Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have popups, live assistant, "Dell System Detect" and who knows what else ...


  • This topic is locked This topic is locked
12 replies to this topic

#1 smurfhandy

smurfhandy

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 06 February 2014 - 03:02 PM

well I put it all in the topic ... I'm working on my parents computer (which they allow an 8 year old to use) and they are infected with crap ... IE is constantly poping up about security certificate errors ...

 

I would note that the computer is slow ... but it doesn't have enough memory so malware is only part of that problem.

 

Shrug... don't know what else to say ...

 

(I will probably proactively delouse my own computer later as well as optimising this one and look into getting more memory ....  but all that is another post for another day)

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by SHIELA at 13:46:44 on 2014-02-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1328 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\Updater\updater.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Users\SHIELA\AppData\Local\Apps\2.0\NW7QY49P.6X9\24ARHEPQ.YDZ\dell..tion_0f612f649c4a10af_0005.0002_7f12339d141e75ac\DellSystemDetect.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.14news.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
BHO: Websteroids: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\programdata\websteroids\ie\common.dll
BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uftivl] regsvr32.exe /s "c:\programdata\uftivl.dat"
uRun: [fkldhx] regsvr32.exe /s "c:\programdata\fkldhx.dat"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSystemDetect] c:\users\shiela\appdata\roaming\microsoft\windows\start menu\programs\dell\Dell System Detect.appref-ms
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Updater] c:\programdata\updater\updater.exe
uRun: [TBHostSupport] "c:\windows\system32\rundll32.exe" "c:\users\shiela\appdata\local\tbhostsupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [eRecoveryService] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2009\QBW32.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4E6B947A-033C-4FBA-B9CD-41F44834DF4E} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20140129.003\IDSvix86.sys [2014-1-29 286328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-12 108120]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-11 23888]
.
=============== Created Last 30 ================
.
2014-01-29 09:05:21 -------- d-----w- c:\windows\Migration
2014-01-24 20:01:36 -------- d-----w- c:\users\shiela\appdata\local\NativeMessaging
2014-01-24 20:01:30 -------- d-----w- c:\users\shiela\appdata\local\WhiteListing
2014-01-24 20:01:30 -------- d-----w- c:\users\shiela\appdata\local\TBHostSupport
.
==================== Find3M  ====================
.
2014-02-05 01:26:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 01:26:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:48:04.77 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:01 PM

Posted 06 February 2014 - 11:00 PM

Hello smurfhandy,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
1.
Please delete your copy of TDSSKiller and download the latest version from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    image001h.png
  • Click the Start Scan button.

    19695967.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 07 February 2014 - 03:26 AM

