Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad malware infection - Not sure what to do about RogueKiller AntiRootkit result


  • This topic is locked This topic is locked
11 replies to this topic

#1 9001M

9001M

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 18 July 2014 - 07:25 PM

I have a laptop running Vista HP, SP2 that had a bad malware infection.  MBAM quick scan resulted in over 2200 PUP hits, which I had MBAM remove.
 
I've also run AdwareCleaner, Junkware Removal Tool, MBAR as well as RogueKiller.  I'm at the point now where all tools come up clean except RogueKiller.  It's reporting a bunch of Antirootkit entries that I'm unsure of what to do with.
 
Following is the DDS log, and I've attached the DDS Attach.txt log, as well as the RogueKiller log.
 
Thanks in advance for your help!
 
Steve
 
------------------------------------
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561
Run by diana at 17:06:22 on 2014-07-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1484 [GMT -7:00]
.
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=MTMHPCAMPAIGN
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uURLSearchHooks: <No Name>: {f4c28532-b9d0-4950-a2df-e83f9929242b} -
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.3.0.12\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.3.0.12\ips\ipsbho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.3.0.12\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [GoogleChromeAutoLaunch_CB5D897B3EA6C1092CD0BBB52B18E9B2] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{2CDB4CF7-B64C-410C-987C-2CCC59855639} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1504000.00d\symds.sys [2014-7-17 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1504000.00d\symefa.sys [2014-7-17 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\bashdefs\20140703.001\BHDrvx86.sys [2014-7-9 1101616]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1504000.00d\ccsetx86.sys [2014-7-17 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\ipsdefs\20140718.001\IDSvix86.sys [2014-7-18 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1504000.00d\ironx86.sys [2014-7-17 206936]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-2-14 43912]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-8-11 47640]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.4.0.13\n360.exe [2014-7-17 265040]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-30 109872]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1503000.00c\symtdiv.sys [2014-5-30 384728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2013-11-8 227936]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-07-17 12:18:12 936152 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symefa.sys
2014-07-17 12:18:12 664280 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\srtsp.sys
2014-07-17 12:18:12 447704 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symnets.sys
2014-07-17 12:18:12 384728 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symtdiv.sys
2014-07-17 12:18:12 367704 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\symds.sys
2014-07-17 12:18:12 32344 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\srtspx.sys
2014-07-17 12:18:12 21520 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\symelam.sys
2014-07-17 12:18:12 206936 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\ironx86.sys
2014-07-17 12:18:12 127064 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\ccsetx86.sys
2014-07-17 12:17:57 30068 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symvtcer.dat
2014-07-17 12:17:57 -------- d-----w- c:\windows\system32\drivers\n360\1504000.00D
2014-07-16 21:51:07 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-16 21:51:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-16 21:50:02 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-16 19:51:23 -------- d-----w- c:\windows\ERUNT
2014-07-16 19:40:05 -------- d-----w- C:\AdwCleaner
2014-07-16 18:18:33 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-16 18:18:32 -------- d-----w- c:\programdata\RogueKiller
2014-07-08 16:19:15 -------- d-----w- c:\users\diana\appdata\roaming\HpUpdate
2014-07-08 16:19:12 -------- d-----w- c:\windows\Hewlett-Packard
2014-06-30 17:11:49 502784 ----a-w- c:\windows\system32\usp10.dll
2014-06-30 17:11:48 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-30 17:11:47 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-06-30 17:11:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
==================== Find3M  ====================
.
2014-07-18 23:56:59 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-18 23:56:58 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-18 23:56:58 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-07-18 23:56:58 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-07-09 18:26:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 18:26:53 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 17:06:50.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/30/2009 9:04:49 AM
System Uptime: 7/16/2014 4:18:32 PM (49 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 151.729 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.831 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0029
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0029
Service: tunnel
.
==== System Restore Points ===================
.
RP1221: 7/4/2014 12:00:01 AM - Scheduled Checkpoint
RP1222: 7/5/2014 12:00:01 AM - Scheduled Checkpoint
RP1223: 7/6/2014 12:00:01 AM - Scheduled Checkpoint
RP1224: 7/7/2014 - Scheduled Checkpoint
RP1225: 7/8/2014 12:36:30 AM - Scheduled Checkpoint
RP1226: 7/9/2014 12:11:35 PM - Scheduled Checkpoint
RP1227: 7/10/2014 3:00:11 AM - Windows Update
RP1228: 7/11/2014 12:00:01 AM - Scheduled Checkpoint
RP1229: 7/12/2014 12:42:14 AM - Scheduled Checkpoint
RP1230: 7/13/2014 12:00:01 AM - Scheduled Checkpoint
RP1231: 7/13/2014 6:31:42 PM - Scheduled Checkpoint
RP1232: 7/15/2014 - Scheduled Checkpoint
RP1233: 7/15/2014 8:50:39 PM - Scheduled Checkpoint
RP1234: 7/16/2014 1:43:19 PM - Removed Java 7 Update 45
RP1236: 7/16/2014 3:23:39 PM - Malwarebytes Anti-Rootkit Restore Point
RP1237: 7/18/2014 12:53:47 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.10)
Adobe Shockwave Player
Atheros Driver Installation Program
BufferChm
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
Destinations
DeviceDiscovery
DocMgr
DocProc
ESU for Microsoft Vista
Fax
Google Chrome
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Doc Viewer
HP Document Manager 2.0
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Live Search Toolbar
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
MyFunCards Internet Explorer Toolbar
NetWaiting
Network
NetZero Preloader
Norton 360
Norton Internet Security
OCR Software by I.R.I.S. 13.0
Power2Go
PowerDirector
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SPORE Creature Creator Trial Edition
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update Installer for WildTangent Games App
Watchtower Library 2012 - English
WebEx
WebReg
WildTangent Games App (HP Games)
Word Free
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/16/2014 4:46:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user diana-PC\diana SID (S-1-5-21-3587560559-4080908623-2973870022-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2014 4:28:31 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
7/16/2014 4:28:31 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
7/16/2014 4:28:31 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.0.0.117, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
7/16/2014 4:20:33 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : diana [Admin rights]
Mode : Scan -- Date : 07/16/2014 11:49:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} | DhcpNameServer : 10.0.0.1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 45 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x8803b410
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x8803b4a8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87adb140
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87a7b2c8
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x880bcd88
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x8803b238
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x880bcb80
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x88265850
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x880bce20
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87ead0f8
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x8815fe38
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x8803b2e0
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x8803b378
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87a7bc98
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x8815fda0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x8803b1a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x8815f458
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x87ead060
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x880bcf70
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x87ead180
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x880bcce0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x8803b540
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8815fbc8
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x8815fc60
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x880bceb8
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x8803b108
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x8815fa98
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x88265b18
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x8815fb30
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x8815fd08
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87adb078
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x880bcc28
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x87cab7b0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x87b67e40
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x87cab190
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x87b556c8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x87b674c0
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x87f6e6a0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x87b67798
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x87b88ee8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x87b672b0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x87b6a070
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\CmBatt.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\drivers\mpio.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543225L9A300 ATA Device +++++
--- User ---
[MBR] 84844a4b486bf8541b64da704b9617d0
[BSP] c76b7854869366d011f8060bf0bf5bc0 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 227288 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465487872 | Size: 11183 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07162014_112609.log - RKreport_SCN_07162014_112233.log

Attached Files


Edited by Oh My!, 24 July 2014 - 07:35 PM.
Posted logs


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 23 July 2014 - 07:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541497 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2014 - 11:30 AM

As requested, here's the updated DDS info:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561
Run by diana at 9:21:51 on 2014-07-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1567 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=MTMHPCAMPAIGN
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uURLSearchHooks: {f4c28532-b9d0-4950-a2df-e83f9929242b} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.4.0.13\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.4.0.13\ips\ipsbho.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.4.0.13\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [GoogleChromeAutoLaunch_CB5D897B3EA6C1092CD0BBB52B18E9B2] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2CDB4CF7-B64C-410C-987C-2CCC59855639} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1504000.00d\symds.sys [2014-7-17 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1504000.00d\symefa.sys [2014-7-17 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\bashdefs\20140718.001\BHDrvx86.sys [2014-7-22 1101616]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1504000.00d\ccsetx86.sys [2014-7-17 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\ipsdefs\20140723.001\IDSvix86.sys [2014-7-23 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1504000.00d\ironx86.sys [2014-7-17 206936]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1504000.00d\symtdiv.sys [2014-7-17 384728]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-2-14 43912]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-8-11 47640]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.4.0.13\n360.exe [2014-7-17 265040]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-7-23 109872]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2013-11-8 227936]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-07-23 20:38:58 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-22 05:18:31 -------- d-----w- C:\Temp
2014-07-17 12:18:12 936152 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symefa.sys
2014-07-17 12:18:12 664280 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\srtsp.sys
2014-07-17 12:18:12 447704 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symnets.sys
2014-07-17 12:18:12 384728 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symtdiv.sys
2014-07-17 12:18:12 367704 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\symds.sys
2014-07-17 12:18:12 32344 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\srtspx.sys
2014-07-17 12:18:12 21520 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\symelam.sys
2014-07-17 12:18:12 206936 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\ironx86.sys
2014-07-17 12:18:12 127064 ----a-r- c:\windows\system32\drivers\n360\1504000.00d\ccsetx86.sys
2014-07-17 12:17:57 30068 ----a-w- c:\windows\system32\drivers\n360\1504000.00d\symvtcer.dat
2014-07-17 12:17:57 -------- d-----w- c:\windows\system32\drivers\n360\1504000.00D
2014-07-16 21:51:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-16 19:51:23 -------- d-----w- c:\windows\ERUNT
2014-07-16 19:40:05 -------- d-----w- C:\AdwCleaner
2014-07-16 18:18:33 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-16 18:18:32 -------- d-----w- c:\programdata\RogueKiller
2014-07-08 16:19:15 -------- d-----w- c:\users\diana\appdata\roaming\HpUpdate
2014-07-08 16:19:12 -------- d-----w- c:\windows\Hewlett-Packard
2014-06-30 17:11:49 502784 ----a-w- c:\windows\system32\usp10.dll
2014-06-30 17:11:48 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-30 17:11:47 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-06-30 17:11:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
==================== Find3M  ====================
.
2014-07-18 23:56:59 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-18 23:56:58 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-18 23:56:58 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-07-18 23:56:58 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-07-09 18:26:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 18:26:53 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH:  9:22:53.02 ===============

 

Attached Files



#4 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2014 - 11:32 AM

Sorry 'bout the tiny font in that last post.  I wasn't paying attention.  Not sure why it defaulted to such a small font...

 

Steve



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:05 AM

Posted 24 July 2014 - 08:13 PM

Greetings Steve and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR report
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 July 2014 - 12:43 AM

Hi Gary, thanks for taking this one on for me!

