ati External Event Utility - ok
21:30:17.0436 4088 [ 3471469d4a85564cdd72e4459d106f0b ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:30:17.0470 4088 atikmdag - ok
21:30:17.0495 4088 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:30:17.0499 4088 AudioEndpointBuilder - ok
21:30:17.0512 4088 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:30:17.0515 4088 AudioSrv - ok
21:30:17.0534 4088 [ 1777e5ac9fc74f7991b2aba25ea34759 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:30:17.0535 4088 b57nd60a - ok
21:30:17.0568 4088 [ a2160c5d70f3517fc7356b689abd6fcd ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
21:30:17.0572 4088 BCM43XV - ok
21:30:17.0577 4088 Beep - ok
21:30:17.0614 4088 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
21:30:17.0617 4088 BFE - ok
21:30:17.0762 4088 [ e99f59342171101ee2446d0cd1a60a8d ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
21:30:17.0771 4088 BHDrvx64 - ok
21:30:17.0810 4088 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
21:30:17.0818 4088 BITS - ok
21:30:17.0841 4088 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:30:17.0842 4088 blbdrive - ok
21:30:17.0870 4088 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:30:17.0871 4088 bowser - ok
21:30:17.0882 4088 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:30:17.0882 4088 BrFiltLo - ok
21:30:17.0894 4088 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:30:17.0895 4088 BrFiltUp - ok
21:30:17.0919 4088 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
21:30:17.0920 4088 Browser - ok
21:30:17.0943 4088 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
21:30:17.0944 4088 Brserid - ok
21:30:17.0956 4088 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:30:17.0957 4088 BrSerWdm - ok
21:30:17.0976 4088 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:30:17.0976 4088 BrUsbMdm - ok
21:30:17.0988 4088 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:30:17.0989 4088 BrUsbSer - ok
21:30:18.0007 4088 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:30:18.0007 4088 BTHMODEM - ok
21:30:18.0013 4088 catchme - ok
21:30:18.0110 4088 [ 797c36e597f9fc4efd88e6e0e98abe37 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
21:30:18.0113 4088 CAXHWBS2 - ok
21:30:18.0205 4088 [ 0e1737a63aec0f6de231bb59836c0a11 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
21:30:18.0206 4088 ccSet_N360 - ok
21:30:18.0220 4088 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:30:18.0221 4088 cdfs - ok
21:30:18.0257 4088 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:30:18.0258 4088 cdrom - ok
21:30:18.0323 4088 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
21:30:18.0324 4088 CertPropSvc - ok
21:30:18.0360 4088 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:30:18.0361 4088 circlass - ok
21:30:18.0429 4088 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
21:30:18.0432 4088 CLFS - ok
21:30:18.0563 4088 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:18.0564 4088 clr_optimization_v2.0.50727_32 - ok
21:30:18.0604 4088 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:18.0605 4088 clr_optimization_v2.0.50727_64 - ok
21:30:18.0658 4088 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:18.0659 4088 clr_optimization_v4.0.30319_32 - ok
21:30:18.0683 4088 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:18.0684 4088 clr_optimization_v4.0.30319_64 - ok
21:30:18.0697 4088 [ b52d9a14ce4101577900a364ba86f3df ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:18.0698 4088 CmBatt - ok
21:30:18.0712 4088 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:30:18.0712 4088 cmdide - ok
21:30:18.0729 4088 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:30:18.0730 4088 Compbatt - ok
21:30:18.0734 4088 COMSysApp - ok
21:30:18.0741 4088 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:30:18.0742 4088 crcdisk - ok
21:30:18.0775 4088 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:30:18.0776 4088 CryptSvc - ok
21:30:18.0796 4088 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
21:30:18.0801 4088 DcomLaunch - ok
21:30:18.0854 4088 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:30:18.0855 4088 DfsC - ok
21:30:18.0927 4088 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
21:30:18.0950 4088 DFSR - ok
21:30:18.0996 4088 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:30:18.0998 4088 Dhcp - ok
21:30:19.0025 4088 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
21:30:19.0026 4088 disk - ok
21:30:19.0056 4088 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:30:19.0058 4088 Dnscache - ok
21:30:19.0084 4088 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
21:30:19.0086 4088 dot3svc - ok
21:30:19.0110 4088 [ 74c02b1717740c3b8039539e23e4b53f ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:30:19.0111 4088 Dot4 - ok
21:30:19.0123 4088 [ 08321d1860235bf42cf2854234337aea ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:30:19.0124 4088 Dot4Print - ok
21:30:19.0148 4088 [ 4adccf0124f2b6911d3786a5d0e779e5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:30:19.0148 4088 dot4usb - ok
21:30:19.0165 4088 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
21:30:19.0166 4088 DPS - ok
21:30:19.0187 4088 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:30:19.0188 4088 drmkaud - ok
21:30:19.0221 4088 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:30:19.0227 4088 DXGKrnl - ok
21:30:19.0249 4088 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:30:19.0250 4088 E1G60 - ok
21:30:19.0266 4088 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
21:30:19.0267 4088 EapHost - ok
21:30:19.0287 4088 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
21:30:19.0288 4088 Ecache - ok
21:30:19.0341 4088 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:30:19.0345 4088 eeCtrl - ok
21:30:19.0362 4088 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:30:19.0364 4088 ehRecvr - ok
21:30:19.0379 4088 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
21:30:19.0380 4088 ehSched - ok
21:30:19.0388 4088 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
21:30:19.0389 4088 ehstart - ok
21:30:19.0412 4088 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:30:19.0415 4088 elxstor - ok
21:30:19.0452 4088 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:30:19.0455 4088 EMDMgmt - ok
21:30:19.0511 4088 [ 757305c7ad34222f4a46d86fe0bee241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
21:30:19.0515 4088 EpsonCustomerParticipation - ok
21:30:19.0534 4088 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:30:19.0535 4088 EraserUtilRebootDrv - ok
21:30:19.0547 4088 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:30:19.0547 4088 ErrDev - ok
21:30:19.0581 4088 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
21:30:19.0584 4088 EventSystem - ok
21:30:19.0608 4088 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
21:30:19.0610 4088 exfat - ok
21:30:19.0639 4088 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:30:19.0641 4088 fastfat - ok
21:30:19.0654 4088 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:30:19.0655 4088 fdc - ok
21:30:19.0665 4088 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
21:30:19.0666 4088 fdPHost - ok
21:30:19.0678 4088 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
21:30:19.0680 4088 FDResPub - ok
21:30:19.0685 4088 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:30:19.0686 4088 FileInfo - ok
21:30:19.0697 4088 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:30:19.0698 4088 Filetrace - ok