02:02:10.0377 0x2a768  TDSS rootkit removing tool 3.0.0.22 Feb  3 2014 16:45:35
02:02:18.0702 0x2a768  ============================================================
02:02:18.0702 0x2a768  Current date / time: 2014/02/07 02:02:18.0702
02:02:18.0702 0x2a768  SystemInfo:
02:02:18.0702 0x2a768 
02:02:18.0702 0x2a768  OS Version: 6.0.6002 ServicePack: 2.0
02:02:18.0702 0x2a768  Product type: Workstation
02:02:18.0702 0x2a768  ComputerName: OFFICEPC
02:02:18.0702 0x2a768  UserName: SHIELA
02:02:18.0702 0x2a768  Windows directory: C:\Windows
02:02:18.0702 0x2a768  System windows directory: C:\Windows
02:02:18.0702 0x2a768  Processor architecture: Intel x86
02:02:18.0702 0x2a768  Number of processors: 2
02:02:18.0702 0x2a768  Page size: 0x1000
02:02:18.0702 0x2a768  Boot type: Normal boot
02:02:18.0702 0x2a768  ============================================================
02:02:19.0432 0x2a768  KLMD registered as C:\Windows\system32\drivers\97863069.sys
02:02:19.0772 0x2a768  System UUID: {4E4279A7-1E89-644E-AEB7-ACF9111AF799}
02:02:20.0802 0x2a768  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:02:20.0822 0x2a768  ============================================================
02:02:20.0822 0x2a768  \Device\Harddisk0\DR0:
02:02:20.0832 0x2a768  MBR partitions:
02:02:20.0832 0x2a768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402DAB0
02:02:20.0832 0x2a768  ============================================================
02:02:20.0902 0x2a768  C: <-> \Device\Harddisk0\DR0\Partition1
02:02:20.0902 0x2a768  ============================================================
02:02:20.0902 0x2a768  Initialize success
02:02:20.0902 0x2a768  ============================================================
02:03:02.0921 0x2ca34  ============================================================
02:03:02.0921 0x2ca34  Scan started
02:03:02.0921 0x2ca34  Mode: Manual; SigCheck; TDLFS;
02:03:02.0921 0x2ca34  ============================================================
02:03:02.0921 0x2ca34  KSN ping started
02:03:05.0641 0x2ca34  KSN ping finished: true
02:03:06.0311 0x2ca34  ================ Scan system memory ========================
02:03:06.0311 0x2ca34  System memory - ok
02:03:06.0321 0x2ca34  ================ Scan services =============================
02:03:06.0611 0x2ca34  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
02:03:06.0781 0x2ca34  ACDaemon - ok
02:03:07.0011 0x2ca34  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
02:03:07.0151 0x2ca34  ACPI - ok
02:03:07.0291 0x2ca34  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:03:07.0391 0x2ca34  AdobeARMservice - ok
02:03:07.0481 0x2ca34  [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:03:07.0571 0x2ca34  AdobeFlashPlayerUpdateSvc - ok
02:03:07.0651 0x2ca34  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
02:03:07.0751 0x2ca34  adp94xx - ok
02:03:07.0841 0x2ca34  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
02:03:08.0011 0x2ca34  adpahci - ok
02:03:08.0051 0x2ca34  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
02:03:08.0101 0x2ca34  adpu160m - ok
02:03:08.0131 0x2ca34  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
02:03:08.0201 0x2ca34  adpu320 - ok
02:03:08.0271 0x2ca34  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:03:08.0501 0x2ca34  AeLookupSvc - ok
02:03:08.0571 0x2ca34  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
02:03:08.0711 0x2ca34  AFD - ok
02:03:08.0781 0x2ca34  [ 8ED60797908FD394EEE0D6949F493224, E07C471050F8D13F0BE52BC2CF88BA0EB8612B4957C43FF16B90197C57738C99 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
02:03:08.0921 0x2ca34  AgereModemAudio - ok
02:03:08.0991 0x2ca34  [ BAF68DCBA949633DF0C16D37AF2A2351, 85BE7F87685BF3BF1B8CE8CD79A9DA44E3B611F712A5C1EDA6AF45EE1A933C0B ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
02:03:09.0191 0x2ca34  AgereSoftModem - ok
02:03:09.0291 0x2ca34  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
02:03:09.0351 0x2ca34  agp440 - ok
02:03:09.0421 0x2ca34  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
02:03:09.0481 0x2ca34  aic78xx - ok
02:03:09.0511 0x2ca34  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
02:03:09.0711 0x2ca34  ALG - ok
02:03:09.0751 0x2ca34  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
02:03:09.0841 0x2ca34  aliide - ok
02:03:09.0911 0x2ca34  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
02:03:09.0961 0x2ca34  amdagp - ok
02:03:09.0981 0x2ca34  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
02:03:10.0031 0x2ca34  amdide - ok
02:03:10.0111 0x2ca34  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
02:03:10.0201 0x2ca34  AmdK7 - ok
02:03:10.0211 0x2ca34  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
02:03:10.0331 0x2ca34  AmdK8 - ok
02:03:10.0371 0x2ca34  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
02:03:10.0441 0x2ca34  Appinfo - ok
02:03:10.0471 0x2ca34  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
02:03:10.0521 0x2ca34  arc - ok
02:03:10.0571 0x2ca34  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
02:03:10.0651 0x2ca34  arcsas - ok
02:03:10.0831 0x2ca34  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:03:10.0921 0x2ca34  aspnet_state - ok
02:03:10.0951 0x2ca34  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:03:11.0011 0x2ca34  AsyncMac - ok
02:03:11.0031 0x2ca34  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
02:03:11.0071 0x2ca34  atapi - ok
02:03:11.0121 0x2ca34  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:03:11.0231 0x2ca34  AudioEndpointBuilder - ok
02:03:11.0251 0x2ca34  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
02:03:11.0331 0x2ca34  Audiosrv - ok
02:03:11.0401 0x2ca34  [ AE9560C298D847AEF346BDD5FAD3B0E3, 75EA520E92160C7078036C5E01613BD4FC8FAC8FEF70BBFF84410B0678696829 ] Automatic LiveUpdate Scheduler c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
02:03:11.0501 0x2ca34  Automatic LiveUpdate Scheduler - ok
02:03:11.0561 0x2ca34  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:03:11.0631 0x2ca34  Beep - ok
02:03:11.0671 0x2ca34  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
02:03:11.0801 0x2ca34  BFE - ok
02:03:11.0871 0x2ca34  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
02:03:12.0061 0x2ca34  BITS - ok
02:03:12.0121 0x2ca34  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
02:03:12.0241 0x2ca34  blbdrive - ok
02:03:12.0261 0x2ca34  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:03:12.0371 0x2ca34  bowser - ok
02:03:12.0411 0x2ca34  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
02:03:12.0501 0x2ca34  BrFiltLo - ok
02:03:12.0531 0x2ca34  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
02:03:12.0681 0x2ca34  BrFiltUp - ok
02:03:12.0711 0x2ca34  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
02:03:12.0781 0x2ca34  Browser - ok
02:03:12.0821 0x2ca34  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
02:03:13.0041 0x2ca34  Brserid - ok
02:03:13.0071 0x2ca34  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
02:03:13.0161 0x2ca34  BrSerWdm - ok
02:03:13.0181 0x2ca34  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
02:03:13.0281 0x2ca34  BrUsbMdm - ok
02:03:13.0321 0x2ca34  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
02:03:13.0421 0x2ca34  BrUsbSer - ok
02:03:13.0451 0x2ca34  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
02:03:13.0661 0x2ca34  BTHMODEM - ok
02:03:13.0981 0x2ca34  [ EB9FA4E1EAB23D8CC0753CFED4FFDDC3, F11BCAE20534FDD606CD7A28E09A940A6FFAF6B11290469D88D9CB897A51F896 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
02:03:14.0381 0x2ca34  CarboniteService - ok
02:03:14.0621 0x2ca34  [ 2F237AAB91497AAA03AF48EAE68758FC, 0701229112148F5A902FAFE3282192CAA89F50D7DF2AD9EF2AA5FE63DE9403A5 ] ccEvtMgr        c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:03:14.0691 0x2ca34  ccEvtMgr - ok
02:03:14.0741 0x2ca34  [ 2F237AAB91497AAA03AF48EAE68758FC, 0701229112148F5A902FAFE3282192CAA89F50D7DF2AD9EF2AA5FE63DE9403A5 ] ccSetMgr        c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:03:14.0811 0x2ca34  ccSetMgr - ok
02:03:14.0861 0x2ca34  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:03:14.0921 0x2ca34  cdfs - ok
02:03:14.0961 0x2ca34  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
02:03:15.0021 0x2ca34  cdrom - ok
02:03:15.0051 0x2ca34  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
02:03:15.0141 0x2ca34  CertPropSvc - ok
02:03:15.0171 0x2ca34  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
02:03:15.0251 0x2ca34  circlass - ok
02:03:15.0281 0x2ca34  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
02:03:15.0361 0x2ca34  CLFS - ok
02:03:15.0551 0x2ca34  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:03:15.0741 0x2ca34  clr_optimization_v2.0.50727_32 - ok
02:03:15.0811 0x2ca34  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:03:15.0911 0x2ca34  clr_optimization_v4.0.30319_32 - ok
02:03:15.0961 0x2ca34  [ 2F237AAB91497AAA03AF48EAE68758FC, 0701229112148F5A902FAFE3282192CAA89F50D7DF2AD9EF2AA5FE63DE9403A5 ] CLTNetCnService c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:03:16.0021 0x2ca34  CLTNetCnService - ok
02:03:16.0091 0x2ca34  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
02:03:16.0141 0x2ca34  cmdide - ok
02:03:16.0201 0x2ca34  [ 6186B6B953BDC884F0F379B84B3E3A98, 679DC67B74DA3615D3AC88FCF8C9B5144B66EE69710B21B005B57198108C2BFC ] COH_Mon         C:\Windows\system32\Drivers\COH_Mon.sys
02:03:16.0241 0x2ca34  COH_Mon - ok
02:03:16.0301 0x2ca34  [ 75A69CA9998577F8B2BE8695040E5DF4, E7C835DEAEDFB2CAC1FBA055B30D97B525B8909947B1206C440FE67C157D0746 ] comHost         c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
02:03:16.0351 0x2ca34  comHost - ok
02:03:16.0391 0x2ca34  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
02:03:16.0491 0x2ca34  Compbatt - ok
02:03:16.0501 0x2ca34  COMSysApp - ok
02:03:16.0541 0x2ca34  [ 73F5D6835BFA66019C03E316D99649DA, C88200E31F35BBDAC9C2FEF7257F5CD30299AD819B02BE784D4692C369F9D014 ] CO_Mon          C:\Windows\system32\drivers\CO_Mon.sys
02:03:16.0621 0x2ca34  CO_Mon - ok
02:03:16.0651 0x2ca34  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
02:03:16.0701 0x2ca34  crcdisk - ok
02:03:16.0731 0x2ca34  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
02:03:16.0801 0x2ca34  Crusoe - ok
02:03:16.0841 0x2ca34  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:03:16.0891 0x2ca34  CryptSvc - ok
02:03:16.0961 0x2ca34  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:03:17.0171 0x2ca34  DcomLaunch - ok
02:03:17.0211 0x2ca34  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:03:17.0291 0x2ca34  DfsC - ok
02:03:17.0401 0x2ca34  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
02:03:17.0811 0x2ca34  DFSR - ok
02:03:17.0881 0x2ca34  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
02:03:18.0021 0x2ca34  Dhcp - ok
02:03:18.0081 0x2ca34  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