 

Here's the info you requested:

 

-------------------------------------------------------

TDSSKiller log

-------------------------------------------------------

21:50:15.0355 0x1658  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:50:21.0297 0x1658  ============================================================
21:50:21.0297 0x1658  Current date / time: 2014/07/24 21:50:21.0297
21:50:21.0297 0x1658  SystemInfo:
21:50:21.0298 0x1658 
21:50:21.0298 0x1658  OS Version: 6.0.6002 ServicePack: 2.0
21:50:21.0298 0x1658  Product type: Workstation
21:50:21.0298 0x1658  ComputerName: DIANA-PC
21:50:21.0298 0x1658  UserName: diana
21:50:21.0298 0x1658  Windows directory: C:\Windows
21:50:21.0298 0x1658  System windows directory: C:\Windows
21:50:21.0298 0x1658  Processor architecture: Intel x86
21:50:21.0298 0x1658  Number of processors: 2
21:50:21.0298 0x1658  Page size: 0x1000
21:50:21.0298 0x1658  Boot type: Normal boot
21:50:21.0298 0x1658  ============================================================
21:50:25.0281 0x1658  KLMD registered as C:\Windows\system32\drivers\61881837.sys
21:50:25.0716 0x1658  System UUID: {EF180FD9-6F2F-9F95-D07E-5E0260A986DD}
21:50:27.0238 0x1658  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0xEE72, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000050
21:50:27.0359 0x1658  ============================================================
21:50:27.0359 0x1658  \Device\Harddisk0\DR0:
21:50:27.0360 0x1658  MBR partitions:
21:50:27.0360 0x1658  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BBEC000
21:50:27.0360 0x1658  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BBEC800, BlocksNum 0x15D7800
21:50:27.0360 0x1658  ============================================================
21:50:27.0398 0x1658  C: <-> \Device\Harddisk0\DR0\Partition1
21:50:27.0589 0x1658  D: <-> \Device\Harddisk0\DR0\Partition2
21:50:27.0589 0x1658  ============================================================
21:50:27.0589 0x1658  Initialize success
21:50:27.0590 0x1658  ============================================================
21:50:30.0490 0x1668  ============================================================
21:50:30.0490 0x1668  Scan started
21:50:30.0490 0x1668  Mode: Manual;
21:50:30.0490 0x1668  ============================================================
21:50:30.0490 0x1668  KSN ping started
21:50:34.0103 0x1668  KSN ping finished: true
21:50:35.0194 0x1668  ================ Scan system memory ========================
21:50:35.0194 0x1668  System memory - ok
21:50:35.0195 0x1668  ================ Scan services =============================
21:50:35.0404 0x1668  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:50:35.0414 0x1668  ACPI - ok
21:50:35.0519 0x1668  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:50:35.0522 0x1668  AdobeARMservice - ok
21:50:35.0603 0x1668  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:35.0613 0x1668  AdobeFlashPlayerUpdateSvc - ok
21:50:35.0664 0x1668  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:50:35.0681 0x1668  adp94xx - ok
21:50:35.0701 0x1668  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:50:35.0714 0x1668  adpahci - ok
21:50:35.0735 0x1668  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:50:35.0741 0x1668  adpu160m - ok
21:50:35.0754 0x1668  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:50:35.0760 0x1668  adpu320 - ok
21:50:35.0804 0x1668  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:50:35.0806 0x1668  AeLookupSvc - ok
21:50:35.0868 0x1668  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
21:50:35.0878 0x1668  AFD - ok
21:50:35.0917 0x1668  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:50:35.0920 0x1668  agp440 - ok
21:50:35.0933 0x1668  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:50:35.0938 0x1668  aic78xx - ok
21:50:35.0960 0x1668  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
21:50:35.0964 0x1668  ALG - ok
21:50:35.0987 0x1668  [ 3D76FDA1A10ACC3DC84728F55C29B6D4, E6D0FF73C7041C4F889269B91EEF3BB35467691B6EAA244F3C2AC2F65EA23C72 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:50:35.0988 0x1668  aliide - ok
21:50:36.0007 0x1668  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:50:36.0011 0x1668  amdagp - ok
21:50:36.0022 0x1668  [ 5B92E7839F5A1FBC1B39DE67758AD6F8, 2672A666C8A2BADB01792EFFC09FCB295A3EDFFF4A2023C223F1ADBD4A8E77F2 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:50:36.0024 0x1668  amdide - ok
21:50:36.0050 0x1668  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:50:36.0054 0x1668  AmdK7 - ok
21:50:36.0069 0x1668  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:50:36.0073 0x1668  AmdK8 - ok
21:50:36.0112 0x1668  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
21:50:36.0116 0x1668  Appinfo - ok
21:50:36.0145 0x1668  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
21:50:36.0150 0x1668  arc - ok
21:50:36.0170 0x1668  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:50:36.0174 0x1668  arcsas - ok
21:50:36.0297 0x1668  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:50:36.0301 0x1668  aspnet_state - ok
21:50:36.0323 0x1668  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:36.0324 0x1668  AsyncMac - ok
21:50:36.0365 0x1668  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
21:50:36.0367 0x1668  atapi - ok
21:50:36.0408 0x1668  [ 1941D70C83BDFF19A5F47043A5883678, E7E1D8EA5BE6B74C352F603475049F8EE2DDDE513247E31B0D806DAA7A4F3562 ] atashost        C:\Windows\system32\atashost.exe
21:50:36.0410 0x1668  atashost - ok
21:50:36.0501 0x1668  [ 02D34AC487DF3DA4E3F01874E61EB619, A3A3BD4D84CB616158BD6760312B51B0AEA9078FE5FBEF2287E3034685491A87 ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:50:36.0556 0x1668  athr - ok
21:50:36.0618 0x1668  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:50:36.0631 0x1668  AudioEndpointBuilder - ok
21:50:36.0653 0x1668  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:50:36.0665 0x1668  Audiosrv - ok
21:50:36.0706 0x1668  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:50:36.0707 0x1668  Beep - ok
21:50:36.0770 0x1668  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
21:50:36.0783 0x1668  BFE - ok
21:50:36.0962 0x1668  [ 5A55D8D9340A00B3BD2CC3413B4CB0C0, 438BB95072EC14AD597CFEF040CA7FDE8D46E4AAEE9145AC1014522F1842F713 ] BHDrvx86        C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys
21:50:37.0017 0x1668  BHDrvx86 - ok
21:50:37.0117 0x1668  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
21:50:37.0141 0x1668  BITS - ok
21:50:37.0174 0x1668  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:50:37.0176 0x1668  blbdrive - ok
21:50:37.0217 0x1668  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:50:37.0219 0x1668  bowser - ok
21:50:37.0254 0x1668  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:50:37.0255 0x1668  BrFiltLo - ok
21:50:37.0270 0x1668  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:50:37.0271 0x1668  BrFiltUp - ok
21:50:37.0294 0x1668  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
21:50:37.0297 0x1668  Browser - ok
21:50:37.0323 0x1668  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:50:37.0326 0x1668  Brserid - ok
21:50:37.0352 0x1668  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:50:37.0355 0x1668  BrSerWdm - ok
21:50:37.0387 0x1668  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:50:37.0389 0x1668  BrUsbMdm - ok
21:50:37.0407 0x1668  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:50:37.0408 0x1668  BrUsbSer - ok
21:50:37.0426 0x1668  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:50:37.0428 0x1668  BTHMODEM - ok
21:50:37.0521 0x1668  [ 56C2811FD0D7B727808A69407B5BFAE0, 5F84A29A9E6D8F566F95399F3B41A82DD128EA69678BBBCF75AD914DE70D9A74 ] ccSet_N360      C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys
21:50:37.0529 0x1668  ccSet_N360 - ok
21:50:37.0554 0x1668  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:50:37.0558 0x1668  cdfs - ok
21:50:37.0599 0x1668  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:50:37.0602 0x1668  cdrom - ok
21:50:37.0635 0x1668  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
21:50:37.0638 0x1668  CertPropSvc - ok
21:50:37.0677 0x1668  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:50:37.0680 0x1668  circlass - ok
21:50:37.0721 0x1668  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
21:50:37.0730 0x1668  CLFS - ok
21:50:37.0801 0x1668  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:37.0805 0x1668  clr_optimization_v2.0.50727_32 - ok
21:50:37.0865 0x1668  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:37.0870 0x1668  clr_optimization_v4.0.30319_32 - ok
21:50:37.0908 0x1668  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:37.0909 0x1668  CmBatt - ok
21:50:37.0928 0x1668  [ D36372A6EA6805EFBE8884D10772313F, 243FCA697FEEBCB1F501C49DF75901C18F9BC301E693AA22EBB43F2B7CA26991 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:50:37.0930 0x1668  cmdide - ok
21:50:37.0978 0x1668  [ 1ADF6F4852E7D7E2E8AC481BDB970586, B5A89EE8E9BEE08FF99B9BEE2CC731FE023DA80DC52B575AE2B032F46445A65A ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:50:37.0987 0x1668  CnxtHdAudService - ok
21:50:38.0056 0x1668  [ 7795F8CEBC284A426B53F541E538695F, 1A56B32CA26505D9B1899EF4C3E1E1A815D8A36CC476691DBCE8A41109208C87 ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:50:38.0064 0x1668  Com4QLBEx - ok
21:50:38.0076 0x1668  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:50:38.0078 0x1668  Compbatt - ok
21:50:38.0089 0x1668  COMSysApp - ok
21:50:38.0104 0x1668  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:50:38.0106 0x1668  crcdisk - ok
21:50:38.0123 0x1668  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:50:38.0126 0x1668  Crusoe - ok
21:50:38.0180 0x1668  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:50:38.0185 0x1668  CryptSvc - ok
21:50:38.0256 0x1668  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:50:38.0274 0x1668  DcomLaunch - ok
21:50:38.0313 0x1668  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:50:38.0316 0x1668  DfsC - ok
21:50:38.0426 0x1668  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
21:50:38.0493 0x1668  DFSR - ok
21:50:38.0556 0x1668  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:50:38.0562 0x1668  Dhcp - ok
21:50:38.0608 0x1668  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
21:50:38.0610 0x1668  disk - ok
21:50:38.0650 0x1668  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:50:38.0653 0x1668  Dnscache - ok
21:50:38.0686 0x1668  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
21:50:38.0691 0x1668  dot3svc - ok
21:50:38.0733 0x1668  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:50:38.0738 0x1668  Dot4 - ok
21:50:38.0759 0x1668  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:50:38.0760 0x1668  Dot4Print - ok
21:50:38.0774 0x1668  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:50:38.0776 0x1668  dot4usb - ok
21:50:38.0813 0x1668  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
21:50:38.0818 0x1668  DPS - ok
21:50:38.0849 0x1668  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:50:38.0850 0x1668  drmkaud - ok
21:50:38.0910 0x1668  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:50:38.0937 0x1668  DXGKrnl - ok
21:50:38.0968 0x1668  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:50:38.0974 0x1668  E1G60 - ok
21:50:38.0998 0x1668  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
21:50:39.0002 0x1668  EapHost - ok
21:50:39.0056 0x1668  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:50:39.0061 0x1668  Ecache - ok
21:50:39.0141 0x1668  [ 10D14FAEF105DF2432D0E03860895284, 200662CD73537A8152FA0C276F20CE9B558FB2EB1AD0C171E5CCF4DC8C02F8B3 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:50:39.0159 0x1668  eeCtrl - ok
21:50:39.0210 0x1668  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:50:39.0221 0x1668  ehRecvr - ok
21:50:39.0239 0x1668  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
21:50:39.0245 0x1668  ehSched - ok
21:50:39.0262 0x1668  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
21:50:39.0264 0x1668  ehstart - ok
21:50:39.0307 0x1668  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:50:39.0325 0x1668  elxstor - ok
21:50:39.0391 0x1668  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:50:39.0414 0x1668  EMDMgmt - ok
21:50:39.0464 0x1668  [ 0424EAB7549926FB864BD41E7F0639CC, 04E349F311B24239E1B4DAD073360A0D91391B69E74B43D705A1C00FDF113F45 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:50:39.0470 0x1668  EraserUtilRebootDrv - ok
21:50:39.0508 0x1668  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:50:39.0509 0x1668  ErrDev - ok
21:50:39.0572 0x1668  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
21:50:39.0581 0x1668  EventSystem - ok
21:50:39.0645 0x1668  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:50:39.0651 0x1668  exfat - ok
21:50:39.0686 0x1668  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:50:39.0694 0x1668  fastfat - ok
21:50:39.0713 0x1668  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:50:39.0714 0x1668  fdc - ok
21:50:39.0742 0x1668  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
21:50:39.0745 0x1668  fdPHost - ok
21:50:39.0763 0x1668  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:50:39.0766 0x1668  FDResPub - ok
21:50:39.0789 0x1668  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:50:39.0793 0x1668  FileInfo - ok
21:50:39.0815 0x1668  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:50:39.0816 0x1668  Filetrace - ok
21:50:39.0839 0x1668  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:39.0841 0x1668  flpydisk - ok
21:50:39.0886 0x1668  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:50:39.0892 0x1668  FltMgr - ok
21:50:39.0973 0x1668  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
21:50:39.0997 0x1668  FontCache - ok
21:50:40.0050 0x1668  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:50:40.0053 0x1668  FontCache3.0.0.0 - ok
21:50:40.0089 0x1668  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:50:40.0090 0x1668  Fs_Rec - ok
21:50:40.0127 0x1668  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:50:40.0131 0x1668  gagp30kx - ok
21:50:40.0209 0x1668  [ 338700E2C721DFCC932C4CC9D175DD70, E71A4CF3706655955EE5694371263B54D5FC0D0FD387687247D6F3BF55CDEAB1 ] GamesAppIntegrationService C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
21:50:40.0220 0x1668  GamesAppIntegrationService - ok
21:50:40.0246 0x1668  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
21:50:40.0257 0x1668  GamesAppService - ok
21:50:40.0321 0x1668  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
21:50:40.0344 0x1668  gpsvc - ok
21:50:40.0423 0x1668  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:50:40.0429 0x1668  gupdate - ok