21:30:19.0707 4088 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:30:19.0708 4088 flpydisk - ok
21:30:19.0733 4088 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:30:19.0735 4088 FltMgr - ok
21:30:19.0773 4088 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
21:30:19.0781 4088 FontCache - ok
21:30:19.0822 4088 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:19.0823 4088 FontCache3.0.0.0 - ok
21:30:19.0850 4088 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:30:19.0851 4088 Fs_Rec - ok
21:30:19.0864 4088 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:30:19.0865 4088 gagp30kx - ok
21:30:19.0911 4088 [ 3eafdd637416393722aa98e940dfd0a0 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
21:30:19.0912 4088 GameConsoleService - ok
21:30:19.0941 4088 [ af4dee5531395dee72b35b36c9671fd0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:30:19.0941 4088 GEARAspiWDM - ok
21:30:19.0977 4088 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
21:30:19.0982 4088 gpsvc - ok
21:30:20.0025 4088 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:20.0026 4088 gupdate - ok
21:30:20.0033 4088 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:20.0034 4088 gupdatem - ok
21:30:20.0065 4088 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:30:20.0066 4088 gusvc - ok
21:30:20.0102 4088 [ df45f8142dc6df9d18c39b3effbd0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:30:20.0104 4088 HdAudAddService - ok
21:30:20.0139 4088 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:20.0146 4088 HDAudBus - ok
21:30:20.0198 4088 [ 68214c82fa6222591873677a72df2a66 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:30:20.0199 4088 HidBatt - ok
21:30:20.0219 4088 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:30:20.0219 4088 HidBth - ok
21:30:20.0231 4088 [ 5f47839455d01ff6403b008d481a6f5b ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:30:20.0232 4088 HidIr - ok
21:30:20.0258 4088 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
21:30:20.0259 4088 hidserv - ok
21:30:20.0273 4088 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:30:20.0273 4088 HidUsb - ok
21:30:20.0296 4088 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
21:30:20.0298 4088 hkmsvc - ok
21:30:20.0313 4088 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:30:20.0314 4088 HpCISSs - ok
21:30:20.0375 4088 [ fcb563b0a23643e5f80b6ff1e60f610f ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:30:20.0376 4088 hpqcxs08 - ok
21:30:20.0386 4088 [ 25e443e27165c652723a92d9bdfd4649 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:30:20.0387 4088 hpqddsvc - ok
21:30:20.0417 4088 [ 1e260b33f6555146a0b826f047238c00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:30:20.0428 4088 HSF_DPV - ok
21:30:20.0460 4088 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:30:20.0465 4088 HTTP - ok
21:30:20.0480 4088 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:30:20.0481 4088 i2omp - ok
21:30:20.0498 4088 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:20.0499 4088 i8042prt - ok
21:30:20.0520 4088 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:30:20.0523 4088 iaStorV - ok
21:30:20.0573 4088 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:20.0579 4088 idsvc - ok
21:30:20.0652 4088 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120813.001\IDSvia64.sys
21:30:20.0656 4088 IDSVia64 - ok
21:30:20.0673 4088 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:30:20.0674 4088 iirsp - ok
21:30:20.0711 4088 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
21:30:20.0715 4088 IKEEXT - ok
21:30:20.0752 4088 [ e28d6b50a12bfa3df0bd7c31e19599f3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:30:20.0761 4088 IntcAzAudAddService - ok
21:30:20.0771 4088 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
21:30:20.0772 4088 intelide - ok
21:30:20.0789 4088 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:30:20.0789 4088 intelppm - ok
21:30:20.0804 4088 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:30:20.0805 4088 IPBusEnum - ok
21:30:20.0839 4088 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:20.0840 4088 IpFilterDriver - ok
21:30:20.0868 4088 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:30:20.0870 4088 iphlpsvc - ok
21:30:20.0875 4088 IpInIp - ok
21:30:20.0897 4088 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:30:20.0898 4088 IPMIDRV - ok
21:30:20.0916 4088 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:30:20.0917 4088 IPNAT - ok
21:30:20.0932 4088 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:30:20.0933 4088 IRENUM - ok
21:30:20.0946 4088 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:30:20.0946 4088 isapnp - ok
21:30:20.0972 4088 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:30:20.0973 4088 iScsiPrt - ok
21:30:20.0986 4088 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:30:20.0987 4088 iteatapi - ok
21:30:21.0001 4088 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:30:21.0002 4088 iteraid - ok
21:30:21.0013 4088 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:21.0014 4088 kbdclass - ok
21:30:21.0038 4088 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:21.0038 4088 kbdhid - ok
21:30:21.0062 4088 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
21:30:21.0063 4088 KeyIso - ok
21:30:21.0097 4088 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:30:21.0100 4088 KSecDD - ok
21:30:21.0121 4088 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:30:21.0121 4088 ksthunk - ok
21:30:21.0146 4088 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
21:30:21.0150 4088 KtmRm - ok
21:30:21.0177 4088 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:30:21.0180 4088 LanmanServer - ok
21:30:21.0210 4088 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:30:21.0213 4088 LanmanWorkstation - ok
21:30:21.0252 4088 [ dfeff67508d3a9aeb1a85d7b0f513b24 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:30:21.0253 4088 LightScribeService - ok
21:30:21.0261 4088 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:30:21.0262 4088 lltdio - ok
21:30:21.0287 4088 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:30:21.0290 4088 lltdsvc - ok
21:30:21.0301 4088 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:30:21.0302 4088 lmhosts - ok
21:30:21.0330 4088 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:30:21.0331 4088 LSI_FC - ok
21:30:21.0343 4088 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:30:21.0345 4088 LSI_SAS - ok
21:30:21.0363 4088 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:30:21.0364 4088 LSI_SCSI - ok
21:30:21.0384 4088 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
21:30:21.0385 4088 luafv - ok
21:30:21.0389 4088 LVcKap64 - ok
21:30:21.0435 4088 [ b2085e335f2b57077b0cbadb6f1245cd ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys
21:30:21.0437 4088 lvpopf64 - ok
21:30:21.0462 4088 [ ded333dbdbbcc3555a6e6244522e2f1a ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:30:21.0462 4088 LVPr2M64 - ok
21:30:21.0466 4088 [ ded333dbdbbcc3555a6e6244522e2f1a ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:30:21.0467 4088 LVPr2Mon - ok
21:30:21.0549 4088 [ a35679e56e78091e1042a2d7adbf2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:30:21.0550 4088 LVPrcS64 - ok
21:30:21.0565 4088 [ 986c1cb787a007baa5f74e7d316d7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:30:21.0567 4088 LVRS64 - ok
21:30:21.0584 4088 [ f1cc5f4341df18da482531e55e0bb074 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
21:30:21.0585 4088 LVUSBS64 - ok