02:03:18.0121 0x2ca34  disk - ok
02:03:18.0171 0x2ca34  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:03:18.0481 0x2ca34  Dnscache - ok
02:03:18.0511 0x2ca34  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
02:03:18.0591 0x2ca34  dot3svc - ok
02:03:18.0631 0x2ca34  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
02:03:18.0751 0x2ca34  DPS - ok
02:03:18.0791 0x2ca34  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:03:18.0911 0x2ca34  drmkaud - ok
02:03:18.0991 0x2ca34  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:03:19.0091 0x2ca34  DXGKrnl - ok
02:03:19.0221 0x2ca34  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
02:03:19.0321 0x2ca34  E1G60 - ok
02:03:19.0341 0x2ca34  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
02:03:19.0411 0x2ca34  EapHost - ok
02:03:19.0481 0x2ca34  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
02:03:19.0541 0x2ca34  Ecache - ok
02:03:19.0581 0x2ca34  [ 08EE8892FD19A6A951F40254E97F6EF3, 76F19B49DDC7B1CD7839BF0DF6A417F2DD756C924931F39291BC1D25A3C6077D ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:03:19.0661 0x2ca34  eeCtrl - ok
02:03:19.0801 0x2ca34  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
02:03:20.0071 0x2ca34  ehRecvr - ok
02:03:20.0131 0x2ca34  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
02:03:20.0341 0x2ca34  ehSched - ok
02:03:20.0361 0x2ca34  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
02:03:20.0471 0x2ca34  ehstart - ok
02:03:20.0531 0x2ca34  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
02:03:20.0631 0x2ca34  elxstor - ok
02:03:20.0731 0x2ca34  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
02:03:20.0931 0x2ca34  EMDMgmt - ok
02:03:20.0991 0x2ca34  [ 050D136C61DBCF36C257206ADBBEC009, 0FD13A4B43534ABF84B637F0749AED30CAF8EB2A50C0ABE70B76608AEE925A30 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:03:21.0031 0x2ca34  EraserUtilRebootDrv - ok
02:03:21.0071 0x2ca34  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
02:03:21.0171 0x2ca34  ErrDev - ok
02:03:21.0241 0x2ca34  [ 4D06D9A26227AC485305133916888DF1, CBBCED63666DD5965A7F0B4577995FBD347B38F5391DC5429CAFC1CF3A4C2B1E ] ETService       C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
02:03:21.0281 0x2ca34  ETService - detected UnsignedFile.Multi.Generic ( 1 )
02:03:21.0441 0x2ca34  Detect skipped due to KSN trusted
02:03:21.0441 0x2ca34  ETService - ok
02:03:21.0521 0x2ca34  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
02:03:21.0621 0x2ca34  EventSystem - ok
02:03:21.0681 0x2ca34  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
02:03:21.0851 0x2ca34  exfat - ok
02:03:21.0901 0x2ca34  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:03:22.0021 0x2ca34  fastfat - ok
02:03:22.0071 0x2ca34  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
02:03:22.0151 0x2ca34  fdc - ok
02:03:22.0201 0x2ca34  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
02:03:22.0311 0x2ca34  fdPHost - ok
02:03:22.0341 0x2ca34  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:03:22.0481 0x2ca34  FDResPub - ok
02:03:22.0521 0x2ca34  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:03:22.0601 0x2ca34  FileInfo - ok
02:03:22.0671 0x2ca34  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:03:22.0811 0x2ca34  Filetrace - ok
02:03:22.0841 0x2ca34  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
02:03:22.0941 0x2ca34  flpydisk - ok
02:03:22.0981 0x2ca34  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:03:23.0061 0x2ca34  FltMgr - ok
02:03:23.0141 0x2ca34  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
02:03:23.0331 0x2ca34  FontCache - ok
02:03:23.0451 0x2ca34  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:03:23.0541 0x2ca34  FontCache3.0.0.0 - ok
02:03:23.0631 0x2ca34  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:03:23.0771 0x2ca34  Fs_Rec - ok
02:03:23.0811 0x2ca34  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
02:03:23.0851 0x2ca34  gagp30kx - ok
02:03:24.0041 0x2ca34  [ 338700E2C721DFCC932C4CC9D175DD70, E71A4CF3706655955EE5694371263B54D5FC0D0FD387687247D6F3BF55CDEAB1 ] GamesAppIntegrationService C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
02:03:24.0281 0x2ca34  GamesAppIntegrationService - ok
02:03:24.0361 0x2ca34  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
02:03:24.0541 0x2ca34  GamesAppService - ok
02:03:24.0661 0x2ca34  [ 876D29312C0A297EEE28F3DA30A994E8, 09FD1AA8BA3BD8222CAB1FB915EF673D7A1C1604B0D7E78AB5F3A965D9D94886 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
02:03:24.0731 0x2ca34  Garmin Core Update Service - ok
02:03:24.0781 0x2ca34  [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
02:03:24.0821 0x2ca34  GEARAspiWDM - ok
02:03:24.0951 0x2ca34  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
02:03:25.0001 0x2ca34  GoogleDesktopManager-051210-111108 - ok
02:03:25.0121 0x2ca34  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
02:03:25.0251 0x2ca34  gpsvc - ok
02:03:25.0301 0x2ca34  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
02:03:25.0351 0x2ca34  gupdate - ok
02:03:25.0361 0x2ca34  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
02:03:25.0401 0x2ca34  gupdatem - ok
02:03:25.0501 0x2ca34  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:03:25.0561 0x2ca34  gusvc - ok
02:03:25.0621 0x2ca34  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:03:25.0761 0x2ca34  HdAudAddService - ok
02:03:25.0801 0x2ca34  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
02:03:25.0961 0x2ca34  HDAudBus - ok
02:03:25.0991 0x2ca34  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
02:03:26.0071 0x2ca34  HidBth - ok
02:03:26.0121 0x2ca34  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
02:03:26.0231 0x2ca34  HidIr - ok
02:03:26.0251 0x2ca34  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
02:03:26.0341 0x2ca34  hidserv - ok
02:03:26.0371 0x2ca34  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
02:03:26.0521 0x2ca34  HidUsb - ok
02:03:26.0541 0x2ca34  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:03:26.0611 0x2ca34  hkmsvc - ok
02:03:26.0651 0x2ca34  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
02:03:26.0711 0x2ca34  HpCISSs - ok
02:03:26.0761 0x2ca34  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:03:26.0931 0x2ca34  HTTP - ok
02:03:26.0951 0x2ca34  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
02:03:26.0991 0x2ca34  i2omp - ok
02:03:27.0021 0x2ca34  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
02:03:27.0101 0x2ca34  i8042prt - ok
02:03:27.0191 0x2ca34  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
02:03:27.0281 0x2ca34  iaStorV - ok
02:03:27.0361 0x2ca34  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:03:27.0631 0x2ca34  idsvc - ok
02:03:27.0811 0x2ca34  [ F85DC24DAFA76237722FE38B3196C61A, 5A58B986E0C339F943FFB61929222F7DD4C6E5564B36D280041F3FEF6F2DEBB7 ] IDSvix86        C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20140129.003\IDSvix86.sys
02:03:27.0851 0x2ca34  IDSvix86 - ok
02:03:27.0881 0x2ca34  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
02:03:27.0971 0x2ca34  iirsp - ok
02:03:28.0131 0x2ca34  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
02:03:28.0291 0x2ca34  IKEEXT - ok
02:03:28.0361 0x2ca34  [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15           C:\Windows\system32\drivers\int15.sys
02:03:28.0461 0x2ca34  int15 - ok
02:03:28.0591 0x2ca34  [ 23EBCEE9AAA4D6C88728791FAB462456, 0D4FD37930F96B5FD93A4B8996A1544FF665AA7ABC3D14563CCEEC3E657E892D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
02:03:29.0121 0x2ca34  IntcAzAudAddService - ok
02:03:29.0181 0x2ca34  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
02:03:29.0271 0x2ca34  intelide - ok
02:03:29.0301 0x2ca34  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:03:29.0371 0x2ca34  intelppm - ok
02:03:29.0401 0x2ca34  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:03:29.0481 0x2ca34  IPBusEnum - ok
02:03:29.0511 0x2ca34  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:03:29.0651 0x2ca34  IpFilterDriver - ok
02:03:29.0691 0x2ca34  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:03:29.0861 0x2ca34  iphlpsvc - ok
02:03:29.0871 0x2ca34  IpInIp - ok
02:03:29.0911 0x2ca34  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
02:03:30.0011 0x2ca34  IPMIDRV - ok
02:03:30.0031 0x2ca34  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
02:03:30.0101 0x2ca34  IPNAT - ok
02:03:30.0161 0x2ca34  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:03:30.0211 0x2ca34  IRENUM - ok
02:03:30.0251 0x2ca34  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:03:30.0281 0x2ca34  isapnp - ok
02:03:30.0331 0x2ca34  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
02:03:30.0381 0x2ca34  iScsiPrt - ok
02:03:30.0411 0x2ca34  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
02:03:30.0461 0x2ca34  iteatapi - ok
02:03:30.0481 0x2ca34  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
02:03:30.0591 0x2ca34  iteraid - ok
02:03:30.0631 0x2ca34  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
02:03:30.0821 0x2ca34  kbdclass - ok
02:03:30.0851 0x2ca34  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
02:03:30.0931 0x2ca34  kbdhid - ok
02:03:30.0971 0x2ca34  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
02:03:31.0101 0x2ca34  KeyIso - ok
02:03:31.0171 0x2ca34  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:03:31.0261 0x2ca34  KSecDD - ok
02:03:31.0381 0x2ca34  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:03:31.0561 0x2ca34  KtmRm - ok
02:03:31.0601 0x2ca34  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
02:03:31.0681 0x2ca34  LanmanServer - ok
02:03:31.0721 0x2ca34  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:03:31.0811 0x2ca34  LanmanWorkstation - ok
02:03:31.0951 0x2ca34  [ 36375738DC0B3CD1F764268008E74FDF, 35993E2CD76365187042201128BC8FB445779594E824B42063E884B40399F9C6 ] LiveUpdate      c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
02:03:32.0161 0x2ca34  LiveUpdate - ok
02:03:32.0211 0x2ca34  [ 2F237AAB91497AAA03AF48EAE68758FC, 0701229112148F5A902FAFE3282192CAA89F50D7DF2AD9EF2AA5FE63DE9403A5 ] LiveUpdate Notice c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:03:32.0281 0x2ca34  LiveUpdate Notice - ok
02:03:32.0321 0x2ca34  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:03:32.0391 0x2ca34  lltdio - ok
02:03:32.0431 0x2ca34  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:03:32.0571 0x2ca34  lltdsvc - ok
02:03:32.0591 0x2ca34  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:03:32.0671 0x2ca34  lmhosts - ok
02:03:32.0731 0x2ca34  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
02:03:32.0781 0x2ca34  LSI_FC - ok
02:03:32.0801 0x2ca34  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
02:03:32.0851 0x2ca34  LSI_SAS - ok
02:03:32.0871 0x2ca34  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
02:03:33.0001 0x2ca34  LSI_SCSI - ok