21:50:40.0447 0x1668  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:50:40.0452 0x1668  gupdatem - ok
21:50:40.0512 0x1668  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:50:40.0523 0x1668  HdAudAddService - ok
21:50:40.0586 0x1668  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:50:40.0615 0x1668  HDAudBus - ok
21:50:40.0634 0x1668  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:50:40.0636 0x1668  HidBth - ok
21:50:40.0657 0x1668  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:50:40.0659 0x1668  HidIr - ok
21:50:40.0697 0x1668  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
21:50:40.0699 0x1668  hidserv - ok
21:50:40.0731 0x1668  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:50:40.0732 0x1668  HidUsb - ok
21:50:40.0769 0x1668  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:50:40.0774 0x1668  hkmsvc - ok
21:50:40.0813 0x1668  [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:50:40.0816 0x1668  HP Health Check Service - ok
21:50:40.0835 0x1668  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:50:40.0837 0x1668  HpCISSs - ok
21:50:40.0942 0x1668  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:50:40.0950 0x1668  hpqcxs08 - ok
21:50:40.0996 0x1668  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:50:41.0000 0x1668  hpqddsvc - ok
21:50:41.0030 0x1668  [ 35956140E686D53BF676CF0C778880FC, AFFE1CC956E75AF1DE87F19A58CB03C861907C48DCA03F7454EF7762DEB46F2D ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:50:41.0031 0x1668  HpqKbFiltr - ok
21:50:41.0060 0x1668  [ 1665C7121A026DF10C903DB9BC5E9D43, D96189406774842923BC420C4AF33FA81C83B815E14CE7C444F9CCF545971B7E ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:50:41.0068 0x1668  hpqwmiex - ok
21:50:41.0123 0x1668  [ 568E44F6DCFA173F3670172B69379891, D619B908770E308BE3978DD619CA0ADC229685971FC99379AA5620BE5F7C5F1C ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:50:41.0147 0x1668  HPSLPSVC - ok
21:50:41.0234 0x1668  [ CC267848CB3508E72762BE65734E764D, E7E39607A48E77544EE286EA678FC2ED8A6C20C9DCB8C901BC70140ECB2E7C2F ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:50:41.0274 0x1668  HSF_DPV - ok
21:50:41.0309 0x1668  [ A2882945CC4B6E3E4E9E825590438888, C0B7E695BBFFB927A3A7122BCA41B454B27F285A0A380E82CEDF87CE573A5C60 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:50:41.0315 0x1668  HSXHWAZL - ok
21:50:41.0364 0x1668  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:50:41.0376 0x1668  HTTP - ok
21:50:41.0403 0x1668  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:50:41.0405 0x1668  i2omp - ok
21:50:41.0451 0x1668  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:50:41.0454 0x1668  i8042prt - ok
21:50:41.0500 0x1668  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:50:41.0511 0x1668  iaStorV - ok
21:50:41.0555 0x1668  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:50:41.0559 0x1668  IDriverT - ok
21:50:41.0634 0x1668  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:50:41.0667 0x1668  idsvc - ok
21:50:41.0781 0x1668  [ 373C0F67CC49772028D311FD147F4E85, D88613EB4DCB6F0A77D947D3DAB853689FFD71331484723C7CDCBADC7F01CB34 ] IDSVix86        C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140724.001\IDSvix86.sys
21:50:41.0804 0x1668  IDSVix86 - ok
21:50:42.0261 0x1668  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:50:42.0611 0x1668  igfx - ok
21:50:42.0699 0x1668  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:50:42.0701 0x1668  iirsp - ok
21:50:42.0743 0x1668  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:50:42.0754 0x1668  IKEEXT - ok
21:50:42.0791 0x1668  [ C7E7E43CBD34D3B0A0156B51B917DFCC, 8F40D053D1AF89E0739D798D41F92801F95AB55CA0109386C426AB57784DD540 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:50:42.0795 0x1668  IntcHdmiAddService - ok
21:50:42.0829 0x1668  [ DD512A049BD7B4BCE8A83554C5EFF2C1, FBC44A9EBFCCE0EF4F6D007590158F7852340D3056298A0C1708E3AC30AB6CA9 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:50:42.0831 0x1668  intelide - ok
21:50:42.0860 0x1668  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:50:42.0862 0x1668  intelppm - ok
21:50:42.0885 0x1668  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:50:42.0889 0x1668  IPBusEnum - ok
21:50:42.0906 0x1668  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:42.0909 0x1668  IpFilterDriver - ok
21:50:42.0947 0x1668  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:50:42.0954 0x1668  iphlpsvc - ok
21:50:42.0962 0x1668  IpInIp - ok
21:50:42.0983 0x1668  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:50:42.0986 0x1668  IPMIDRV - ok
21:50:43.0007 0x1668  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:50:43.0011 0x1668  IPNAT - ok
21:50:43.0024 0x1668  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:50:43.0025 0x1668  IRENUM - ok
21:50:43.0039 0x1668  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:50:43.0041 0x1668  isapnp - ok
21:50:43.0078 0x1668  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:50:43.0085 0x1668  iScsiPrt - ok
21:50:43.0105 0x1668  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:50:43.0107 0x1668  iteatapi - ok
21:50:43.0120 0x1668  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:50:43.0122 0x1668  iteraid - ok
21:50:43.0143 0x1668  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:43.0145 0x1668  kbdclass - ok
21:50:43.0166 0x1668  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:50:43.0168 0x1668  kbdhid - ok
21:50:43.0198 0x1668  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
21:50:43.0202 0x1668  KeyIso - ok
21:50:43.0239 0x1668  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:50:43.0257 0x1668  KSecDD - ok
21:50:43.0300 0x1668  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:50:43.0312 0x1668  KtmRm - ok
21:50:43.0351 0x1668  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:50:43.0361 0x1668  LanmanServer - ok
21:50:43.0405 0x1668  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:50:43.0416 0x1668  LanmanWorkstation - ok
21:50:43.0469 0x1668  [ ABF90FC5A127F481219B873C1B8DFC1C, 465188183B2848C11743B2A6B987B307D30F636E4958E60766336479473DD121 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:50:43.0472 0x1668  LightScribeService - ok
21:50:43.0494 0x1668  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:50:43.0497 0x1668  lltdio - ok
21:50:43.0529 0x1668  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:50:43.0538 0x1668  lltdsvc - ok
21:50:43.0562 0x1668  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:50:43.0565 0x1668  lmhosts - ok
21:50:43.0639 0x1668  [ 2DBE437F190686B191A44E9688EA1AD5, 7E9545F21C334C035465EC81DCFE18D56B227692A24E5D2D6858CD98291EAF1A ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
21:50:43.0653 0x1668  LMIGuardianSvc - ok
21:50:43.0678 0x1668  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
21:50:43.0679 0x1668  LMIInfo - ok
21:50:43.0709 0x1668  [ F1BF7AB2B04B3AA0E50BBF23B17EC8D2, 2275FDF3593564BDDDFDE20E2E5CC299C8C9E55F3847D2AF030EC17777DCFFA5 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
21:50:43.0716 0x1668  LMIMaint - ok
21:50:43.0740 0x1668  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
21:50:43.0742 0x1668  lmimirr - ok
21:50:43.0756 0x1668  LMIRfsClientNP - ok
21:50:43.0796 0x1668  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
21:50:43.0799 0x1668  LMIRfsDriver - ok
21:50:43.0831 0x1668  [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
21:50:43.0845 0x1668  LogMeIn - ok
21:50:43.0879 0x1668  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:50:43.0884 0x1668  LSI_FC - ok
21:50:43.0897 0x1668  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:50:43.0903 0x1668  LSI_SAS - ok
21:50:43.0918 0x1668  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:50:43.0923 0x1668  LSI_SCSI - ok
21:50:43.0936 0x1668  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:50:43.0941 0x1668  luafv - ok
21:50:43.0964 0x1668  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:50:43.0969 0x1668  Mcx2Svc - ok
21:50:43.0989 0x1668  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:50:43.0990 0x1668  mdmxsdk - ok
21:50:44.0017 0x1668  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
21:50:44.0019 0x1668  megasas - ok
21:50:44.0051 0x1668  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:50:44.0066 0x1668  MegaSR - ok
21:50:44.0088 0x1668  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
21:50:44.0092 0x1668  MMCSS - ok
21:50:44.0111 0x1668  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
21:50:44.0113 0x1668  Modem - ok
21:50:44.0142 0x1668  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:50:44.0144 0x1668  monitor - ok
21:50:44.0158 0x1668  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:50:44.0160 0x1668  mouclass - ok
21:50:44.0173 0x1668  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:50:44.0174 0x1668  mouhid - ok
21:50:44.0189 0x1668  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:50:44.0191 0x1668  MountMgr - ok
21:50:44.0208 0x1668  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:50:44.0212 0x1668  mpio - ok
21:50:44.0237 0x1668  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:50:44.0240 0x1668  mpsdrv - ok
21:50:44.0278 0x1668  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:50:44.0289 0x1668  MpsSvc - ok
21:50:44.0307 0x1668  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:50:44.0308 0x1668  Mraid35x - ok
21:50:44.0340 0x1668  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:50:44.0344 0x1668  MRxDAV - ok
21:50:44.0385 0x1668  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:44.0390 0x1668  mrxsmb - ok
21:50:44.0429 0x1668  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:44.0437 0x1668  mrxsmb10 - ok
21:50:44.0459 0x1668  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:44.0463 0x1668  mrxsmb20 - ok
21:50:44.0502 0x1668  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\drivers\msahci.sys
21:50:44.0504 0x1668  msahci - ok
21:50:44.0534 0x1668  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:50:44.0539 0x1668  msdsm - ok
21:50:44.0556 0x1668  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
21:50:44.0561 0x1668  MSDTC - ok
21:50:44.0579 0x1668  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:50:44.0582 0x1668  Msfs - ok
21:50:44.0607 0x1668  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:50:44.0609 0x1668  msisadrv - ok
21:50:44.0639 0x1668  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:50:44.0643 0x1668  MSiSCSI - ok
21:50:44.0659 0x1668  msiserver - ok
21:50:44.0686 0x1668  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:50:44.0687 0x1668  MSKSSRV - ok
21:50:44.0702 0x1668  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:44.0702 0x1668  MSPCLOCK - ok
21:50:44.0715 0x1668  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:50:44.0716 0x1668  MSPQM - ok
21:50:44.0755 0x1668  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:50:44.0762 0x1668  MsRPC - ok
21:50:44.0786 0x1668  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:50:44.0787 0x1668  mssmbios - ok
21:50:44.0803 0x1668  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:50:44.0804 0x1668  MSTEE - ok
21:50:44.0824 0x1668  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:50:44.0826 0x1668  Mup - ok
21:50:44.0901 0x1668  [ 5E1659BD35E69AA6083FF8D552E5B1D5, 947106A030853C755B375DF96833C60704327ABD1393F2CA04859A6651A4155D ] N360            C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
21:50:44.0909 0x1668  N360 - ok
21:50:44.0955 0x1668  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
21:50:44.0970 0x1668  napagent - ok
21:50:45.0016 0x1668  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:50:45.0022 0x1668  NativeWifiP - ok
21:50:45.0078 0x1668  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140724.023\NAVENG.SYS
21:50:45.0082 0x1668  NAVENG - ok
21:50:45.0176 0x1668  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140724.023\NAVEX15.SYS
21:50:45.0220 0x1668  NAVEX15 - ok
21:50:45.0288 0x1668  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:50:45.0309 0x1668  NDIS - ok
21:50:45.0332 0x1668  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:45.0333 0x1668  NdisTapi - ok
21:50:45.0345 0x1668  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:45.0346 0x1668  Ndisuio - ok
21:50:45.0380 0x1668  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:45.0386 0x1668  NdisWan - ok
21:50:45.0413 0x1668  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:50:45.0416 0x1668  NDProxy - ok
21:50:45.0448 0x1668  [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:50:45.0450 0x1668  Net Driver HPZ12 - ok
21:50:45.0461 0x1668  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:50:45.0463 0x1668  NetBIOS - ok
21:50:45.0511 0x1668  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:50:45.0518 0x1668  netbt - ok
21:50:45.0531 0x1668  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
21:50:45.0534 0x1668  Netlogon - ok
21:50:45.0568 0x1668  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
21:50:45.0578 0x1668  Netman - ok
21:50:45.0625 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:45.0631 0x1668  NetMsmqActivator - ok
21:50:45.0649 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:45.0654 0x1668  NetPipeActivator - ok
21:50:45.0680 0x1668  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
21:50:45.0689 0x1668  netprofm - ok
21:50:45.0702 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:45.0707 0x1668  NetTcpActivator - ok
21:50:45.0717 0x1668  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:50:45.0722 0x1668  NetTcpPortSharing - ok
21:50:45.0854 0x1668  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
21:50:45.0936 0x1668  NETw3v32 - ok
21:50:45.0963 0x1668  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:50:45.0966 0x1668  nfrd960 - ok
21:50:46.0003 0x1668  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:50:46.0011 0x1668  NlaSvc - ok
21:50:46.0035 0x1668  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:50:46.0039 0x1668  Npfs - ok
21:50:46.0048 0x1668  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
21:50:46.0052 0x1668  nsi - ok
21:50:46.0069 0x1668  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:50:46.0071 0x1668  nsiproxy - ok
21:50:46.0142 0x1668  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:50:46.0181 0x1668  Ntfs - ok
21:50:46.0214 0x1668  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:50:46.0215 0x1668  ntrigdigi - ok
21:50:46.0226 0x1668  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
21:50:46.0229 0x1668  Null - ok
21:50:46.0244 0x1668  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:50:46.0247 0x1668  nvraid - ok