21:30:21.0701 4088 [ 5747bc465abea2858c5d037252aed84e ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:30:21.0741 4088 LVUVC64 - ok
21:30:21.0761 4088 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:30:21.0762 4088 Mcx2Svc - ok
21:30:21.0788 4088 [ e4f44ec214b3e381e1fc844a02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:30:21.0788 4088 mdmxsdk - ok
21:30:21.0807 4088 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
21:30:21.0808 4088 megasas - ok
21:30:21.0833 4088 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:30:21.0836 4088 MegaSR - ok
21:30:21.0885 4088 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:30:21.0886 4088 Microsoft Office Groove Audit Service - ok
21:30:21.0903 4088 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
21:30:21.0904 4088 MMCSS - ok
21:30:21.0929 4088 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
21:30:21.0930 4088 Modem - ok
21:30:21.0947 4088 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:30:21.0948 4088 monitor - ok
21:30:21.0963 4088 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:30:21.0964 4088 mouclass - ok
21:30:21.0978 4088 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:30:21.0978 4088 mouhid - ok
21:30:21.0986 4088 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:30:21.0987 4088 MountMgr - ok
21:30:22.0014 4088 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
21:30:22.0015 4088 mpio - ok
21:30:22.0034 4088 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:30:22.0035 4088 mpsdrv - ok
21:30:22.0052 4088 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
21:30:22.0057 4088 MpsSvc - ok
21:30:22.0071 4088 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:30:22.0072 4088 Mraid35x - ok
21:30:22.0095 4088 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:30:22.0096 4088 MRxDAV - ok
21:30:22.0115 4088 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:22.0116 4088 mrxsmb - ok
21:30:22.0140 4088 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:22.0142 4088 mrxsmb10 - ok
21:30:22.0148 4088 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:22.0150 4088 mrxsmb20 - ok
21:30:22.0178 4088 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
21:30:22.0179 4088 msahci - ok
21:30:22.0197 4088 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:30:22.0198 4088 msdsm - ok
21:30:22.0220 4088 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
21:30:22.0222 4088 MSDTC - ok
21:30:22.0240 4088 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:30:22.0241 4088 Msfs - ok
21:30:22.0254 4088 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:30:22.0254 4088 msisadrv - ok
21:30:22.0279 4088 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:30:22.0281 4088 MSiSCSI - ok
21:30:22.0286 4088 msiserver - ok
21:30:22.0301 4088 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:30:22.0301 4088 MSKSSRV - ok
21:30:22.0317 4088 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:22.0318 4088 MSPCLOCK - ok
21:30:22.0335 4088 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:30:22.0335 4088 MSPQM - ok
21:30:22.0360 4088 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:30:22.0362 4088 MsRPC - ok
21:30:22.0377 4088 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:22.0378 4088 mssmbios - ok
21:30:22.0394 4088 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:30:22.0395 4088 MSTEE - ok
21:30:22.0404 4088 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
21:30:22.0405 4088 Mup - ok
21:30:22.0462 4088 [ c6948f034d7edabcfa2234d399fc78bc ] N360 C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
21:30:22.0463 4088 N360 - ok
21:30:22.0482 4088 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
21:30:22.0486 4088 napagent - ok
21:30:22.0514 4088 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:30:22.0516 4088 NativeWifiP - ok
21:30:22.0579 4088 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120814.002\ENG64.SYS
21:30:22.0580 4088 NAVENG - ok
21:30:22.0623 4088 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120814.002\EX64.SYS
21:30:22.0637 4088 NAVEX15 - ok
21:30:22.0675 4088 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:30:22.0681 4088 NDIS - ok
21:30:22.0695 4088 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:22.0696 4088 NdisTapi - ok
21:30:22.0709 4088 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:22.0710 4088 Ndisuio - ok
21:30:22.0733 4088 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:22.0735 4088 NdisWan - ok
21:30:22.0744 4088 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:30:22.0745 4088 NDProxy - ok
21:30:22.0768 4088 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:30:22.0769 4088 Net Driver HPZ12 - ok
21:30:22.0779 4088 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:30:22.0779 4088 NetBIOS - ok
21:30:22.0792 4088 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:30:22.0794 4088 netbt - ok
21:30:22.0804 4088 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
21:30:22.0805 4088 Netlogon - ok
21:30:22.0825 4088 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
21:30:22.0829 4088 Netman - ok
21:30:22.0858 4088 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0859 4088 NetMsmqActivator - ok
21:30:22.0864 4088 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0866 4088 NetPipeActivator - ok
21:30:22.0891 4088 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
21:30:22.0894 4088 netprofm - ok
21:30:22.0900 4088 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0901 4088 NetTcpActivator - ok
21:30:22.0906 4088 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:22.0907 4088 NetTcpPortSharing - ok
21:30:22.0921 4088 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:30:22.0922 4088 nfrd960 - ok
21:30:22.0939 4088 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
21:30:22.0942 4088 NlaSvc - ok
21:30:22.0957 4088 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:30:22.0958 4088 Npfs - ok
21:30:22.0975 4088 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
21:30:22.0977 4088 nsi - ok
21:30:22.0990 4088 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:30:22.0991 4088 nsiproxy - ok
21:30:23.0033 4088 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:30:23.0043 4088 Ntfs - ok
21:30:23.0048 4088 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
21:30:23.0048 4088 Null - ok
21:30:23.0070 4088 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:30:23.0071 4088 nvraid - ok
21:30:23.0086 4088 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:30:23.0087 4088 nvstor - ok
21:30:23.0102 4088 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:30:23.0104 4088 nv_agp - ok
21:30:23.0109 4088 NwlnkFlt - ok
21:30:23.0115 4088 NwlnkFwd - ok
21:30:23.0180 4088 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:30:23.0184 4088 odserv - ok
21:30:23.0205 4088 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:30:23.0205 4088 ohci1394 - ok
21:30:23.0239 4088 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:23.0240 4088 ose - ok
21:30:23.0271 4088 [ bbd46a3539276fd5e55d2b55daadabcd ] OV550I C:\Windows\system32\Drivers\OVTX16.sys
21:30:23.0272 4088 OV550I - ok
21:30:23.0306 4088 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:30:23.0312 4088 p2pimsvc - ok
21:30:23.0372 4088 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
21:30:23.0379 4088 p2psvc - ok
21:30:23.0401 4088 [ 4c6a7fd04ddf4db88791048382e3edb1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:30:23.0402 4088 Parport - ok