02:03:33.0041 0x2ca34  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
02:03:33.0101 0x2ca34  luafv - ok
02:03:33.0121 0x2ca34  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
02:03:33.0171 0x2ca34  Mcx2Svc - ok
02:03:33.0261 0x2ca34  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
02:03:33.0331 0x2ca34  MDM - ok
02:03:33.0381 0x2ca34  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
02:03:33.0461 0x2ca34  megasas - ok
02:03:33.0491 0x2ca34  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
02:03:33.0621 0x2ca34  MegaSR - ok
02:03:33.0641 0x2ca34  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
02:03:33.0701 0x2ca34  MMCSS - ok
02:03:33.0721 0x2ca34  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
02:03:33.0791 0x2ca34  Modem - ok
02:03:33.0821 0x2ca34  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:03:33.0911 0x2ca34  monitor - ok
02:03:33.0961 0x2ca34  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
02:03:34.0001 0x2ca34  mouclass - ok
02:03:34.0031 0x2ca34  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:03:34.0111 0x2ca34  mouhid - ok
02:03:34.0131 0x2ca34  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
02:03:34.0161 0x2ca34  MountMgr - ok
02:03:34.0261 0x2ca34  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
02:03:34.0331 0x2ca34  mpio - ok
02:03:34.0361 0x2ca34  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:03:34.0461 0x2ca34  mpsdrv - ok
02:03:34.0511 0x2ca34  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:03:34.0611 0x2ca34  MpsSvc - ok
02:03:34.0651 0x2ca34  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
02:03:34.0711 0x2ca34  Mraid35x - ok
02:03:34.0751 0x2ca34  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:03:34.0871 0x2ca34  MRxDAV - ok
02:03:34.0921 0x2ca34  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:03:35.0051 0x2ca34  mrxsmb - ok
02:03:35.0081 0x2ca34  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:03:35.0211 0x2ca34  mrxsmb10 - ok
02:03:35.0241 0x2ca34  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:03:35.0311 0x2ca34  mrxsmb20 - ok
02:03:35.0351 0x2ca34  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
02:03:35.0461 0x2ca34  msahci - ok
02:03:35.0501 0x2ca34  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
02:03:35.0571 0x2ca34  msdsm - ok
02:03:35.0631 0x2ca34  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
02:03:35.0811 0x2ca34  MSDTC - ok
02:03:35.0851 0x2ca34  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:03:35.0921 0x2ca34  Msfs - ok
02:03:35.0951 0x2ca34  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:03:35.0991 0x2ca34  msisadrv - ok
02:03:36.0031 0x2ca34  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:03:36.0081 0x2ca34  MSiSCSI - ok
02:03:36.0091 0x2ca34  msiserver - ok
02:03:36.0121 0x2ca34  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:03:36.0211 0x2ca34  MSKSSRV - ok
02:03:36.0281 0x2ca34  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:03:36.0341 0x2ca34  MSPCLOCK - ok
02:03:36.0351 0x2ca34  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:03:36.0421 0x2ca34  MSPQM - ok
02:03:36.0451 0x2ca34  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:03:36.0491 0x2ca34  MsRPC - ok
02:03:36.0531 0x2ca34  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
02:03:36.0561 0x2ca34  mssmbios - ok
02:03:36.0611 0x2ca34  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:03:36.0671 0x2ca34  MSTEE - ok
02:03:36.0711 0x2ca34  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
02:03:36.0831 0x2ca34  Mup - ok
02:03:36.0871 0x2ca34  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
02:03:36.0921 0x2ca34  napagent - ok
02:03:36.0961 0x2ca34  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:03:37.0011 0x2ca34  NativeWifiP - ok
02:03:37.0181 0x2ca34  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20140206.017\NAVENG.SYS
02:03:37.0261 0x2ca34  NAVENG - ok
02:03:37.0381 0x2ca34  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20140206.017\NAVEX15.SYS
02:03:37.0461 0x2ca34  NAVEX15 - ok
02:03:37.0621 0x2ca34  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:03:37.0851 0x2ca34  NDIS - ok
02:03:37.0881 0x2ca34  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:03:37.0951 0x2ca34  NdisTapi - ok
02:03:37.0981 0x2ca34  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:03:38.0041 0x2ca34  Ndisuio - ok
02:03:38.0111 0x2ca34  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:03:38.0171 0x2ca34  NdisWan - ok
02:03:38.0201 0x2ca34  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:03:38.0261 0x2ca34  NDProxy - ok
02:03:38.0281 0x2ca34  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:03:38.0411 0x2ca34  NetBIOS - ok
02:03:38.0461 0x2ca34  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
02:03:38.0661 0x2ca34  netbt - ok
02:03:38.0691 0x2ca34  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
02:03:38.0751 0x2ca34  Netlogon - ok
02:03:38.0811 0x2ca34  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
02:03:38.0971 0x2ca34  Netman - ok
02:03:39.0051 0x2ca34  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:03:39.0131 0x2ca34  NetMsmqActivator - ok
02:03:39.0141 0x2ca34  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:03:39.0211 0x2ca34  NetPipeActivator - ok
02:03:39.0251 0x2ca34  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
02:03:39.0401 0x2ca34  netprofm - ok
02:03:39.0411 0x2ca34  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:03:39.0451 0x2ca34  NetTcpActivator - ok
02:03:39.0461 0x2ca34  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:03:39.0511 0x2ca34  NetTcpPortSharing - ok
02:03:39.0551 0x2ca34  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
02:03:39.0581 0x2ca34  nfrd960 - ok
02:03:39.0631 0x2ca34  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:03:39.0671 0x2ca34  NlaSvc - ok
02:03:39.0701 0x2ca34  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:03:39.0761 0x2ca34  Npfs - ok
02:03:39.0791 0x2ca34  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
02:03:39.0861 0x2ca34  nsi - ok
02:03:39.0881 0x2ca34  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:03:40.0011 0x2ca34  nsiproxy - ok
02:03:40.0101 0x2ca34  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:03:40.0341 0x2ca34  Ntfs - ok
02:03:40.0371 0x2ca34  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
02:03:40.0461 0x2ca34  ntrigdigi - ok
02:03:40.0481 0x2ca34  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
02:03:40.0611 0x2ca34  Null - ok
02:03:40.0771 0x2ca34  [ C39AD3B818502EDFA4B819148B72A0E3, DB15B90EE15CD8B66BB514FFEBD171418C0691C5804F6DE818481BD35CE19C5A ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
02:03:40.0951 0x2ca34  NVENETFD - ok
02:03:41.0431 0x2ca34  [ 8B75F652726A2BA3197860F300514E3F, DB5DD9BA51B453361FF17780C81E4E8BA2989FE633A3BE34F4A31A31DF9326D2 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:03:42.0131 0x2ca34  nvlddmkm - ok
02:03:42.0231 0x2ca34  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:03:42.0301 0x2ca34  nvraid - ok
02:03:42.0341 0x2ca34  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:03:42.0381 0x2ca34  nvstor - ok
02:03:42.0451 0x2ca34  [ FA7B8ECA6E845B244B7E30A9DCD82C6C, CA1D5463C13596761B630314530AB12C7C63D6961ECCF2CD0409D58B6BE9C11E ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
02:03:42.0481 0x2ca34  nvstor32 - ok
02:03:42.0551 0x2ca34  [ 387DC341E2AED29EB8F67B6EE53BB43B, 391A6575D1FBF73E045FD3AA08979217D1B9C76C3554470E26B5021BB1EA9013 ] nvsvc           C:\Windows\system32\nvvsvc.exe
02:03:42.0681 0x2ca34  nvsvc - ok
02:03:42.0741 0x2ca34  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:03:42.0831 0x2ca34  nv_agp - ok
02:03:42.0841 0x2ca34  NwlnkFlt - ok
02:03:42.0851 0x2ca34  NwlnkFwd - ok
02:03:42.0911 0x2ca34  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:03:43.0091 0x2ca34  odserv - ok
02:03:43.0121 0x2ca34  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
02:03:43.0221 0x2ca34  ohci1394 - ok
02:03:43.0271 0x2ca34  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:03:43.0481 0x2ca34  ose - ok
02:03:43.0551 0x2ca34  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
02:03:43.0731 0x2ca34  p2pimsvc - ok
02:03:43.0761 0x2ca34  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:03:43.0881 0x2ca34  p2psvc - ok
02:03:43.0951 0x2ca34  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
02:03:44.0021 0x2ca34  Parport - ok
02:03:44.0051 0x2ca34  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:03:44.0091 0x2ca34  partmgr - ok
02:03:44.0131 0x2ca34  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
02:03:44.0301 0x2ca34  Parvdm - ok
02:03:44.0331 0x2ca34  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:03:44.0441 0x2ca34  PcaSvc - ok
02:03:44.0481 0x2ca34  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
02:03:44.0541 0x2ca34  pci - ok
02:03:44.0591 0x2ca34  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
02:03:44.0621 0x2ca34  pciide - ok
02:03:44.0691 0x2ca34  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
02:03:44.0731 0x2ca34  pcmcia - ok
02:03:44.0801 0x2ca34  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:03:44.0981 0x2ca34  PEAUTH - ok
02:03:45.0091 0x2ca34  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
02:03:45.0481 0x2ca34  pla - ok
02:03:45.0531 0x2ca34  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:03:45.0651 0x2ca34  PlugPlay - ok
02:03:45.0691 0x2ca34  [ 2B85237F904C5BDF7AD386F0EDE19BD3, 19492AEF03206F3875D875274AE9780075EA85968D586A296B4ED01E0455062B ] PMEM            C:\Windows\system32\drivers\pmemnt.sys
02:03:45.0721 0x2ca34  PMEM - detected UnsignedFile.Multi.Generic ( 1 )
02:03:45.0881 0x2ca34  Detect skipped due to KSN trusted
02:03:45.0881 0x2ca34  PMEM - ok
02:03:45.0961 0x2ca34  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
02:03:46.0031 0x2ca34  PNRPAutoReg - ok
02:03:46.0101 0x2ca34  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
02:03:46.0221 0x2ca34  PNRPsvc - ok
02:03:46.0321 0x2ca34  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:03:46.0461 0x2ca34  PolicyAgent - ok
02:03:46.0491 0x2ca34  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:03:46.0561 0x2ca34  PptpMiniport - ok
02:03:46.0591 0x2ca34  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
02:03:46.0641 0x2ca34  Processor - ok
02:03:46.0731 0x2ca34  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
02:03:46.0781 0x2ca34  ProfSvc - ok
02:03:46.0821 0x2ca34  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
02:03:46.0881 0x2ca34  ProtectedStorage - ok
02:03:46.0921 0x2ca34  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
02:03:46.0991 0x2ca34  PSched - ok
02:03:47.0051 0x2ca34  [ 25999297E5224CD3047A52D5AEA40A44, 33756ED9C921D96D0D3E2440D52A3C35E2ECCC597EB5EDBB1B999EE3DF7C1990 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
02:03:47.0091 0x2ca34  QBCFMonitorService - detected UnsignedFile.Multi.Generic ( 1 )