21:50:46.0266 0x1668  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:50:46.0269 0x1668  nvstor - ok
21:50:46.0293 0x1668  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:50:46.0297 0x1668  nv_agp - ok
21:50:46.0304 0x1668  NwlnkFlt - ok
21:50:46.0314 0x1668  NwlnkFwd - ok
21:50:46.0377 0x1668  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:50:46.0392 0x1668  odserv - ok
21:50:46.0436 0x1668  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:50:46.0439 0x1668  ohci1394 - ok
21:50:46.0470 0x1668  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:46.0475 0x1668  ose - ok
21:50:46.0532 0x1668  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:50:46.0550 0x1668  p2pimsvc - ok
21:50:46.0583 0x1668  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:50:46.0605 0x1668  p2psvc - ok
21:50:46.0638 0x1668  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
21:50:46.0641 0x1668  Parport - ok
21:50:46.0671 0x1668  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:50:46.0674 0x1668  partmgr - ok
21:50:46.0693 0x1668  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:50:46.0694 0x1668  Parvdm - ok
21:50:46.0721 0x1668  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:50:46.0724 0x1668  PcaSvc - ok
21:50:46.0762 0x1668  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
21:50:46.0769 0x1668  pci - ok
21:50:46.0798 0x1668  [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802, E50E68A105B4A2C554B9EC169D404A51566F2010BECB9452BC1B2AC1A77283B0 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:50:46.0799 0x1668  pciide - ok
21:50:46.0830 0x1668  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:50:46.0839 0x1668  pcmcia - ok
21:50:46.0905 0x1668  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:50:46.0940 0x1668  PEAUTH - ok
21:50:47.0044 0x1668  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
21:50:47.0085 0x1668  pla - ok
21:50:47.0134 0x1668  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:50:47.0142 0x1668  PlugPlay - ok
21:50:47.0165 0x1668  [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:50:47.0168 0x1668  Pml Driver HPZ12 - ok
21:50:47.0210 0x1668  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:50:47.0226 0x1668  PNRPAutoReg - ok
21:50:47.0257 0x1668  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:50:47.0273 0x1668  PNRPsvc - ok
21:50:47.0303 0x1668  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:50:47.0313 0x1668  PolicyAgent - ok
21:50:47.0343 0x1668  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:50:47.0345 0x1668  PptpMiniport - ok
21:50:47.0376 0x1668  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
21:50:47.0378 0x1668  Processor - ok
21:50:47.0419 0x1668  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
21:50:47.0425 0x1668  ProfSvc - ok
21:50:47.0442 0x1668  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
21:50:47.0444 0x1668  ProtectedStorage - ok
21:50:47.0478 0x1668  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:50:47.0481 0x1668  PSched - ok
21:50:47.0550 0x1668  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:50:47.0595 0x1668  ql2300 - ok
21:50:47.0621 0x1668  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:50:47.0626 0x1668  ql40xx - ok
21:50:47.0664 0x1668  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
21:50:47.0672 0x1668  QWAVE - ok
21:50:47.0696 0x1668  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:50:47.0698 0x1668  QWAVEdrv - ok
21:50:47.0719 0x1668  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:50:47.0720 0x1668  RasAcd - ok
21:50:47.0738 0x1668  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
21:50:47.0742 0x1668  RasAuto - ok
21:50:47.0764 0x1668  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:47.0766 0x1668  Rasl2tp - ok
21:50:47.0810 0x1668  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
21:50:47.0818 0x1668  RasMan - ok
21:50:47.0852 0x1668  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:47.0853 0x1668  RasPppoe - ok
21:50:47.0892 0x1668  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:50:47.0894 0x1668  RasSstp - ok
21:50:47.0940 0x1668  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:50:47.0948 0x1668  rdbss - ok
21:50:47.0971 0x1668  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:47.0973 0x1668  RDPCDD - ok
21:50:47.0998 0x1668  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:50:48.0007 0x1668  rdpdr - ok
21:50:48.0015 0x1668  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:50:48.0016 0x1668  RDPENCDD - ok
21:50:48.0063 0x1668  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:50:48.0069 0x1668  RDPWD - ok
21:50:48.0114 0x1668  [ 0D362785BEF9BDF5A6E1F4628D06716D, DFB22D15BFE57988915C46EA366ECA8B47F663AFC87FD45F7BB2B1C966CCD34A ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
21:50:48.0122 0x1668  Recovery Service for Windows - ok
21:50:48.0159 0x1668  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:50:48.0162 0x1668  RemoteAccess - ok
21:50:48.0194 0x1668  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:50:48.0199 0x1668  RemoteRegistry - ok
21:50:48.0263 0x1668  [ 805AE1F90C64758D19AAA001CF8CBA12, 28E389FD9D8106D922AAD0FF93107C4C2900565480ACD9E909D8C134E39E39A1 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:50:48.0269 0x1668  RichVideo - ok
21:50:48.0296 0x1668  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
21:50:48.0298 0x1668  RpcLocator - ok
21:50:48.0331 0x1668  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
21:50:48.0346 0x1668  RpcSs - ok
21:50:48.0373 0x1668  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:50:48.0375 0x1668  rspndr - ok
21:50:48.0406 0x1668  [ 125C504A34D0A2E152517E342E7E432C, 78E8B42B80B267602336C0164EC56DDF0FC634C5E57C63998EEDA79B372A0863 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
21:50:48.0411 0x1668  RTL8169 - ok
21:50:48.0451 0x1668  [ 8DAB5975B5C7923D61506A48E251DBAD, 34C197BDBFEB676ED7C0262E27EF9190E684A47E4DBFDFA889958966406F9862 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
21:50:48.0454 0x1668  RTSTOR - ok
21:50:48.0462 0x1668  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
21:50:48.0465 0x1668  SamSs - ok
21:50:48.0477 0x1668  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:50:48.0481 0x1668  sbp2port - ok
21:50:48.0515 0x1668  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:50:48.0520 0x1668  SCardSvr - ok
21:50:48.0579 0x1668  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
21:50:48.0599 0x1668  Schedule - ok
21:50:48.0618 0x1668  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:50:48.0621 0x1668  SCPolicySvc - ok
21:50:48.0649 0x1668  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:50:48.0653 0x1668  sdbus - ok
21:50:48.0685 0x1668  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:50:48.0691 0x1668  SDRSVC - ok
21:50:48.0712 0x1668  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:50:48.0716 0x1668  secdrv - ok
21:50:48.0734 0x1668  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
21:50:48.0739 0x1668  seclogon - ok
21:50:48.0770 0x1668  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
21:50:48.0776 0x1668  SENS - ok
21:50:48.0797 0x1668  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:50:48.0798 0x1668  Serenum - ok
21:50:48.0817 0x1668  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
21:50:48.0821 0x1668  Serial - ok
21:50:48.0844 0x1668  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:50:48.0846 0x1668  sermouse - ok
21:50:48.0884 0x1668  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:50:48.0890 0x1668  SessionEnv - ok
21:50:48.0909 0x1668  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:50:48.0911 0x1668  sffdisk - ok
21:50:48.0928 0x1668  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:50:48.0929 0x1668  sffp_mmc - ok
21:50:48.0938 0x1668  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:50:48.0940 0x1668  sffp_sd - ok
21:50:48.0962 0x1668  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:50:48.0963 0x1668  sfloppy - ok
21:50:49.0002 0x1668  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:50:49.0010 0x1668  SharedAccess - ok
21:50:49.0057 0x1668  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:50:49.0065 0x1668  ShellHWDetection - ok
21:50:49.0086 0x1668  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:50:49.0088 0x1668  sisagp - ok
21:50:49.0102 0x1668  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:50:49.0104 0x1668  SiSRaid2 - ok
21:50:49.0115 0x1668  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:50:49.0118 0x1668  SiSRaid4 - ok
21:50:49.0298 0x1668  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
21:50:49.0385 0x1668  slsvc - ok
21:50:49.0499 0x1668  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:50:49.0503 0x1668  SLUINotify - ok
21:50:49.0540 0x1668  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:50:49.0543 0x1668  Smb - ok
21:50:49.0575 0x1668  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:50:49.0579 0x1668  SNMPTRAP - ok
21:50:49.0596 0x1668  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:50:49.0598 0x1668  spldr - ok
21:50:49.0638 0x1668  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
21:50:49.0645 0x1668  Spooler - ok
21:50:49.0726 0x1668  [ 91C966DE2058116525748050A22C8170, EE64D29ED2C5EDE035E6BE56AE28403B42C10815A89AC08A5395DE72375AF550 ] SRTSP           C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS
21:50:49.0753 0x1668  SRTSP - ok
21:50:49.0776 0x1668  [ 1B6D68043F488F70E889276E1585B7AA, 574925053F0EB2DED6DA03D0720A8E1588590948DFF1E2C6DE84EA5B6856E3DB ] SRTSPX          C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS
21:50:49.0777 0x1668  SRTSPX - ok
21:50:49.0826 0x1668  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:50:49.0839 0x1668  srv - ok
21:50:49.0871 0x1668  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:50:49.0878 0x1668  srv2 - ok
21:50:49.0902 0x1668  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:50:49.0907 0x1668  srvnet - ok
21:50:49.0951 0x1668  [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B, CBB57877DF2F4D5CCF39D65E863F4C3EC30E6EBBD95132667908BF6E638E27FA ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
21:50:49.0954 0x1668  sscdbus - ok
21:50:49.0990 0x1668  [ 8A1BE0C347814F482F493AEA619D57F6, 868AA830CC581FDB66F065938F8AC69621FD2E1767D5A29BAD1B9DB154C46F4A ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:50:49.0991 0x1668  sscdmdfl - ok
21:50:50.0018 0x1668  [ 5AB0B1987F682A59B15B78F84C6AD7D0, 1A7FD72E82884D16525F36C0394F2F6845FE9F3580D9A01E6066605E5B72AB8D ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
21:50:50.0022 0x1668  sscdmdm - ok
21:50:50.0056 0x1668  [ 751E66EB32EFA80633B80F5D7FF0A1D8, 0826F4E707D27F633CB3B0D2B3EE6B8A9FBB6E00A91A26A33D0223CCBFF4799B ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
21:50:50.0061 0x1668  sscdserd - ok
21:50:50.0100 0x1668  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:50:50.0110 0x1668  SSDPSRV - ok
21:50:50.0148 0x1668  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:50:50.0157 0x1668  SstpSvc - ok
21:50:50.0222 0x1668  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
21:50:50.0245 0x1668  stisvc - ok
21:50:50.0274 0x1668  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:50:50.0277 0x1668  swenum - ok
21:50:50.0333 0x1668  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
21:50:50.0352 0x1668  swprv - ok
21:50:50.0372 0x1668  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:50:50.0375 0x1668  Symc8xx - ok
21:50:50.0406 0x1668  [ 4C3DEF736D3857570166DE5C858600F5, 45613D3F1935AFDDB1DFE3A427222A0B38430ABF15F9110A35E7C55CDADF1D43 ] SymDS           C:\Windows\system32\drivers\N360\1504000.00D\SYMDS.SYS
21:50:50.0425 0x1668  SymDS - ok
21:50:50.0518 0x1668  [ B70A98F20B4180F2751CFD7656116342, F4BB1904DC4818CE012AA264A7714AA9977F06255CF857FDB3E55B0DBA3D8A9C ] SymEFA          C:\Windows\system32\drivers\N360\1504000.00D\SYMEFA.SYS
21:50:50.0567 0x1668  SymEFA - ok
21:50:50.0603 0x1668  [ E987A9CB539147527F56943BB34B7375, 4627C3E237549587B53CBD0D89AC2CEFF03C04F7624E2868936BCE5D70496AFD ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
21:50:50.0612 0x1668  SymEvent - ok
21:50:50.0621 0x1668  SYMFW - ok
21:50:50.0658 0x1668  [ E3A3CA230C7547364BB3D9DA0C301A36, 8F173DE08BAF81A7BE7F2D306DC595D60E6537D95AFE32A39E521E43C35AB629 ] SymIRON         C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS
21:50:50.0666 0x1668  SymIRON - ok
21:50:50.0674 0x1668  SYMNDISV - ok
21:50:50.0733 0x1668  [ D3F7FB40012382F7B206200AE794FBD7, B58C1969C766D5BF0BCFE9642D4F2B221E62240A9FCE18738B21DB457F57C22C ] SYMTDIv         C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS
21:50:50.0749 0x1668  SYMTDIv - ok
21:50:50.0766 0x1668  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:50:50.0768 0x1668  Sym_hi - ok
21:50:50.0790 0x1668  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:50:50.0792 0x1668  Sym_u3 - ok
21:50:50.0819 0x1668  [ 00B19F27858F56181EDB58B71A7C67A0, 50810EAD2234F61310A234DC20B7306E6E809CFFE72F7C71FDE89D4068A29853 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:50:50.0828 0x1668  SynTP - ok
21:50:50.0889 0x1668  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
21:50:50.0908 0x1668  SysMain - ok
21:50:50.0944 0x1668  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:50:50.0949 0x1668  TabletInputService - ok
21:50:50.0989 0x1668  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:50:51.0001 0x1668  TapiSrv - ok
21:50:51.0019 0x1668  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
21:50:51.0024 0x1668  TBS - ok
21:50:51.0094 0x1668  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:50:51.0129 0x1668  Tcpip - ok
21:50:51.0175 0x1668  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:50:51.0200 0x1668  Tcpip6 - ok
21:50:51.0240 0x1668  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:50:51.0242 0x1668  tcpipreg - ok
21:50:51.0262 0x1668  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:50:51.0263 0x1668  TDPIPE - ok
21:50:51.0282 0x1668  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:50:51.0283 0x1668  TDTCP - ok
21:50:51.0332 0x1668  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:50:51.0335 0x1668  tdx - ok
21:50:51.0354 0x1668  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:50:51.0356 0x1668  TermDD - ok
21:50:51.0377 0x1668  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
21:50:51.0392 0x1668  TermService - ok
21:50:51.0423 0x1668  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
21:50:51.0432 0x1668  Themes - ok
21:50:51.0443 0x1668  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:50:51.0446 0x1668  THREADORDER - ok
21:50:51.0467 0x1668  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
21:50:51.0472 0x1668  TrkWks - ok