21:30:23.0423 4088 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:30:23.0424 4088 partmgr - ok
21:30:23.0449 4088 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
21:30:23.0451 4088 PcaSvc - ok
21:30:23.0464 4088 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
21:30:23.0466 4088 pci - ok
21:30:23.0486 4088 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
21:30:23.0486 4088 pciide - ok
21:30:23.0504 4088 [ a2d6b9c3f532baa27cb0c158d8ef4da6 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:30:23.0506 4088 pcmcia - ok
21:30:23.0539 4088 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:30:23.0544 4088 PEAUTH - ok
21:30:23.0595 4088 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:30:23.0596 4088 PerfHost - ok
21:30:23.0635 4088 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
21:30:23.0646 4088 pla - ok
21:30:23.0672 4088 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:30:23.0676 4088 PlugPlay - ok
21:30:23.0699 4088 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:30:23.0701 4088 Pml Driver HPZ12 - ok
21:30:23.0720 4088 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:30:23.0726 4088 PNRPAutoReg - ok
21:30:23.0739 4088 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:30:23.0746 4088 PNRPsvc - ok
21:30:23.0777 4088 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:30:23.0781 4088 PolicyAgent - ok
21:30:23.0811 4088 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:30:23.0812 4088 PptpMiniport - ok
21:30:23.0820 4088 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:30:23.0821 4088 Processor - ok
21:30:23.0850 4088 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
21:30:23.0852 4088 ProfSvc - ok
21:30:23.0862 4088 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
21:30:23.0863 4088 ProtectedStorage - ok
21:30:23.0881 4088 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:30:23.0882 4088 PSched - ok
21:30:23.0902 4088 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:30:23.0903 4088 PxHlpa64 - ok
21:30:23.0946 4088 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:30:23.0954 4088 ql2300 - ok
21:30:23.0971 4088 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:30:23.0972 4088 ql40xx - ok
21:30:23.0992 4088 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
21:30:23.0996 4088 QWAVE - ok
21:30:24.0004 4088 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:30:24.0005 4088 QWAVEdrv - ok
21:30:24.0102 4088 [ 3471469d4a85564cdd72e4459d106f0b ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
21:30:24.0134 4088 R300 - ok
21:30:24.0155 4088 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:30:24.0156 4088 RasAcd - ok
21:30:24.0169 4088 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
21:30:24.0172 4088 RasAuto - ok
21:30:24.0182 4088 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:24.0183 4088 Rasl2tp - ok
21:30:24.0211 4088 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
21:30:24.0215 4088 RasMan - ok
21:30:24.0235 4088 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:24.0236 4088 RasPppoe - ok
21:30:24.0254 4088 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:30:24.0255 4088 RasSstp - ok
21:30:24.0286 4088 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:30:24.0288 4088 rdbss - ok
21:30:24.0295 4088 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:24.0296 4088 RDPCDD - ok
21:30:24.0319 4088 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:30:24.0322 4088 rdpdr - ok
21:30:24.0327 4088 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:30:24.0327 4088 RDPENCDD - ok
21:30:24.0352 4088 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:30:24.0354 4088 RDPWD - ok
21:30:24.0380 4088 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:30:24.0382 4088 RemoteAccess - ok
21:30:24.0410 4088 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:30:24.0412 4088 RemoteRegistry - ok
21:30:24.0436 4088 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:30:24.0437 4088 RimUsb - ok
21:30:24.0455 4088 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
21:30:24.0456 4088 RpcLocator - ok
21:30:24.0487 4088 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
21:30:24.0493 4088 RpcSs - ok
21:30:24.0506 4088 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:30:24.0507 4088 rspndr - ok
21:30:24.0524 4088 [ 0328ffdf9d805723d0e420018136fa7b ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:30:24.0525 4088 RTHDMIAzAudService - ok
21:30:24.0537 4088 [ fe1d4924e1680a192f9617c5eca19c93 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
21:30:24.0538 4088 RTSTOR - ok
21:30:24.0554 4088 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
21:30:24.0555 4088 SamSs - ok
21:30:24.0568 4088 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:30:24.0569 4088 sbp2port - ok
21:30:24.0589 4088 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:30:24.0591 4088 SCardSvr - ok
21:30:24.0625 4088 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
21:30:24.0632 4088 Schedule - ok
21:30:24.0656 4088 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:30:24.0657 4088 SCPolicySvc - ok
21:30:24.0673 4088 [ b42ee50f7d24f837f925332eb349eca5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:30:24.0675 4088 sdbus - ok
21:30:24.0703 4088 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:30:24.0705 4088 SDRSVC - ok
21:30:24.0718 4088 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:30:24.0719 4088 secdrv - ok
21:30:24.0727 4088 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
21:30:24.0729 4088 seclogon - ok
21:30:24.0743 4088 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\system32\sens.dll
21:30:24.0745 4088 SENS - ok
21:30:24.0761 4088 [ 2449316316411d65bd2c761a6ffb2ce2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:30:24.0762 4088 Serenum - ok
21:30:24.0773 4088 [ 4b438170be2fc8e0bd35ee87a960f84f ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:30:24.0774 4088 Serial - ok
21:30:24.0787 4088 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:30:24.0788 4088 sermouse - ok
21:30:24.0812 4088 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
21:30:24.0814 4088 SessionEnv - ok
21:30:24.0825 4088 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:30:24.0825 4088 sffdisk - ok
21:30:24.0839 4088 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:30:24.0840 4088 sffp_mmc - ok
21:30:24.0845 4088 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:30:24.0846 4088 sffp_sd - ok
21:30:24.0858 4088 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:30:24.0858 4088 sfloppy - ok
21:30:24.0888 4088 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:30:24.0891 4088 SharedAccess - ok
21:30:24.0913 4088 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:24.0916 4088 ShellHWDetection - ok
21:30:24.0933 4088 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:30:24.0934 4088 SiSRaid2 - ok
21:30:24.0946 4088 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:30:24.0947 4088 SiSRaid4 - ok
21:30:24.0972 4088 [ 579ba0a911ff5ea70cb604cd3b744b0a ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:30:24.0973 4088 SkypeUpdate - ok
21:30:25.0039 4088 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
21:30:25.0056 4088 slsvc - ok
21:30:25.0080 4088 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:30:25.0082 4088 SLUINotify - ok
21:30:25.0100 4088 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:30:25.0101 4088 Smb - ok
21:30:25.0141 4088 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:30:25.0143 4088 SNMPTRAP - ok