02:03:47.0791 0x2ca34  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
02:03:47.0791 0x2ca34  Force sending object to P2P due to detect: C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
02:03:48.0331 0x2ca34  Object send P2P result: true
02:03:48.0821 0x2ca34  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
02:03:48.0861 0x2ca34  QBFCService - detected UnsignedFile.Multi.Generic ( 1 )
02:03:49.0271 0x2ca34  Detect skipped due to KSN trusted
02:03:49.0271 0x2ca34  QBFCService - ok
02:03:49.0421 0x2ca34  [ 1F3EB5363F467AAD7CA467AE26D0E8C4, 9D0B39C0EB09918590190650A711A639F7186B60B2770C0CEE3DFE0DE60CABE9 ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
02:03:49.0661 0x2ca34  QBVSS - detected UnsignedFile.Multi.Generic ( 1 )
02:03:50.0001 0x2ca34  Detect skipped due to KSN trusted
02:03:50.0001 0x2ca34  QBVSS - ok
02:03:50.0151 0x2ca34  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
02:03:50.0331 0x2ca34  ql2300 - ok
02:03:50.0371 0x2ca34  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
02:03:50.0471 0x2ca34  ql40xx - ok
02:03:50.0551 0x2ca34  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
02:03:50.0641 0x2ca34  QWAVE - ok
02:03:50.0671 0x2ca34  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:03:50.0791 0x2ca34  QWAVEdrv - ok
02:03:50.0811 0x2ca34  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:03:50.0871 0x2ca34  RasAcd - ok
02:03:50.0901 0x2ca34  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
02:03:50.0961 0x2ca34  RasAuto - ok
02:03:50.0981 0x2ca34  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:03:51.0031 0x2ca34  Rasl2tp - ok
02:03:51.0101 0x2ca34  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
02:03:51.0231 0x2ca34  RasMan - ok
02:03:51.0261 0x2ca34  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:03:51.0321 0x2ca34  RasPppoe - ok
02:03:51.0361 0x2ca34  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:03:51.0431 0x2ca34  RasSstp - ok
02:03:51.0481 0x2ca34  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:03:51.0611 0x2ca34  rdbss - ok
02:03:51.0621 0x2ca34  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
02:03:51.0671 0x2ca34  RDPCDD - ok
02:03:51.0711 0x2ca34  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
02:03:51.0861 0x2ca34  rdpdr - ok
02:03:51.0901 0x2ca34  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
02:03:51.0971 0x2ca34  RDPENCDD - ok
02:03:52.0051 0x2ca34  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:03:52.0141 0x2ca34  RDPWD - ok
02:03:52.0231 0x2ca34  [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
02:03:52.0351 0x2ca34  RealNetworks Downloader Resolver Service - ok
02:03:52.0391 0x2ca34  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:03:52.0441 0x2ca34  RemoteAccess - ok
02:03:52.0501 0x2ca34  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:03:52.0561 0x2ca34  RemoteRegistry - ok
02:03:52.0601 0x2ca34  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
02:03:52.0661 0x2ca34  RpcLocator - ok
02:03:52.0771 0x2ca34  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
02:03:52.0831 0x2ca34  RpcSs - ok
02:03:52.0911 0x2ca34  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:03:52.0991 0x2ca34  rspndr - ok
02:03:53.0001 0x2ca34  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
02:03:53.0051 0x2ca34  SamSs - ok
02:03:53.0081 0x2ca34  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
02:03:53.0141 0x2ca34  sbp2port - ok
02:03:53.0191 0x2ca34  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:03:53.0281 0x2ca34  SCardSvr - ok
02:03:53.0331 0x2ca34  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
02:03:53.0471 0x2ca34  Schedule - ok
02:03:53.0501 0x2ca34  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:03:53.0541 0x2ca34  SCPolicySvc - ok
02:03:53.0591 0x2ca34  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:03:53.0681 0x2ca34  SDRSVC - ok
02:03:53.0721 0x2ca34  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:03:53.0851 0x2ca34  secdrv - ok
02:03:53.0911 0x2ca34  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
02:03:53.0961 0x2ca34  seclogon - ok
02:03:53.0981 0x2ca34  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
02:03:54.0031 0x2ca34  SENS - ok
02:03:54.0061 0x2ca34  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
02:03:54.0221 0x2ca34  Serenum - ok
02:03:54.0291 0x2ca34  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
02:03:54.0381 0x2ca34  Serial - ok
02:03:54.0411 0x2ca34  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
02:03:54.0481 0x2ca34  sermouse - ok
02:03:54.0541 0x2ca34  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
02:03:54.0651 0x2ca34  SessionEnv - ok
02:03:54.0691 0x2ca34  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
02:03:54.0751 0x2ca34  sffdisk - ok
02:03:54.0781 0x2ca34  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
02:03:54.0901 0x2ca34  sffp_mmc - ok
02:03:54.0931 0x2ca34  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
02:03:55.0061 0x2ca34  sffp_sd - ok
02:03:55.0081 0x2ca34  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
02:03:55.0181 0x2ca34  sfloppy - ok
02:03:55.0211 0x2ca34  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:03:55.0451 0x2ca34  SharedAccess - ok
02:03:55.0501 0x2ca34  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:03:55.0731 0x2ca34  ShellHWDetection - ok
02:03:55.0761 0x2ca34  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
02:03:55.0841 0x2ca34  sisagp - ok
02:03:55.0861 0x2ca34  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
02:03:55.0901 0x2ca34  SiSRaid2 - ok
02:03:55.0951 0x2ca34  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
02:03:56.0011 0x2ca34  SiSRaid4 - ok
02:03:56.0251 0x2ca34  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
02:03:56.0811 0x2ca34  slsvc - ok
02:03:56.0861 0x2ca34  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
02:03:56.0971 0x2ca34  SLUINotify - ok
02:03:57.0011 0x2ca34  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
02:03:57.0171 0x2ca34  Smb - ok
02:03:57.0251 0x2ca34  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:03:57.0331 0x2ca34  SNMPTRAP - ok
02:03:57.0581 0x2ca34  [ DC4DC886D3779C446F9B0E9D6B006E72, 66FBAD89B85C965D333CA5E8CE16BD33C1F25EA6A884C7E6360A9F3F4E85CE76 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
02:03:57.0651 0x2ca34  SPBBCDrv - ok
02:03:57.0701 0x2ca34  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
02:03:57.0741 0x2ca34  spldr - ok
02:03:57.0801 0x2ca34  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
02:03:57.0911 0x2ca34  Spooler - ok
02:03:57.0951 0x2ca34  [ E0E54A571D4323567E95E11FE76A5FF3, D76252AD00CAAFF79E7965454C1F11F9D5C4AD5A7E510D94CBD4C0151D50EB76 ] SRTSP           C:\Windows\system32\Drivers\SRTSP.SYS
02:03:58.0021 0x2ca34  SRTSP - ok
02:03:58.0091 0x2ca34  [ 4E44F0E22DF824D318988CAA6F321C30, 5056810D1B46112EF0CDED38FAB71C4876D3226E96D884BE9B74C8A99009DF4C ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL.SYS
02:03:58.0141 0x2ca34  SRTSPL - ok
02:03:58.0181 0x2ca34  [ D3BB40427CF3D02E56BBA97FEDA0A3AA, 6FA9956522F7B4DB2B8D75281BA3F76ECFC2DE6C29B68025E8911A4FABE5F9A7 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX.SYS
02:03:58.0221 0x2ca34  SRTSPX - ok
02:03:58.0351 0x2ca34  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:03:58.0471 0x2ca34  srv - ok
02:03:58.0581 0x2ca34  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:03:58.0671 0x2ca34  srv2 - ok
02:03:58.0721 0x2ca34  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:03:58.0761 0x2ca34  srvnet - ok
02:03:58.0811 0x2ca34  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:03:58.0961 0x2ca34  SSDPSRV - ok
02:03:58.0991 0x2ca34  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:03:59.0041 0x2ca34  SstpSvc - ok
02:03:59.0081 0x2ca34  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
02:03:59.0151 0x2ca34  StillCam - ok
02:03:59.0311 0x2ca34  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
02:03:59.0431 0x2ca34  stisvc - ok
02:03:59.0471 0x2ca34  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
02:03:59.0501 0x2ca34  swenum - ok
02:03:59.0561 0x2ca34  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
02:03:59.0661 0x2ca34  swprv - ok
02:03:59.0901 0x2ca34  [ 438FAFE708C93B2236FC26B6F2BD5FD0, 9A9071ACFB1CEE00A20F48492C344858BB3997B870A3DF3A5F67A46E0B2E84BE ] Symantec Core LC C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
02:04:00.0081 0x2ca34  Symantec Core LC - ok
02:04:00.0101 0x2ca34  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
02:04:00.0131 0x2ca34  Symc8xx - ok
02:04:00.0171 0x2ca34  [ FE9F8B3A8BC22D85332B42E92308DDF9, A066A7D6B5C83D8D92B9D06AE0C7EFB921CA2E830EE11C2F36321DB905EDE83C ] SYMDNS          C:\Windows\System32\Drivers\SYMDNS.SYS
02:04:00.0221 0x2ca34  SYMDNS - ok
02:04:00.0271 0x2ca34  [ 06B95820DF51502099A8A15C93E87986, 77F70B2A8B84882840DEFA89D6037EF16E8BF5EADB7D089DD2374C12290D17A5 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
02:04:00.0311 0x2ca34  SymEvent - ok
02:04:00.0341 0x2ca34  [ A0EA9D273889E53CFAABF2444692CCBF, 6F35904A645B96B8D8A100EE8D76257844F360F5113091ADAF407006EAC228B5 ] SYMFW           C:\Windows\System32\Drivers\SYMFW.SYS
02:04:00.0381 0x2ca34  SYMFW - ok
02:04:00.0431 0x2ca34  [ 8EAB28DD6CD25355B951AE460FA86B48, 251512262B84C23CDF2977E975C8280ECFF52FC6D89CC379FB81489AB4F1B9D8 ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
02:04:00.0531 0x2ca34  SymIM - ok
02:04:00.0581 0x2ca34  [ C94EACA4B522012EE0691F1E79C42A7D, 10ADF60B1639725FCFBCD87E457EEC160EA18083E5E9AB5DB84123001732AED0 ] SYMNDISV        C:\Windows\System32\Drivers\SYMNDISV.SYS
02:04:00.0651 0x2ca34  SYMNDISV - ok
02:04:00.0681 0x2ca34  [ 7C6505EA598E58099D3B7E1F70426864, 02F56399A78A7D43C19F08A7C3213CFFFE46D372698DDA91034F7EF5B1F3C63E ] SYMREDRV        C:\Windows\System32\Drivers\SYMREDRV.SYS
02:04:00.0721 0x2ca34  SYMREDRV - ok
02:04:00.0751 0x2ca34  [ E6FF7ACE71D07CA90119F2C6AB592BA4, 3FC7B52FE6136A3BEBDDA1E2E59EA3BE2A8C24C7D75B6736AD452D0D6DF9508F ] SYMTDI          C:\Windows\System32\Drivers\SYMTDI.SYS
02:04:00.0841 0x2ca34  SYMTDI - ok
02:04:00.0891 0x2ca34  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
02:04:00.0961 0x2ca34  Sym_hi - ok
02:04:00.0981 0x2ca34  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
02:04:01.0021 0x2ca34  Sym_u3 - ok
02:04:01.0131 0x2ca34  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
02:04:01.0241 0x2ca34  SysMain - ok
02:04:01.0291 0x2ca34  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:04:01.0381 0x2ca34  TabletInputService - ok
02:04:01.0431 0x2ca34  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:04:01.0551 0x2ca34  TapiSrv - ok
02:04:01.0581 0x2ca34  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
02:04:01.0641 0x2ca34  TBS - ok
02:04:01.0791 0x2ca34  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:04:01.0931 0x2ca34  Tcpip - ok