21:50:51.0512 0x1668  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:50:51.0513 0x1668  TrustedInstaller - ok
21:50:51.0558 0x1668  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:51.0559 0x1668  tssecsrv - ok
21:50:51.0583 0x1668  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:50:51.0585 0x1668  tunmp - ok
21:50:51.0621 0x1668  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:50:51.0623 0x1668  tunnel - ok
21:50:51.0643 0x1668  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:50:51.0647 0x1668  uagp35 - ok
21:50:51.0684 0x1668  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:50:51.0694 0x1668  udfs - ok
21:50:51.0743 0x1668  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:50:51.0749 0x1668  UI0Detect - ok
21:50:51.0784 0x1668  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:50:51.0787 0x1668  uliagpkx - ok
21:50:51.0823 0x1668  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:50:51.0833 0x1668  uliahci - ok
21:50:51.0858 0x1668  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:50:51.0863 0x1668  UlSata - ok
21:50:51.0876 0x1668  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:50:51.0881 0x1668  ulsata2 - ok
21:50:51.0898 0x1668  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:50:51.0899 0x1668  umbus - ok
21:50:51.0930 0x1668  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
21:50:51.0940 0x1668  upnphost - ok
21:50:51.0986 0x1668  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:51.0990 0x1668  usbccgp - ok
21:50:52.0011 0x1668  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:50:52.0014 0x1668  usbcir - ok
21:50:52.0027 0x1668  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:50:52.0030 0x1668  usbehci - ok
21:50:52.0057 0x1668  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:50:52.0066 0x1668  usbhub - ok
21:50:52.0086 0x1668  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:50:52.0088 0x1668  usbohci - ok
21:50:52.0122 0x1668  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:50:52.0123 0x1668  usbprint - ok
21:50:52.0151 0x1668  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:50:52.0153 0x1668  usbscan - ok
21:50:52.0182 0x1668  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:52.0185 0x1668  USBSTOR - ok
21:50:52.0224 0x1668  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:50:52.0225 0x1668  usbuhci - ok
21:50:52.0263 0x1668  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
21:50:52.0267 0x1668  UxSms - ok
21:50:52.0305 0x1668  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
21:50:52.0317 0x1668  vds - ok
21:50:52.0354 0x1668  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:52.0356 0x1668  vga - ok
21:50:52.0377 0x1668  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:50:52.0378 0x1668  VgaSave - ok
21:50:52.0401 0x1668  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:50:52.0403 0x1668  viaagp - ok
21:50:52.0425 0x1668  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:50:52.0428 0x1668  ViaC7 - ok
21:50:52.0446 0x1668  [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C, 5D395C20D9121EA3970980703D8692380B4D8CFDAAC4FA8A2B352209F49318B7 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:50:52.0448 0x1668  viaide - ok
21:50:52.0459 0x1668  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:50:52.0461 0x1668  volmgr - ok
21:50:52.0497 0x1668  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:50:52.0504 0x1668  volmgrx - ok
21:50:52.0544 0x1668  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:50:52.0552 0x1668  volsnap - ok
21:50:52.0586 0x1668  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:50:52.0592 0x1668  vsmraid - ok
21:50:52.0673 0x1668  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
21:50:52.0718 0x1668  VSS - ok
21:50:52.0747 0x1668  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
21:50:52.0758 0x1668  W32Time - ok
21:50:52.0780 0x1668  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:50:52.0781 0x1668  WacomPen - ok
21:50:52.0801 0x1668  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:50:52.0803 0x1668  Wanarp - ok
21:50:52.0811 0x1668  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:50:52.0814 0x1668  Wanarpv6 - ok
21:50:52.0863 0x1668  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:50:52.0883 0x1668  wcncsvc - ok
21:50:52.0908 0x1668  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:50:52.0913 0x1668  WcsPlugInService - ok
21:50:52.0945 0x1668  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
21:50:52.0946 0x1668  Wd - ok
21:50:52.0998 0x1668  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:50:53.0018 0x1668  Wdf01000 - ok
21:50:53.0042 0x1668  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:50:53.0048 0x1668  WdiServiceHost - ok
21:50:53.0056 0x1668  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:50:53.0062 0x1668  WdiSystemHost - ok
21:50:53.0103 0x1668  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
21:50:53.0113 0x1668  WebClient - ok
21:50:53.0160 0x1668  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:50:53.0168 0x1668  Wecsvc - ok
21:50:53.0202 0x1668  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:50:53.0207 0x1668  wercplsupport - ok
21:50:53.0255 0x1668  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:50:53.0262 0x1668  WerSvc - ok
21:50:53.0309 0x1668  [ 0ACD399F5DB3DF1B58903CF4949AB5A8, F8FA0A8F631AA8F34A0506F1E5E09DFB6CDA1E9E92207A73A74F1A0E7768C49A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:50:53.0336 0x1668  winachsf - ok
21:50:53.0391 0x1668  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:50:53.0403 0x1668  WinDefend - ok
21:50:53.0423 0x1668  WinHttpAutoProxySvc - ok
21:50:53.0491 0x1668  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:50:53.0498 0x1668  Winmgmt - ok
21:50:53.0582 0x1668  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:50:53.0618 0x1668  WinRM - ok
21:50:53.0674 0x1668  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:50:53.0691 0x1668  Wlansvc - ok
21:50:53.0715 0x1668  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:50:53.0716 0x1668  WmiAcpi - ok
21:50:53.0764 0x1668  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:50:53.0769 0x1668  wmiApSrv - ok
21:50:53.0837 0x1668  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:50:53.0857 0x1668  WMPNetworkSvc - ok
21:50:53.0899 0x1668  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:50:53.0905 0x1668  WPCSvc - ok
21:50:53.0945 0x1668  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:50:53.0951 0x1668  WPDBusEnum - ok
21:50:54.0035 0x1668  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:50:54.0062 0x1668  WPFFontCache_v0400 - ok
21:50:54.0090 0x1668  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:50:54.0091 0x1668  ws2ifsl - ok
21:50:54.0125 0x1668  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:50:54.0129 0x1668  wscsvc - ok
21:50:54.0136 0x1668  WSearch - ok
21:50:54.0244 0x1668  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:50:54.0294 0x1668  wuauserv - ok
21:50:54.0343 0x1668  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:50:54.0345 0x1668  WudfPf - ok
21:50:54.0380 0x1668  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:54.0384 0x1668  WUDFRd - ok
21:50:54.0408 0x1668  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:50:54.0412 0x1668  wudfsvc - ok
21:50:54.0431 0x1668  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
21:50:54.0432 0x1668  XAudio - ok
21:50:54.0465 0x1668  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
21:50:54.0475 0x1668  XAudioService - ok
21:50:54.0525 0x1668  [ 7D1F3B131D503EF43EE594B5A2B9B427, 307DEC572FBC171D68ED098D73CB6F06754F26E51F8F7DB48035A8CF97AB37D0 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
21:50:54.0531 0x1668  yukonwlh - ok
21:50:54.0542 0x1668  ================ Scan global ===============================
21:50:54.0571 0x1668  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
21:50:54.0619 0x1668  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:50:54.0650 0x1668  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:50:54.0708 0x1668  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
21:50:54.0719 0x1668  [ Global ] - ok
21:50:54.0719 0x1668  ================ Scan MBR ==================================
21:50:54.0736 0x1668  [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
21:50:55.0121 0x1668  \Device\Harddisk0\DR0 - ok
21:50:55.0122 0x1668  ================ Scan VBR ==================================
21:50:55.0128 0x1668  [ AA780FAF39AAB9275309174C6440D194 ] \Device\Harddisk0\DR0\Partition1
21:50:55.0158 0x1668  \Device\Harddisk0\DR0\Partition1 - ok
21:50:55.0165 0x1668  [ 7907CDDE31C23A1F457E53F72B97F2B3 ] \Device\Harddisk0\DR0\Partition2
21:50:55.0187 0x1668  \Device\Harddisk0\DR0\Partition2 - ok
21:50:55.0188 0x1668  ================ Scan generic autorun ======================
21:50:55.0290 0x1668  [ AE567D261D281B51BE55E53A786E8574, 16B4D3483FB299C4E40956900CC3B356689EAC3AA8389E964EB34D721A011129 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
21:50:55.0327 0x1668  SynTPEnh - ok
21:50:55.0402 0x1668  [ 5E5208A733BBCC4571F384754A9A6746, C6BD41D0181C07F84D8CF53953E14398EAF365782F1E9E94C308CD07EE7F485C ] C:\Program Files\HP\QuickPlay\QPService.exe
21:50:55.0419 0x1668  QPService - ok
21:50:55.0478 0x1668  [ 601D77C0AA637A99073210894554B6BA, 0EE521E25512E7D303D6014D31F2D7057CEAA477F6481451111B941BCB8BF1F2 ] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
21:50:55.0486 0x1668  UpdateLBPShortCut - ok
21:50:55.0524 0x1668  [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
21:50:55.0532 0x1668  UpdatePSTShortCut - ok
21:50:55.0605 0x1668  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
21:50:55.0641 0x1668  Windows Defender - ok
21:50:55.0700 0x1668  [ F7CF218E5CAA6FC0BB55791AD31E2B3F, 838B99262BA2D8E9049AB8C4EAC29CB99FE8A4D500C33B5B0B0C05015FB9BAC0 ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
21:50:55.0706 0x1668  QlbCtrl.exe - ok
21:50:55.0760 0x1668  [ 601D77C0AA637A99073210894554B6BA, 0EE521E25512E7D303D6014D31F2D7057CEAA477F6481451111B941BCB8BF1F2 ] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
21:50:55.0766 0x1668  UpdateP2GoShortCut - ok
21:50:55.0822 0x1668  [ 601D77C0AA637A99073210894554B6BA, 0EE521E25512E7D303D6014D31F2D7057CEAA477F6481451111B941BCB8BF1F2 ] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
21:50:55.0828 0x1668  UpdatePDIRShortCut - ok
21:50:55.0869 0x1668  [ AE37F6508716D2DD6122744C46686BEC, 7B56FF8BE142772819E0FD4E9FA6CF9C194D1AF938C7463B1DD4D6C52E1593C2 ] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
21:50:55.0871 0x1668  HP Health Check Scheduler - ok
21:50:55.0933 0x1668  [ 8CB896C573FD15AE8B13180DA53E93D2, 47E46D77DF345D5BA970A662376828DB0141CE4A62E7DF40947EB6659CA598BC ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
21:50:55.0946 0x1668  hpWirelessAssistant - ok
21:50:55.0988 0x1668  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
21:50:55.0993 0x1668  IgfxTray - ok
21:50:56.0014 0x1668  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
21:50:56.0020 0x1668  HotKeysCmds - ok
21:50:56.0044 0x1668  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
21:50:56.0050 0x1668  Persistence - ok
21:50:56.0129 0x1668  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:50:56.0155 0x1668  Adobe ARM - ok
21:50:56.0210 0x1668  [ 234051C0D242A6F4A79AE5212C1323D4, CA40BDB2AC40D1685310B4D56E97C91B72626D5C2CC3A986139CB37BA1071E7E ] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
21:50:56.0212 0x1668  LogMeIn GUI - ok
21:50:56.0240 0x1668  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
21:50:56.0242 0x1668  HP Software Update - ok
21:50:56.0345 0x1668  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:50:56.0393 0x1668  Sidebar - ok
21:50:56.0401 0x1668  WindowsWelcomeCenter - ok
21:50:56.0457 0x1668  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:50:56.0490 0x1668  Sidebar - ok
21:50:56.0498 0x1668  WindowsWelcomeCenter - ok
21:50:56.0633 0x1668  [ 4A9295C9BE22739D030AB072E9A0B169, 160DD838AAE97B448D5443BB05C3C1D97637A72FFA714143CF69BA5A7FC066A6 ] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
21:50:56.0707 0x1668  LightScribe Control Panel - ok
21:50:56.0787 0x1668  [ 615F5FD6A019633B7EE6451BFA65A881, F755B6319AC59EB4E7F3B3B2143D6D0FED3E8785D204B5A9FC5D23D75FF5DC3E ] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
21:50:56.0808 0x1668  HPAdvisor - ok
21:50:56.0923 0x1668  [ B43E68B8A022FB00FF54360D408E871B, 414F8F45729CAEC81A09A72A473EB12DC2ED861C39DFD343ECE79652F65DCEA8 ] C:\Program Files\Google\Chrome\Application\chrome.exe
21:50:56.0941 0x1668  GoogleChromeAutoLaunch_CB5D897B3EA6C1092CD0BBB52B18E9B2 - ok
21:50:56.0965 0x1668  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
21:50:56.0970 0x1668  WMPNSCFG - ok
21:50:56.0971 0x1668  Waiting for KSN requests completion. In queue: 316
21:50:57.0972 0x1668  Waiting for KSN requests completion. In queue: 316
21:50:58.0972 0x1668  Waiting for KSN requests completion. In queue: 316
21:50:59.0972 0x1668  Waiting for KSN requests completion. In queue: 316
21:51:00.0972 0x1668  Waiting for KSN requests completion. In queue: 316
21:51:01.0972 0x1668  Waiting for KSN requests completion. In queue: 316
21:51:02.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:03.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:04.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:05.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:06.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:07.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:08.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:09.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:10.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:11.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:12.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:13.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:14.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:15.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:16.0972 0x1668  Waiting for KSN requests completion. In queue: 1
21:51:18.0004 0x1668  AV detected via SS2: Norton 360, C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe ( 21.4.0.0 ), 0x51000 ( enabled : updated )
21:51:18.0008 0x1668  FW detected via SS2: Norton 360, C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe ( 21.4.0.0 ), 0x51010 ( enabled )
21:51:20.0766 0x1668  ============================================================
21:51:20.0766 0x1668  Scan finished
21:51:20.0766 0x1668  ============================================================
21:51:20.0789 0x17bc  Detected object count: 0
21:51:20.0789 0x17bc  Actual detected object count: 0
21:51:25.0020 0x1730  Deinitialize success
 