21:30:25.0161 4088 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
21:30:25.0162 4088 spldr - ok
21:30:25.0193 4088 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
21:30:25.0197 4088 Spooler - ok
21:30:25.0259 4088 [ 06b9a7ba94356ec5207c5ddb59540378 ] SRTSP C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
21:30:25.0264 4088 SRTSP - ok
21:30:25.0282 4088 [ fbb8945a61e55a2345d12487c74a9d76 ] SRTSPX C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
21:30:25.0283 4088 SRTSPX - ok
21:30:25.0311 4088 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
21:30:25.0314 4088 srv - ok
21:30:25.0328 4088 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:30:25.0330 4088 srv2 - ok
21:30:25.0344 4088 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:30:25.0346 4088 srvnet - ok
21:30:25.0363 4088 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:30:25.0366 4088 SSDPSRV - ok
21:30:25.0375 4088 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:30:25.0377 4088 SstpSvc - ok
21:30:25.0412 4088 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
21:30:25.0417 4088 stisvc - ok
21:30:25.0431 4088 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:30:25.0432 4088 swenum - ok
21:30:25.0461 4088 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
21:30:25.0466 4088 swprv - ok
21:30:25.0478 4088 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:30:25.0479 4088 Symc8xx - ok
21:30:25.0509 4088 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
21:30:25.0512 4088 SymDS - ok
21:30:25.0536 4088 [ f90c7a190399165d3ab2245048d34786 ] SymEFA C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
21:30:25.0544 4088 SymEFA - ok
21:30:25.0568 4088 [ 898bb48c797483420df523b2bbc1ecdb ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:30:25.0569 4088 SymEvent - ok
21:30:25.0574 4088 SYMFW - ok
21:30:25.0580 4088 SymIMMP - ok
21:30:25.0608 4088 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
21:30:25.0609 4088 SymIRON - ok
21:30:25.0614 4088 SYMNDISV - ok
21:30:25.0634 4088 [ a25fee245c78804601d83431386a0bee ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0602010.005\SYMTDIV.SYS
21:30:25.0637 4088 SYMTDIv - ok
21:30:25.0654 4088 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:30:25.0655 4088 Sym_hi - ok
21:30:25.0673 4088 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:30:25.0674 4088 Sym_u3 - ok
21:30:25.0714 4088 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
21:30:25.0721 4088 SysMain - ok
21:30:25.0732 4088 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:30:25.0734 4088 TabletInputService - ok
21:30:25.0761 4088 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:30:25.0765 4088 TapiSrv - ok
21:30:25.0777 4088 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
21:30:25.0779 4088 TBS - ok
21:30:25.0822 4088 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:30:25.0831 4088 Tcpip - ok
21:30:25.0864 4088 [ 46d448e9117464e4d3bbf36d7e3fa48e ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:30:25.0873 4088 Tcpip6 - ok
21:30:25.0896 4088 [ c7e72a4071ee0200e3c075dacfb2b334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:30:25.0897 4088 tcpipreg - ok
21:30:25.0910 4088 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:30:25.0911 4088 TDPIPE - ok
21:30:25.0923 4088 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:30:25.0924 4088 TDTCP - ok
21:30:25.0945 4088 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:30:25.0946 4088 tdx - ok
21:30:25.0971 4088 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:30:25.0972 4088 TermDD - ok
21:30:26.0006 4088 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
21:30:26.0011 4088 TermService - ok
21:30:26.0029 4088 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
21:30:26.0033 4088 Themes - ok
21:30:26.0054 4088 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
21:30:26.0056 4088 THREADORDER - ok
21:30:26.0068 4088 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
21:30:26.0070 4088 TrkWks - ok
21:30:26.0104 4088 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:30:26.0104 4088 TrustedInstaller - ok
21:30:26.0124 4088 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:26.0125 4088 tssecsrv - ok
21:30:26.0138 4088 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:30:26.0139 4088 tunmp - ok
21:30:26.0159 4088 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:30:26.0160 4088 tunnel - ok
21:30:26.0176 4088 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:30:26.0177 4088 uagp35 - ok
21:30:26.0202 4088 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:30:26.0205 4088 udfs - ok
21:30:26.0236 4088 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:30:26.0238 4088 UI0Detect - ok
21:30:26.0282 4088 [ 332d341d92b933600d41953b08360dfb ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:30:26.0283 4088 UleadBurningHelper - ok
21:30:26.0299 4088 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:30:26.0300 4088 uliagpkx - ok
21:30:26.0318 4088 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:30:26.0320 4088 uliahci - ok
21:30:26.0338 4088 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:30:26.0340 4088 UlSata - ok
21:30:26.0356 4088 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:30:26.0358 4088 ulsata2 - ok
21:30:26.0375 4088 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:30:26.0376 4088 umbus - ok
21:30:26.0391 4088 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
21:30:26.0395 4088 upnphost - ok
21:30:26.0454 4088 [ c6ba890de6e41857fbe84175519cae7d ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:30:26.0455 4088 usbaudio - ok
21:30:26.0472 4088 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:26.0473 4088 usbccgp - ok
21:30:26.0495 4088 [ 8c39d53e1a343f4c47ee8f3c052126d8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:30:26.0496 4088 usbcir - ok
21:30:26.0519 4088 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:30:26.0520 4088 usbehci - ok
21:30:26.0546 4088 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:30:26.0548 4088 usbhub - ok
21:30:26.0559 4088 [ e406b003a354776d317762694956b0fc ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:30:26.0559 4088 usbohci - ok
21:30:26.0570 4088 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:30:26.0570 4088 usbprint - ok
21:30:26.0592 4088 [ ea0bf666868964fbe8cb10e50c97b9f1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:30:26.0593 4088 usbscan - ok
21:30:26.0621 4088 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:26.0622 4088 USBSTOR - ok
21:30:26.0634 4088 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:30:26.0635 4088 usbuhci - ok
21:30:26.0656 4088 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
21:30:26.0658 4088 UxSms - ok
21:30:26.0684 4088 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
21:30:26.0688 4088 vds - ok
21:30:26.0726 4088 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:26.0726 4088 vga - ok
21:30:26.0731 4088 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:30:26.0732 4088 VgaSave - ok
21:30:26.0749 4088 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
21:30:26.0750 4088 viaide - ok
21:30:26.0759 4088 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:30:26.0760 4088 volmgr - ok
21:30:26.0788 4088 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:30:26.0790 4088 volmgrx - ok
21:30:26.0816 4088 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:30:26.0818 4088 volsnap - ok
21:30:26.0836 4088 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:30:26.0837 4088 vsmraid - ok