02:04:02.0001 0x2ca34  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
02:04:02.0091 0x2ca34  Tcpip6 - ok
02:04:02.0141 0x2ca34  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:04:02.0261 0x2ca34  tcpipreg - ok
02:04:02.0291 0x2ca34  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
02:04:02.0411 0x2ca34  TDPIPE - ok
02:04:02.0431 0x2ca34  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
02:04:02.0481 0x2ca34  TDTCP - ok
02:04:02.0551 0x2ca34  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:04:02.0651 0x2ca34  tdx - ok
02:04:02.0691 0x2ca34  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
02:04:02.0761 0x2ca34  TermDD - ok
02:04:02.0841 0x2ca34  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
02:04:03.0021 0x2ca34  TermService - ok
02:04:03.0061 0x2ca34  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
02:04:03.0091 0x2ca34  Themes - ok
02:04:03.0121 0x2ca34  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
02:04:03.0161 0x2ca34  THREADORDER - ok
02:04:03.0251 0x2ca34  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
02:04:03.0371 0x2ca34  TrkWks - ok
02:04:03.0481 0x2ca34  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:04:03.0631 0x2ca34  TrustedInstaller - ok
02:04:03.0671 0x2ca34  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
02:04:03.0751 0x2ca34  tssecsrv - ok
02:04:03.0791 0x2ca34  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
02:04:03.0851 0x2ca34  tunmp - ok
02:04:03.0881 0x2ca34  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:04:03.0951 0x2ca34  tunnel - ok
02:04:03.0981 0x2ca34  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
02:04:04.0051 0x2ca34  uagp35 - ok
02:04:04.0121 0x2ca34  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:04:04.0241 0x2ca34  udfs - ok
02:04:04.0301 0x2ca34  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:04:04.0401 0x2ca34  UI0Detect - ok
02:04:04.0441 0x2ca34  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
02:04:04.0501 0x2ca34  uliagpkx - ok
02:04:04.0551 0x2ca34  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
02:04:04.0651 0x2ca34  uliahci - ok
02:04:04.0671 0x2ca34  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
02:04:04.0731 0x2ca34  UlSata - ok
02:04:04.0771 0x2ca34  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
02:04:04.0821 0x2ca34  ulsata2 - ok
02:04:04.0861 0x2ca34  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
02:04:04.0951 0x2ca34  umbus - ok
02:04:04.0981 0x2ca34  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
02:04:05.0151 0x2ca34  upnphost - ok
02:04:05.0221 0x2ca34  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
02:04:05.0291 0x2ca34  usbccgp - ok
02:04:05.0341 0x2ca34  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
02:04:05.0451 0x2ca34  usbcir - ok
02:04:05.0581 0x2ca34  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
02:04:05.0651 0x2ca34  usbehci - ok
02:04:05.0691 0x2ca34  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
02:04:05.0841 0x2ca34  usbhub - ok
02:04:05.0881 0x2ca34  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
02:04:05.0941 0x2ca34  usbohci - ok
02:04:05.0981 0x2ca34  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
02:04:06.0071 0x2ca34  usbprint - ok
02:04:06.0111 0x2ca34  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
02:04:06.0191 0x2ca34  usbscan - ok
02:04:06.0221 0x2ca34  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:04:06.0291 0x2ca34  USBSTOR - ok
02:04:06.0321 0x2ca34  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
02:04:06.0381 0x2ca34  usbuhci - ok
02:04:06.0421 0x2ca34  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
02:04:06.0491 0x2ca34  UxSms - ok
02:04:06.0571 0x2ca34  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
02:04:06.0751 0x2ca34  vds - ok
02:04:06.0811 0x2ca34  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
02:04:06.0941 0x2ca34  vga - ok
02:04:06.0971 0x2ca34  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
02:04:07.0031 0x2ca34  VgaSave - ok
02:04:07.0091 0x2ca34  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
02:04:07.0121 0x2ca34  viaagp - ok
02:04:07.0151 0x2ca34  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
02:04:07.0261 0x2ca34  ViaC7 - ok
02:04:07.0321 0x2ca34  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
02:04:07.0421 0x2ca34  viaide - ok
02:04:07.0481 0x2ca34  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
02:04:07.0541 0x2ca34  volmgr - ok
02:04:07.0601 0x2ca34  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:04:07.0651 0x2ca34  volmgrx - ok
02:04:07.0741 0x2ca34  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
02:04:07.0781 0x2ca34  volsnap - ok
02:04:07.0831 0x2ca34  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
02:04:07.0861 0x2ca34  vsmraid - ok
02:04:08.0041 0x2ca34  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
02:04:08.0241 0x2ca34  VSS - ok
02:04:08.0291 0x2ca34  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
02:04:08.0431 0x2ca34  W32Time - ok
02:04:08.0451 0x2ca34  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
02:04:08.0551 0x2ca34  WacomPen - ok
02:04:08.0571 0x2ca34  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
02:04:08.0751 0x2ca34  Wanarp - ok
02:04:08.0781 0x2ca34  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:04:08.0831 0x2ca34  Wanarpv6 - ok
02:04:08.0971 0x2ca34  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:04:09.0051 0x2ca34  wcncsvc - ok
02:04:09.0121 0x2ca34  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:04:09.0191 0x2ca34  WcsPlugInService - ok
02:04:09.0221 0x2ca34  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
02:04:09.0251 0x2ca34  Wd - ok
02:04:09.0381 0x2ca34  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:04:09.0531 0x2ca34  Wdf01000 - ok
02:04:09.0571 0x2ca34  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:04:09.0661 0x2ca34  WdiServiceHost - ok
02:04:09.0681 0x2ca34  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:04:09.0741 0x2ca34  WdiSystemHost - ok
02:04:09.0821 0x2ca34  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
02:04:09.0871 0x2ca34  WebClient - ok
02:04:09.0891 0x2ca34  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:04:09.0961 0x2ca34  Wecsvc - ok
02:04:10.0001 0x2ca34  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:04:10.0081 0x2ca34  wercplsupport - ok
02:04:10.0141 0x2ca34  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:04:10.0221 0x2ca34  WerSvc - ok
02:04:10.0341 0x2ca34  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
02:04:10.0421 0x2ca34  WinDefend - ok
02:04:10.0441 0x2ca34  WinHttpAutoProxySvc - ok
02:04:10.0561 0x2ca34  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:04:10.0611 0x2ca34  Winmgmt - ok
02:04:10.0761 0x2ca34  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
02:04:10.0981 0x2ca34  WinRM - ok
02:04:11.0051 0x2ca34  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
02:04:11.0231 0x2ca34  Wlansvc - ok
02:04:11.0441 0x2ca34  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:04:12.0041 0x2ca34  wlidsvc - ok
02:04:12.0091 0x2ca34  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
02:04:12.0181 0x2ca34  WmiAcpi - ok
02:04:12.0251 0x2ca34  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:04:12.0421 0x2ca34  wmiApSrv - ok
02:04:12.0651 0x2ca34  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
02:04:13.0041 0x2ca34  WMPNetworkSvc - ok
02:04:13.0121 0x2ca34  [ 017695393AFFFED8DE58ABD1B085BE6D, 447D65499426A745A85289F3EB7CABBC0CC64D2C6B60D612ED34885CFF94B765 ] WMZuneComm      c:\Program Files\Zune\WMZuneComm.exe
02:04:13.0261 0x2ca34  WMZuneComm - ok
02:04:13.0321 0x2ca34  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:04:13.0401 0x2ca34  WPCSvc - ok
02:04:13.0451 0x2ca34  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:04:13.0541 0x2ca34  WPDBusEnum - ok
02:04:13.0741 0x2ca34  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:04:13.0941 0x2ca34  WPFFontCache_v0400 - ok
02:04:13.0991 0x2ca34  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:04:14.0091 0x2ca34  ws2ifsl - ok
02:04:14.0201 0x2ca34  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
02:04:14.0291 0x2ca34  wscsvc - ok
02:04:14.0311 0x2ca34  WSearch - ok
02:04:14.0411 0x2ca34  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
02:04:14.0571 0x2ca34  wuauserv - ok
02:04:14.0671 0x2ca34  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:04:14.0731 0x2ca34  WudfPf - ok
02:04:14.0761 0x2ca34  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
02:04:14.0831 0x2ca34  WUDFRd - ok
02:04:14.0861 0x2ca34  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:04:14.0961 0x2ca34  wudfsvc - ok
02:04:15.0061 0x2ca34  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:04:15.0411 0x2ca34  YahooAUService - ok
02:04:15.0761 0x2ca34  [ 1076DF9ADE4E13EA3BF39D2165AEB903, 2CC94E658D02A97D8C02D7748F30A87AD16005720EBE29B7D55B80012BBA63A2 ] ZuneNetworkSvc  c:\Program Files\Zune\ZuneNss.exe
02:04:16.0541 0x2ca34  ZuneNetworkSvc - ok
02:04:16.0681 0x2ca34  [ DE1CDB333A402B279F04D627122FA08E, 4ACBC70BBF67F1DE4375543EE3F0D08C9FFCE6736A437E8B237D593F00DD3888 ] ZuneWlanCfgSvc  c:\Program Files\Zune\ZuneWlanCfgSvc.exe
02:04:16.0781 0x2ca34  ZuneWlanCfgSvc - ok
02:04:16.0801 0x2ca34  ================ Scan global ===============================
02:04:16.0841 0x2ca34  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
02:04:16.0981 0x2ca34  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
02:04:17.0061 0x2ca34  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
02:04:17.0111 0x2ca34  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
02:04:17.0181 0x2ca34  [ Global ] - ok
02:04:17.0181 0x2ca34  ================ Scan MBR ==================================
02:04:17.0201 0x2ca34  [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0
02:04:20.0981 0x2ca34  \Device\Harddisk0\DR0 - ok
02:04:20.0981 0x2ca34  ================ Scan VBR ==================================
02:04:21.0071 0x2ca34  [ 3194B7B718CD98097DE9BDB40807F074 ] \Device\Harddisk0\DR0\Partition1
02:04:21.0081 0x2ca34  \Device\Harddisk0\DR0\Partition1 - ok
02:04:21.0181 0x2ca34  AV detected via SS2: Norton 360, c:\Program Files\Norton 360\MainStub.exe ( 2.4.0.0 ), 0x51000 ( enabled : updated )
02:04:21.0191 0x2ca34  FW detected via SS2: Norton 360, c:\Program Files\Norton 360\MainStub.exe ( 2.4.0.0 ), 0x51010 ( enabled )
02:04:21.0601 0x2ca34  ============================================================
02:04:21.0601 0x2ca34  Scan finished
02:04:21.0601 0x2ca34  ============================================================
02:04:21.0621 0x2d428  Detected object count: 1
02:04:21.0621 0x2d428  Actual detected object count: 1
02:05:07.0651 0x2d428  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
02:05:07.0651 0x2d428  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:09:30.0191 0x2ee40  Deinitialize success
 