 

 

-------------------------------------------------------

 aswMBR report

-------------------------------------------------------

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-24 21:55:03
-----------------------------
21:55:03.684    OS Version: Windows 6.0.6002 Service Pack 2
21:55:03.684    Number of processors: 2 586 0x170A
21:55:03.685    ComputerName: DIANA-PC  UserName: diana
21:55:06.813    Initialize success
21:55:06.975    VM: initialized successfully
21:55:06.981    VM: Intel CPU virtualization not supported
22:02:39.645    AVAST engine defs: 14072401
22:02:59.483    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:02:59.491    Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40J Size: 238475MB BusType: 3
22:02:59.829    Disk 0 MBR read successfully
22:02:59.838    Disk 0 MBR scan
22:02:59.851    Disk 0 unknown MBR code
22:02:59.868    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       227288 MB offset 2048
22:02:59.916    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11183 MB offset 465487872
22:02:59.949    Disk 0 scanning sectors +488390656
22:03:00.344    Disk 0 scanning C:\Windows\system32\drivers
22:03:23.481    Service scanning
22:03:32.925    Service BHDrvx86 C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys **LOCKED** 5
22:03:33.674    Service ccSet_N360 C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys **LOCKED** 5
22:03:40.263    Service IDSVix86 C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140724.001\IDSvix86.sys **LOCKED** 5
22:03:44.808    Service NAVENG C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140724.023\NAVENG.SYS **LOCKED** 5
22:03:45.165    Service NAVEX15 C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140724.023\NAVEX15.SYS **LOCKED** 5
22:03:53.063    Service SRTSPX C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS **LOCKED** 5
22:03:53.978    Service SymDS C:\Windows\system32\drivers\N360\1504000.00D\SYMDS.SYS **LOCKED** 5
22:03:54.273    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
22:03:54.407    Service SymIRON C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS **LOCKED** 5
22:03:54.504    Service SYMTDIv C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS **LOCKED** 5
22:04:01.924    Modules scanning
22:04:12.511    Disk 0 trace - called modules:
22:04:12.547    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
22:04:12.568    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86722ac8]
22:04:12.586    3 CLASSPNP.SYS[8a8138b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d1eb98]
22:04:14.319    AVAST engine scan C:\Windows
22:04:18.453    AVAST engine scan C:\Windows\system32
22:08:11.692    AVAST engine scan C:\Windows\system32\drivers
22:08:33.314    AVAST engine scan C:\Users\diana
22:13:28.442    AVAST engine scan C:\ProgramData
22:16:33.273    Scan finished successfully
22:17:35.502    Disk 0 MBR has been saved successfully to "C:\Users\diana\Documents\IT Files\Malware Recovery - 07-15-2014\BC Logs\MBR.dat"
22:17:35.514    The log file has been saved successfully to "C:\Users\diana\Documents\IT Files\Malware Recovery - 07-15-2014\BC Logs\aswMBR.txt"