21:30:26.0877 4088 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
21:30:26.0888 4088 VSS - ok
21:30:26.0904 4088 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
21:30:26.0907 4088 W32Time - ok
21:30:26.0921 4088 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:30:26.0922 4088 WacomPen - ok
21:30:26.0940 4088 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:30:26.0941 4088 Wanarp - ok
21:30:26.0946 4088 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:30:26.0947 4088 Wanarpv6 - ok
21:30:26.0975 4088 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:30:26.0980 4088 wcncsvc - ok
21:30:27.0005 4088 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:30:27.0007 4088 WcsPlugInService - ok
21:30:27.0019 4088 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
21:30:27.0020 4088 Wd - ok
21:30:27.0045 4088 [ d02e7e4567da1e7582fbf6a91144b0df ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:30:27.0051 4088 Wdf01000 - ok
21:30:27.0062 4088 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:30:27.0064 4088 WdiServiceHost - ok
21:30:27.0068 4088 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:30:27.0070 4088 WdiSystemHost - ok
21:30:27.0084 4088 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
21:30:27.0087 4088 WebClient - ok
21:30:27.0107 4088 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:30:27.0110 4088 Wecsvc - ok
21:30:27.0150 4088 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:30:27.0152 4088 wercplsupport - ok
21:30:27.0162 4088 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
21:30:27.0164 4088 WerSvc - ok
21:30:27.0201 4088 [ cbdeb4b3b5cf8c49acc221d45f1c50c1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:30:27.0206 4088 winachsf - ok
21:30:27.0217 4088 WinDefend - ok
21:30:27.0225 4088 WinHttpAutoProxySvc - ok
21:30:27.0277 4088 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:30:27.0279 4088 Winmgmt - ok
21:30:27.0327 4088 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
21:30:27.0342 4088 WinRM - ok
21:30:27.0373 4088 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:30:27.0379 4088 Wlansvc - ok
21:30:27.0468 4088 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:30:27.0483 4088 wlidsvc - ok
21:30:27.0496 4088 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:30:27.0497 4088 WmiAcpi - ok
21:30:27.0526 4088 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:30:27.0528 4088 wmiApSrv - ok
21:30:27.0542 4088 WMPNetworkSvc - ok
21:30:27.0566 4088 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:30:27.0568 4088 WPCSvc - ok
21:30:27.0593 4088 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:30:27.0595 4088 WPDBusEnum - ok
21:30:27.0621 4088 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:30:27.0622 4088 WpdUsb - ok
21:30:27.0709 4088 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:30:27.0716 4088 WPFFontCache_v0400 - ok
21:30:27.0724 4088 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:30:27.0725 4088 ws2ifsl - ok
21:30:27.0749 4088 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\system32\wscsvc.dll
21:30:27.0752 4088 wscsvc - ok
21:30:27.0756 4088 WSearch - ok
21:30:27.0812 4088 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:30:27.0828 4088 wuauserv - ok
21:30:27.0846 4088 [ 501a65252617b495c0f1832f908d54d8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:27.0847 4088 WUDFRd - ok
21:30:27.0863 4088 [ 6cbd51ff913c851d56ed9dc7f2a27dde ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:30:27.0865 4088 wudfsvc - ok
21:30:27.0883 4088 [ 2f2ce5e47b014f52bc722ae28b19cbf3 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
21:30:27.0883 4088 XAudio - ok
21:30:27.0902 4088 [ a337887a4e3396a3ea5d6e54fa431c84 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
21:30:27.0906 4088 XAudioService - ok
21:30:27.0942 4088 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:30:27.0946 4088 YahooAUService - ok
21:30:27.0971 4088 [ 2ae06b41b36549fabf0886b2af89a599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
21:30:27.0973 4088 yukonx64 - ok
21:30:27.0977 4088 ================ Scan global ===============================
21:30:27.0994 4088 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
21:30:28.0021 4088 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
21:30:28.0037 4088 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
21:30:28.0065 4088 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
21:30:28.0068 4088 [Global] - ok
21:30:28.0069 4088 ================ Scan MBR ==================================
21:30:28.0075 4088 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:30:28.0260 4088 \Device\Harddisk0\DR0 - ok
21:30:28.0265 4088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
21:30:28.0271 4088 \Device\Harddisk5\DR5 - ok
21:30:28.0272 4088 ================ Scan VBR ==================================
21:30:28.0275 4088 Boot (0x1200) (98d111df26fbb4dc4a497776e6fe4243) \Device\Harddisk0\DR0\Partition1
21:30:28.0276 4088 \Device\Harddisk0\DR0\Partition1 - ok
21:30:28.0281 4088 Boot (0x1200) (7d04666a4010b04f5664bd6b07b5a662) \Device\Harddisk0\DR0\Partition2
21:30:28.0282 4088 \Device\Harddisk0\DR0\Partition2 - ok
21:30:28.0287 4088 Boot (0x1200) (4fc8afef160ccf65633ecf2ee9e63f12) \Device\Harddisk5\DR5\Partition1
21:30:28.0291 4088 \Device\Harddisk5\DR5\Partition1 - ok
21:30:28.0292 4088 ============================================================
21:30:28.0292 4088 Scan finished
21:30:28.0292 4088 ============================================================
21:30:28.0301 3032 Detected object count: 0
21:30:28.0301 3032 Actual detected object count: 0
21:38:42.0174 1488 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 21:40:43
-----------------------------
21:40:43.597 OS Version: Windows x64 6.0.6002 Service Pack 2
21:40:43.598 Number of processors: 4 586 0x203
21:40:43.598 ComputerName: BYERS-HOME-PC UserName: Byers
21:40:46.005 Initialize success
21:41:53.442 AVAST engine defs: 12081401
21:42:08.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:42:08.334 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
21:42:08.343 Disk 0 MBR read successfully
21:42:08.345 Disk 0 MBR scan
21:42:08.349 Disk 0 Windows VISTA default MBR code
21:42:08.352 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15868 MB offset 63
21:42:08.364 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 594608 MB offset 32499495
21:42:08.384 Disk 0 scanning C:\Windows\system32\drivers
21:42:17.258 Service scanning
21:42:37.017 Modules scanning
21:42:37.024 Disk 0 trace - called modules:
21:42:37.040 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:42:37.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800768f3e0]
21:42:37.048 3 CLASSPNP.SYS[fffffa6000fcbc33] -> nt!IofCallDriver -> [0xfffffa800617c9b0]
21:42:37.053 5 acpi.sys[fffffa60008f6fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006177940]
21:42:38.704 AVAST engine scan C:\Windows
21:42:42.945 AVAST engine scan C:\Windows\system32
21:45:42.522 AVAST engine scan C:\Windows\system32\drivers
21:45:53.729 AVAST engine scan C:\Users\Byers
21:48:19.602 Disk 0 MBR has been saved successfully to "C:\Users\Byers\Downloads\MBR.dat"
21:48:19.617 The log file has been saved successfully to "C:\Users\Byers\Downloads\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 14 August 2012 - 09:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\Microsoft\Windows\DRM
c:\program files (x86)\Ask.com
c:\program files (x86)\StartNow Toolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 August 2012 - 10:02 AM