#4 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 07 February 2014 - 04:22 AM

ComboFix 14-02-05.02 - SHIELA 02/07/2014   2:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1485 [GMT -6:00]
Running from: c:\users\SHIELA\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SHIELA\AppData\Local\TBHostSupport
c:\users\SHIELA\AppData\Local\TBHostSupport\TBHostSupport.dll
c:\users\SHIELA\AppData\Roaming\avbase.dat
c:\users\SHIELA\Desktop\Internet Security.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Update.bat
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-07 to 2014-02-07  )))))))))))))))))))))))))))))))
.
.
2014-02-07 09:07 . 2014-02-07 09:08 -------- d-----w- c:\users\SHIELA\AppData\Local\temp
2014-02-07 09:07 . 2014-02-07 09:07 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-02-07 09:07 . 2014-02-07 09:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-07 09:07 . 2014-02-07 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-07 08:36 . 2014-02-07 08:36 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2014-01-31 14:19 . 2014-01-31 14:19 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-29 09:05 . 2014-01-29 09:05 -------- d-----w- c:\windows\Migration
2014-01-24 20:01 . 2014-01-24 20:01 -------- d-----w- c:\users\SHIELA\AppData\Local\NativeMessaging
2014-01-24 20:01 . 2014-01-24 20:01 -------- d-----w- c:\users\SHIELA\AppData\Local\WhiteListing
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 01:26 . 2012-09-27 15:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 01:26 . 2011-05-28 12:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-14 22:50 . 2013-12-12 09:03 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-12 09:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-12 09:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 09:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 09:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-12 09:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-11-08 1095000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Updater"="c:\programdata\Updater\updater.exe" [2013-12-18 486264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-25 988512]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-11-08 2829624]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-8 6282040]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-11-8 1176904]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE -silent [2013-11-8 1182024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^SHIELA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\SHIELA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^SHIELA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\SHIELA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 03:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-07-25 16:20 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 01:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-11-24 05:05 6497592 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-11-21 15:17 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-23 18:25 6183456 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-07-23 18:29 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 12:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-09 09:43 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-06-12 04:18 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00770473
*NewlyCreated* - 63279738
*NewlyCreated* - 99868368
*NewlyCreated* - COMHOST
*Deregistered* - 00770473
*Deregistered* - 63279738
*Deregistered* - 99868368
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 16:08 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 01:27]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:14]
.
2014-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.14news.com/
mStart Page = hxxp://www.google.com
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-uftivl - c:\programdata\uftivl.dat
HKCU-Run-fkldhx - c:\programdata\fkldhx.dat
HKCU-Run-TBHostSupport - c:\users\SHIELA\AppData\Local\TBHostSupport\TBHostSupport.dll
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Update - c:\users\SHIELA\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-wabEventSupport16 - c:\users\SHIELA\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-DSite - c:\users\SHIELA\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-PDF Reader - c:\users\SHIELA\PDFReader\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-07 03:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
? [45212]
? [59664]
? [51384]
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-02-07  03:10:47
ComboFix-quarantined-files.txt  2014-02-07 09:10
.
Pre-Run: 204,575,694,848 bytes free
Post-Run: 208,067,862,528 bytes free
.
- - End Of File - - B769B404B0E293793282C7BA3BE25BED
8C9F9E03865C35F0F3829A23CDA42F5D
 