  

-------------------------------------------------------

FRST Results

-------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014 01
Ran by diana (administrator) on DIANA-PC on 24-07-2014 22:21:59
Running from C:\Users\diana\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\Run: [GoogleChromeAutoLaunch_CB5D897B3EA6C1092CD0BBB52B18E9B2] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\MountPoints2: {35287d80-0158-11df-82d1-001f16e1b64a} - F:\CDStart.exe
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=MTMHPCAMPAIGN
URLSearchHook: HKCU - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {83A5C533-9702-4876-BE37-6A946DB0A6E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - DefaultScope {83A5C533-9702-4876-BE37-6A946DB0A6E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {83A5C533-9702-4876-BE37-6A946DB0A6E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\diana\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-27]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-23]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-15]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage:
CHR NewTab: "chrome-extension://klibnahbojhkanfgaglnlalfkgpcppfi/Search/NewTabPages/html/new_tab.html", "chrome-extension://gpaiibklhaneknloaoccoidbaffjjlnb/Search/NewTabPages/html/new_tab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Wajam) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.9.8_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.9.8_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.9.8_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.9.8_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-24]
CHR Extension: (Norton Identity Protection) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-04]
CHR Extension: (Google Wallet) - C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-26] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-30] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140724.001\IDSvix86.sys [395992 2014-06-27] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140724.023\NAVENG.SYS [93272 2014-06-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140724.023\NAVEX15.SYS [1612376 2014-06-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [X]
U3 aswMBR; \??\C:\Users\diana\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\diana\AppData\Local\Temp\aswVmm.sys [X]
U3 mbr; \??\C:\Users\diana\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 22:21 - 2014-07-24 22:22 - 00017845 _____ () C:\Users\diana\Desktop\FRST.txt
2014-07-24 22:21 - 2014-07-24 22:22 - 00000000 ____D () C:\FRST
2014-07-24 22:19 - 2014-07-24 22:19 - 01084416 _____ (Farbar) C:\Users\diana\Desktop\FRST.exe
2014-07-24 21:54 - 2014-07-24 21:54 - 05185536 _____ (AVAST Software) C:\Users\diana\Desktop\aswMBR.exe
2014-07-24 21:49 - 2014-07-24 21:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\diana\Desktop\tdsskiller.exe
2014-07-23 13:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-21 22:18 - 2014-07-21 22:18 - 00000000 ____D () C:\Temp
2014-07-16 14:51 - 2014-07-16 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-16 12:51 - 2014-07-16 12:51 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 12:40 - 2014-07-23 14:08 - 00000000 ____D () C:\AdwCleaner
2014-07-16 11:18 - 2014-07-22 09:55 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-16 11:18 - 2014-07-16 11:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-09 21:02 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 21:02 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 21:02 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 21:02 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 21:02 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 21:02 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 21:02 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 21:02 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 21:02 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 21:02 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 21:02 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 21:02 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 21:02 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 21:02 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 21:02 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 21:02 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 21:02 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 21:02 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 21:02 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 21:02 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 21:02 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 21:02 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 21:02 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 21:02 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 09:19 - 2014-07-08 09:20 - 00000000 ____D () C:\Users\diana\AppData\Roaming\HpUpdate
2014-07-08 09:19 - 2014-07-08 09:19 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-06-30 10:11 - 2014-04-26 09:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-30 10:11 - 2014-04-04 19:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-30 10:11 - 2014-03-09 18:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-30 10:11 - 2014-03-09 18:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 22:22 - 2014-07-24 22:21 - 00017845 _____ () C:\Users\diana\Desktop\FRST.txt
2014-07-24 22:22 - 2014-07-24 22:21 - 00000000 ____D () C:\FRST
2014-07-24 22:19 - 2014-07-24 22:19 - 01084416 _____ (Farbar) C:\Users\diana\Desktop\FRST.exe
2014-07-24 22:18 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 22:18 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 21:54 - 2014-07-24 21:54 - 05185536 _____ (AVAST Software) C:\Users\diana\Desktop\aswMBR.exe
2014-07-24 21:49 - 2014-07-24 21:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\diana\Desktop\tdsskiller.exe
2014-07-24 16:26 - 2013-05-24 10:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 16:13 - 2013-05-24 10:19 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 12:33 - 2009-07-30 09:07 - 01174135 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 10:12 - 2013-05-24 10:19 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 09:26 - 2012-03-22 20:17 - 00000000 ____D () C:\Program Files\Citrix
2014-07-24 09:20 - 2013-08-11 14:58 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-23 19:28 - 2009-07-30 09:43 - 00000254 _____ () C:\ProgramData\hpqp.ini
2014-07-23 19:23 - 2014-01-29 14:34 - 00000881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-23 19:23 - 2014-01-29 14:34 - 00000865 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-23 19:23 - 2011-10-16 08:00 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-07-23 19:23 - 2008-01-20 19:47 - 01516984 _____ () C:\Windows\PFRO.log
2014-07-23 19:23 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 16:24 - 2006-11-02 06:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-23 14:08 - 2014-07-16 12:40 - 00000000 ____D () C:\AdwCleaner
2014-07-22 09:55 - 2014-07-16 11:18 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-21 22:18 - 2014-07-21 22:18 - 00000000 ____D () C:\Temp
2014-07-21 19:39 - 2006-11-02 03:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 15:13 - 2014-01-15 19:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-21 15:13 - 2010-01-14 15:40 - 00002059 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-21 15:13 - 2010-01-14 15:39 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-20 15:32 - 2010-10-24 15:46 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-07-18 17:16 - 2012-03-22 20:17 - 00000000 ____D () C:\Users\diana\AppData\Local\Citrix
2014-07-18 16:57 - 2013-08-11 14:57 - 00000000 ____D () C:\Program Files\LogMeIn
2014-07-18 16:56 - 2013-08-11 14:58 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-18 16:56 - 2013-08-11 14:58 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-18 16:56 - 2013-08-11 14:58 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-07-18 11:19 - 2013-05-24 10:19 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 16:58 - 2013-08-11 14:58 - 00001024 _____ () C:\.rnd
2014-07-16 16:08 - 2014-07-16 14:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-16 13:35 - 2010-08-05 16:51 - 00000680 _____ () C:\Users\diana\AppData\Local\d3d9caps.dat
2014-07-16 12:51 - 2014-07-16 12:51 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 11:18 - 2014-07-16 11:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 20:12 - 2006-11-02 05:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-07-15 20:11 - 2013-08-10 09:46 - 00000000 ____D () C:\Users\diana\Documents\IT Files
2014-07-15 14:51 - 2009-09-04 16:31 - 00000000 ____D () C:\Users\diana
2014-07-10 03:22 - 2006-11-02 05:47 - 00316080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:20 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:03 - 2013-08-11 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:01 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 11:26 - 2013-05-24 10:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 11:26 - 2013-05-24 10:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 09:20 - 2014-07-08 09:19 - 00000000 ____D () C:\Users\diana\AppData\Roaming\HpUpdate
2014-07-08 09:19 - 2014-07-08 09:19 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-07-08 09:19 - 2009-04-22 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-08 09:19 - 2009-04-22 08:17 - 00000000 ____D () C:\Program Files\HP
2014-06-30 14:51 - 2013-08-11 14:25 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-30 14:51 - 2013-08-11 14:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-30 11:01 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
2014-06-30 11:01 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-30 11:01 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
2014-06-30 11:01 - 2006-11-02 03:22 - 44302336 _____ () C:\Windows\system32\config\software_previous
2014-06-30 11:01 - 2006-11-02 03:22 - 21495808 _____ () C:\Windows\system32\config\system_previous
2014-06-30 10:24 - 2006-11-02 03:22 - 42729472 _____ () C:\Windows\system32\config\components_previous
2014-06-30 10:24 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

Files to move or delete:
====================
C:\Users\diana\g2ax_customer_downloadhelper_win32_x86.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-24 19:37

==================== End Of Log ============================

 

 

-------------------------------------------------------

 FRST Addition Log

-------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-07-2014 01
Ran by diana at 2014-07-24 22:22:39
Running from C:\Users\diana\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LogMeIn (HKLM\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM\...\{96384578-C6A2-4EC6-92CD-B62A60713040}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.40115.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Norton 360 (HKLM\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Watchtower Library 2012 - English (HKLM\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.20 - WildTangent)
Word Free (HKLM\...\wordfree) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

13-07-2014 07:00:01 Scheduled Checkpoint
14-07-2014 01:31:42 Scheduled Checkpoint
15-07-2014 07:00:00 Scheduled Checkpoint
16-07-2014 03:50:39 Scheduled Checkpoint
16-07-2014 20:43:19 Removed Java 7 Update 45
16-07-2014 22:23:39 Malwarebytes Anti-Rootkit Restore Point
18-07-2014 07:53:47 Scheduled Checkpoint
19-07-2014 07:27:53 Scheduled Checkpoint
20-07-2014 07:00:01 Scheduled Checkpoint
21-07-2014 07:39:15 Scheduled Checkpoint
21-07-2014 22:50:40 Scheduled Checkpoint
23-07-2014 07:00:03 Scheduled Checkpoint
24-07-2014 03:31:35 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0769258D-68E7-4C42-86F1-C59EC4B5E813} - System32\Tasks\HPCeeScheduleFordiana => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {509F4278-946C-41FA-A49B-99DFB97C74BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {7461D75F-72FF-44BF-B179-0CF6A97531B7} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {751643F7-173E-4BC6-BD9A-517706B38AF1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8710DA6A-9F1B-4E17-8914-B9A1CA80698F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {C72AFAE4-CD37-4471-B165-AFACEFC0BD04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C8D2320C-3E52-4ED8-8AB2-5EBE968658A3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D2B9266C-FBE2-4412-B1B0-7CBD92C710C3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FB656587-9C6A-4A9C-9CB6-5C98D4DB1FA2} - \PriceFinderUpdate No Task File <==== ATTENTION
Task: {FE221710-9A0E-4334-913F-105963CC8782} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFordiana.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2009-04-22 08:17 - 2008-10-06 09:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-22 08:17 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-22 08:11 - 2008-09-15 07:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-09-30 16:52 - 2008-09-30 16:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-09-30 16:56 - 2008-09-30 16:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-12-27 18:34 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-09-30 16:52 - 2008-09-30 16:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-04-22 07:14 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77302962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77302962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 07:45:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {57407057-a44c-41c4-8155-a147ecf7a9fe}

Error: (07/23/2014 07:42:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {57407057-a44c-41c4-8155-a147ecf7a9fe}

Error: (07/23/2014 07:23:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2014 02:26:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/24/2014 09:34:19 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 09:12:11 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 08:37:57 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 07:39:29 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 06:53:08 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 03:53:30 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 02:55:02 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 02:08:41 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 01:34:27 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (07/24/2014 01:12:20 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-24 22:22:19.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:19.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:18.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:18.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:08.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:07.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:06.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 22:22:06.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-23 13:30:22.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-23 13:30:21.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3002.45 MB
Available physical RAM: 1594.2 MB
Total Pagefile: 6231.15 MB
Available Pagefile: 4824.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.96 GB) (Free:155.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 1A127DC8)
Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

----------------------------------------------

System Summary zipfile attached 

----------------------------------------------

 

Thanks!  Looking forward to the next steps...