Gringo,

I do not know how to run CFScript. The CFScript in your last post appears to be just text, and when I click on it, it does not take me anywhere. I Googled CFScript and learned it is similar to Java, but can only be run by accessing Adobe's Cold Fusion Server. Since this is in an area that I don't know what I am doing, I need some additional guidance so I don't mess something up. Can you provide additional info on how I can get to CFScript to run it?

Thanks

JBR64

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 15 August 2012 - 10:18 AM

you need to make the script

you start where it says open notepad and continue with the instructions from there



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 August 2012 - 01:53 PM

Gringo,

I created the CFScript txt, merged in into Combofix and ran. The log is attached belod. I also checked Google after this scan and there was no Redirect from the previous malware. It appears the redirect problem is fized. Let me know if you recommend any additional steps to be taken.
Thanks and best regards,
JBR64

ComboFix 12-08-15.01 - Byers 08/15/2012 14:13:14.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.3181 [GMT -4:00]
Running from: c:\users\Byers\Downloads\ComboFix.exe
Command switches used :: c:\users\Byers\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_8684.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\2852.tmp.dat
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 18:23 . 2012-08-15 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 03:28 . 2012-08-15 18:25 -------- d-----w- c:\windows\system32\drivers\N360x64\0603000.00E
2012-08-12 18:00 . 2012-08-12 20:30 -------- d-----w- c:\users\Byers\Docs Not Backedup
2012-08-09 02:31 . 2012-08-09 02:30 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-09 02:28 . 2012-08-09 02:28 -------- d-----w- c:\programdata\McAfee
2012-07-19 00:27 . 2012-08-06 03:42 -------- d-----w- c:\users\Byers\AppData\Roaming\FamilyTreeMaker
2012-07-18 23:52 . 2012-07-18 23:52 -------- d-----w- c:\users\Byers\AppData\Local\IsolatedStorage
2012-07-18 23:50 . 2012-07-18 23:50 -------- d-----w- c:\users\Byers\AppData\Local\Ancestry.com
2012-07-18 23:48 . 2012-07-18 23:51 -------- d-----w- c:\program files (x86)\Family Tree Maker 2012
2012-07-18 23:48 . 2012-07-18 23:48 -------- d-----w- c:\program files (x86)\BCL Technologies
2012-07-18 23:42 . 2012-07-18 23:49 -------- d--h--w- c:\programdata\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 02:30 . 2011-04-15 15:36 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 07:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-13 13:58 . 2012-07-12 07:01 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 08:23 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 08:23 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 08:23 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 08:23 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 08:23 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 08:23 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 02:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 02:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 02:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 02:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 02:21 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 02:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 02:21 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 02:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 02:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 02:21 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-19 02:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-19 02:21 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 02:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-19 02:21 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-12 07:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 07:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 07:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 07:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 07:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 07:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 07:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 07:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 07:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 07:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 08:23 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 08:23 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 08:23 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 08:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 08:23 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2008-12-27 18:56 . 2008-12-27 18:56 163712 ----a-w- c:\program files\pfbackup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-14_21.06.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-08-15 18:29 65124 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-05 07:11 . 2012-08-15 18:30 19488 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1911233463-590595397-3226711343-1000_UserData.bin
+ 2012-08-15 03:28 . 2012-07-06 02:17 37536 c:\windows\system32\drivers\N360x64\0603000.00E\srtspx64.sys
+ 2012-08-15 03:28 . 2012-05-15 01:21 8942 c:\windows\system32\drivers\N360x64\0603000.00E\symvtcer.dat
+ 2012-08-15 18:26 . 2012-08-15 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-14 21:06 . 2012-08-14 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-15 18:26 . 2012-08-15 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 21:06 . 2012-08-14 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 21:06 . 2009-10-07 05:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-08-15 18:27 . 2009-10-07 05:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-08-15 18:27 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-08-14 21:06 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2006-11-02 15:45 . 2012-08-15 18:30 104452 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:21 . 2012-08-14 21:07 617160 c:\windows\system32\FNTCACHE.DAT
+ 2012-08-15 03:28 . 2012-03-29 06:28 445560 c:\windows\system32\drivers\N360x64\0603000.00E\symtdiv.sys
+ 2012-08-15 03:28 . 2012-03-29 06:28 405624 c:\windows\system32\drivers\N360x64\0603000.00E\symnets.sys
+ 2012-08-15 03:28 . 2012-03-29 06:28 451192 c:\windows\system32\drivers\N360x64\0603000.00E\symds64.sys
+ 2012-08-15 03:28 . 2012-07-06 02:17 737952 c:\windows\system32\drivers\N360x64\0603000.00E\srtsp64.sys
+ 2012-08-15 03:28 . 2012-03-29 06:06 190072 c:\windows\system32\drivers\N360x64\0603000.00E\ironx64.sys