#5 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 07 February 2014 - 04:47 AM

seems to be ok now ...  only one thing I noticed (in my short 10 minute test period).  I have to press that ctrl key to open a link from a google search, otherwise it won't open at all.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:01 PM

Posted 07 February 2014 - 11:02 AM

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 07 February 2014 - 01:52 PM

# AdwCleaner v3.018 - Report created 07/02/2014 at 12:47:56
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : SHIELA - OFFICEPC
# Running from : C:\Users\SHIELA\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\System32\Tasks\LyricsContainer Update
File Found : C:\Windows\System32\Tasks\Plus-HD-1.6-chromeinstaller
File Found : C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
File Found : C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
File Found : C:\Windows\System32\Tasks\Plus-HD-1.6-updater
Folder Found : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\Users\SHIELA\AppData\Local\DefineExt
Folder Found C:\Users\SHIELA\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\LyricsContainer Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-1.6-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-1.6-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-1.6-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-1.6-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\LyricsContainer Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-1.6-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-1.6-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-1.6-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-1.6-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsContainer Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-updater
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : HKLM\Software\Updater By Sweetpacks
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Google Chrome v27.0.1453.116

[ File : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : search_url
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [4819 octets] - [07/02/2014 12:47:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4879 octets] ##########



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:01 PM

Posted 07 February 2014 - 11:17 PM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 09 February 2014 - 05:14 PM

I didn't do the windows thing yet ... doing it now.  I had to run and didn't want to leave it unattended.  I did run the clean just didn't post it afterward ... so here it is.   Off to run the windows thing.

 

# AdwCleaner v3.018 - Report created 07/02/2014 at 12:54:12
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : SHIELA - OFFICEPC
# Running from : C:\Users\SHIELA\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Users\SHIELA\AppData\Local\DefineExt
Folder Deleted : C:\Users\SHIELA\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\LyricsContainer Update
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-chromeinstaller
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDB07B40-EA36-42C5-A0EF-DD20F3A68DC3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDB07B40-EA36-42C5-A0EF-DD20F3A68DC3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsContainer Update
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C17C06A7-08B7-4028-A4F1-D0E30AA1EFF6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C17C06A7-08B7-4028-A4F1-D0E30AA1EFF6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-chromeinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6694F91-5194-4FD5-977E-23267BFAA97F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6694F91-5194-4FD5-977E-23267BFAA97F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-codedownloader
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1119EAC6-AFC0-40C8-A65F-2D98C14178CA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1119EAC6-AFC0-40C8-A65F-2D98C14178CA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-enabler
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9342A1D-C58D-407C-BDB5-C11BBF9E922E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9342A1D-C58D-407C-BDB5-C11BBF9E922E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-updater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B608C425-D59A-4938-851D-248A3514FD95}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B608C425-D59A-4938-851D-248A3514FD95}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Google Chrome v27.0.1453.116

[ File : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [4959 octets] - [07/02/2014 12:47:56]
AdwCleaner[S0].txt - [5110 octets] - [07/02/2014 12:54:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5170 octets] ##########


Edited by smurfhandy, 09 February 2014 - 05:23 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:01 PM

Posted 09 February 2014 - 06:43 PM

How is the machine running after running the Windows Repair tool?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 10 February 2014 - 07:43 PM

seems to be running well ....   they are now able to open attachements in email which they could not do before



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:01 PM

Posted 10 February 2014 - 07:48 PM

Lets check for any left overs.

1.
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
2.
ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Now click on: EOLS3.gif
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on: EOLS4.gif
      (Selecting Uninstall application on close if you so wish)

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:01 PM

Posted 15 February 2014 - 10:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users