+ 2012-08-15 03:28 . 2012-06-07 04:43 167072 c:\windows\system32\drivers\N360x64\0603000.00E\ccsetx64.sys
+ 2011-02-21 21:48 . 2012-08-15 18:23 496004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-21 21:48 . 2012-08-14 21:04 496004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-15 03:28 . 2012-05-22 01:37 1129120 c:\windows\system32\drivers\N360x64\0603000.00E\symefa64.sys
+ 2011-06-19 07:26 . 2012-08-15 18:24 7638004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-8192.dat
- 2011-06-19 07:26 . 2012-08-14 21:04 7638004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-8192.dat
- 2011-07-12 21:05 . 2012-08-14 21:04 4842772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-12288.dat
+ 2011-07-12 21:05 . 2012-08-15 18:24 4842772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-12288.dat
+ 2011-06-19 07:26 . 2012-08-15 18:24 42276668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2011-04-24 239488]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-01 539800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Smart Copy"="c:\program files (x86)\IOI\Smart Copy\ButtonMonitor.exe" [2008-05-11 49152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-05 296056]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Byers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-1-25 2010408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2008-7-12 221247]
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-5-20 237568]
Event Reminder.lnk - c:\program files (x86)\PrintMaster Platinum 18\Remind.exe [2007-9-9 344064]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2011-4-4 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-08-02 14:23]
.
2012-08-15 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-08-02 14:23]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 03:48]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-23 03:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-16 5453824]
"Skytel"="Skytel.exe" [2008-03-16 1826816]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: epa.gov
TCP: DhcpNameServer = 192.168.1.254
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///E:/Scripts/LTOCX14N.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
c:\program files (x86)\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-08-15 14:36:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 18:36
ComboFix2.txt 2012-08-14 21:14
.
Pre-Run: 376,608,874,496 bytes free
Post-Run: 376,588,578,816 bytes free
.
- - End Of File - - 00641733CFA690B743517EE4A0B61F88

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 15 August 2012 - 02:50 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Ask Toolbar
Babylon toolbar on IE
BabylonObjectInstaller
Java™ 6 Update 33
Java™ 6 Update 5
StartNow Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 August 2012 - 04:35 PM

Hi Gringo,
My Computer seems to be operating without any problems with the Google Redirect malware that is hopefully now removed.

I downloaded Revo and removed the 6 programs you identified with no problems.
I installed Java with no problems.
I downloaded CCleaner and ran it with out any issues (that I am aware of).
I downloaded Malwarebytes Anti-Malware, ran the scan, and removed the identified files, none were difficult to remove. The log is pasted below.
I downloaded Hijackthis, ran the scan, and the log is pasted below.
I didn't have any problems or anything unexpected in completing these tasks.
Let me know what additional steps you recommend.
I really appreciate your help and how thorough you are to clear out all remnants of this problem.
Thanks and best regards.
JBR64

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Byers :: BYERS-HOME-PC [administrator]

8/15/2012 4:54:23 PM
mbam-log-2012-08-15 (16-54-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204081
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CrossriderApp0004479.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\4479 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:07:22 PM, on 8/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\ProgramData\ActivePath\ActiveMail\ActiveMailComServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Users\Byers\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: ActiveMail - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files (x86)\TimeLeft3\TLIntergIE.html
O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files (x86)\TimeLeft3\TLIntergIE.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.epa.gov
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file:///E:/Scripts/LTOCX14N.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15020 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:37 AM

Posted 15 August 2012 - 06:41 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
      O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Startup: TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe
      O4 - Global Startup: APC UPS Status.lnk = ?
      O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
      O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\PrintMaster Platinum 18\Remind.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JBR64

JBR64
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 August 2012 - 04:30 PM

Gringo,
Computer seems to be running fine. No Google Redirect or other problems noted.
With regard to your last post, I ran Hijackthis and I clicked on the items listed and Clicked on "Fix Check" button then closed the application. I had no problems with this item.

I have had a lot of problems trying to get the Eset Online scanner to run. After re-reading your instructions and the FAQ on the Eset site here's what I am doing:
I first disable the Norton Firewall, Antivirus, and Spam software (for 5 hours).
I close all operating programs. I go to the start menu and right click on Internet Explorer and select run as administrator (I have Vista). I then open Internet Explorer, go to and open the Eset web site. I then Click on "Run Eset Online Scanner".I then get a window with the "Terms of Use" which I accept, and then click to start the scan. I then get a blank window with a Red X in the upper right corner. No info when I put my curser on the Red X. T disabled the popup blocker, but still cannot get the Online scan. The Address Bar at the top of this blank window with the Red X shows http://eset.com/us/online-scanner-popup/.
As of now I am out of ideas on how to run the Eset Online Scan.
Do you have any recommendations on things I can try?

best regards

JBR64




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users