 

Steve

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:05 AM

Posted 25 July 2014 - 08:44 AM

Greetings,

I don't believe the RogueKiller report is indicating an infection, rather those results are because of your antivirus program and are legitimate. The only way to be certain is to remove Norton and rerun the programs. I don't think that is necessary but if it would help comfort you we can certainly take those steps.

Please do these things for me.

===================================================
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\MountPoints2: {35287d80-0158-11df-82d1-001f16e1b64a} - F:\CDStart.exe
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [X]
U3 aswMBR; \??\C:\Users\diana\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\diana\AppData\Local\Temp\aswVmm.sys [X]
U3 mbr; \??\C:\Users\diana\AppData\Local\Temp\mbr.sys [X]
C:\Users\diana\g2ax_customer_downloadhelper_win32_x86.exe
Task: {FB656587-9C6A-4A9C-9CB6-5C98D4DB1FA2} - \PriceFinderUpdate No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Junkware log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 July 2014 - 01:02 PM

Hi Gary,

 

Glad to hear the RogueKiller results aren't anything to worry about.  I'm not going to bother uninstalling Norton to confirm it...

 

Here are the logs you requested:

 

-----------------------------------------------------

Fixlog

-----------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-07-2014 01
Ran by diana at 2014-07-25 09:37:42 Run:1
Running from C:\Users\diana\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\...\MountPoints2: {35287d80-0158-11df-82d1-001f16e1b64a} - F:\CDStart.exe
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMFW;
\SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [X]
U3 aswMBR; \??\C:\Users\diana\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\diana\AppData\Local\Temp\aswVmm.sys [X]
U3 mbr; \??\C:\Users\diana\AppData\Local\Temp\mbr.sys [X]
C:\Users\diana\g2ax_customer_downloadhelper_win32_x86.exe
Task: {FB656587-9C6A-4A9C-9CB6-5C98D4DB1FA2} - \PriceFinderUpdate No Task File <==== ATTENTION

*****************

"HKU\S-1-5-21-3587560559-4080908623-2973870022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35287d80-0158-11df-82d1-001f16e1b64a}" => Key deleted successfully.
"HKCR\CLSID\{35287d80-0158-11df-82d1-001f16e1b64a}" => Key not found.
IpInIp => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SYMFW => Service deleted successfully.
\SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [X] => Error: No automatic fix found for this entry.
SYMNDISV => Service deleted successfully.
aswMBR => Service deleted successfully.
aswVmm => Service deleted successfully.
mbr => Service deleted successfully.
C:\Users\diana\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB656587-9C6A-4A9C-9CB6-5C98D4DB1FA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB656587-9C6A-4A9C-9CB6-5C98D4DB1FA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceFinderUpdate" => Key deleted successfully.

==== End of Fixlog ====

 

 

 

-----------------------------------------------------

Junkware log

 

NOTE:  When I run JRT in normal operating mode (with Norton disabled), I get the following message:

 

"A bad module has been detected!
A reboot is required to remove modules."

 

And then a Yes/No prompt to reboot or not reboot

 

I ran JRT both ways - with and without the reboot - the report came back the same.

 

I also attempted to run JRT in Safe Mode and no joy - the DOS window pops up and just sits there, blank with a blinking cursor - nothing ever happens.  I tried tapping a key (space bar) and still, nothing happens.

 

Since the reboot/no-reboot results were the same, I just posted one:

-----------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by diana on Fri 07/25/2014 at 10:18:10.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/25/2014 at 10:22:35.74
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

-----------------------------------------------------

Security Check Log  -  NOTE:  I had to run this in Safe Mode.  In normal operating mode, I got a message stating : "Unsupported operating system - aborted"

-----------------------------------------------------

 

 Results of screen317's Security Check version 0.99.86 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Disabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.153 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

-----------------------------------------------------

-----------------------------------------------------

 

Thanks again for your help!

 

Steve



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:05 AM

Posted 25 July 2014 - 01:10 PM

Hi Steve,

We can always address Norton if something comes up.

I noticed you already ran AdwCleaner but I would like you to run it again. In addition please do this.

===================================================

Sophos Free Virus Removal Tool

--------------------
  • Download Sophos Free Virus Removal Tool and save it to your desktop
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.

Adobe Reader Update
  • Please download Adobe Reader
  • After installing the latest Adobe Reader, uninstall all previous versions through Add/Remove Programs.
  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Sophos log
  • Did Adobe update properly?
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 July 2014 - 06:21 PM

Ok, here's the next batch of logs and info for ya:

 

-  No issues detected by either AdwCleaner or Sophos (logs are below)

-  I wasn't aware you could "cheat" and install Adobe Reader XI on Vista machines.  Adobe does their best to prevent that.  Both the regular download page I use AND the link you provided end up on a page that presents Adobe Reader X (10.0.04).  So I did a little searching and found a different path to get to a Reader XI download (http://get.adobe.com/reader/enterprise/).  In order to get it, I had to lie and say the OS is Win7.  But it installed successfully.

-  Nope, as far as I can see, I'm not seeing any symptoms of any lingering malware infections.

 

Here are the requested logs:

 

------------------------------------------------------

AdwCleaner log

------------------------------------------------------

# AdwCleaner v3.216 - Report created 25/07/2014 at 11:32:26
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : diana - DIANA-PC
# Running from : C:\Users\diana\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\diana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7999 octets] - [16/07/2014 12:40:07]
AdwCleaner[R1].txt - [889 octets] - [16/07/2014 13:18:50]
AdwCleaner[R2].txt - [1602 octets] - [23/07/2014 13:38:34]
AdwCleaner[R3].txt - [1068 octets] - [23/07/2014 14:08:01]
AdwCleaner[R4].txt - [870 octets] - [25/07/2014 11:32:26]
AdwCleaner[S0].txt - [8264 octets] - [16/07/2014 12:41:24]
AdwCleaner[S1].txt - [1673 octets] - [23/07/2014 13:42:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1049 octets] ##########

 

 

 

------------------------------------------------------

Sophos log

------------------------------------------------------

2014-07-25 18:42:33.334 Sophos Virus Removal Tool version 2.5.2
2014-07-25 18:42:33.335 Copyright © 2009-2014 Sophos Limited. All rights reserved.

2014-07-25 18:42:33.335 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-07-25 18:42:33.335 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2014-07-25 18:42:33.336 Checking for updates...
2014-07-25 18:42:37.930 Update progress: proxy server not available
2014-07-25 18:42:53.264 Option all = no
2014-07-25 18:42:53.264 Option recurse = yes
2014-07-25 18:42:53.265 Option archive = no
2014-07-25 18:42:53.265 Option service = yes
2014-07-25 18:42:53.265 Option confirm = yes
2014-07-25 18:42:53.265 Option sxl = yes
2014-07-25 18:42:53.267 Option max-data-age = 35
2014-07-25 18:42:53.267 Option EnableSafeClean = yes
2014-07-25 18:42:58.221 Component SVRTcli.exe version 2.5
2014-07-25 18:42:58.221 Component control.dll version 2.5
2014-07-25 18:42:58.222 Component SVRTservice.exe version 2.5
2014-07-25 18:42:58.222 Component engine\osdp.dll version 1.44.1.2162
2014-07-25 18:42:58.222 Component engine\veex.dll version 3.53.2.2162
2014-07-25 18:42:58.222 Component engine\savi.dll version 8.1.2.2162
2014-07-25 18:42:58.357 Component rkdisk.dll version 1.5.30.0
2014-07-25 18:42:58.357 Version info: Product version 2.5
2014-07-25 18:42:58.360 Version info: Detection engine 3.53.2
2014-07-25 18:42:58.360 Version info: Detection data 5.02
2014-07-25 18:42:58.360 Version info: Build date 6/19/2014
2014-07-25 18:42:58.360 Version info: Data files added 552
2014-07-25 18:42:58.360 Version info: Last successful update (not yet updated)
2014-07-25 18:43:39.281 Downloading updates...
2014-07-25 18:43:39.287 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-07-25 18:43:39.287 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-07-25 18:43:39.287 Update progress: [I49502] Found supplement IDE503 LATEST
2014-07-25 18:43:39.287 Update progress: [I49502] Found supplement IDE504 LATEST
2014-07-25 18:43:39.287 Update progress: [I49502] Found supplement IDE505 LATEST
2014-07-25 18:43:39.287 Update progress: [I49502] Found supplement IDE506 LATEST
2014-07-25 18:43:39.287 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-07-25 18:43:39.287 Update progress: [I19463] Syncing product SAVIW32 41
2014-07-25 18:43:46.762 Update progress: [I19463] Syncing product IDE503 184
2014-07-25 18:43:49.173 Installing updates...
2014-07-25 18:43:51.004 Update progress: [I19463] Syncing product IDE504 178
2014-07-25 18:43:51.004 Update progress: [I19463] Syncing product IDE505 175
2014-07-25 18:43:51.004 Update progress: [I19463] Syncing product IDE506 24
2014-07-25 18:44:22.247 Update successful
2014-07-25 18:44:39.943 Option all = no
2014-07-25 18:44:39.943 Option recurse = yes
2014-07-25 18:44:39.943 Option archive = no
2014-07-25 18:44:39.943 Option service = yes
2014-07-25 18:44:39.943 Option confirm = yes
2014-07-25 18:44:39.943 Option sxl = yes
2014-07-25 18:44:39.946 Option max-data-age = 35
2014-07-25 18:44:39.946 Option EnableSafeClean = yes
2014-07-25 18:44:40.026 Component SVRTcli.exe version 2.5
2014-07-25 18:44:40.026 Component control.dll version 2.5
2014-07-25 18:44:40.026 Component SVRTservice.exe version 2.5
2014-07-25 18:44:40.026 Component engine\osdp.dll version 1.44.1.2162
2014-07-25 18:44:40.027 Component engine\veex.dll version 3.53.2.2162
2014-07-25 18:44:40.027 Component engine\savi.dll version 8.1.2.2162
2014-07-25 18:44:40.028 Component rkdisk.dll version 1.5.30.0
2014-07-25 18:44:40.028 Version info: Product version 2.5
2014-07-25 18:44:40.030 Version info: Detection engine 3.53.2
2014-07-25 18:44:40.030 Version info: Detection data 5.02G
2014-07-25 18:44:40.030 Version info: Build date 6/19/2014
2014-07-25 18:44:40.030 Version info: Data files added 552
2014-07-25 18:44:40.030 Version info: Last successful update 7/25/2014 11:44:22 AM

2014-07-25 19:18:18.506 Could not open C:\pagefile.sys
2014-07-25 19:31:56.411 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_AVPAPP_{BB639333-810A-4bf8-85F5-C537857F55FC}1
2014-07-25 19:31:56.412 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}1
2014-07-25 19:31:56.413 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_ISDATAPR_{FF9AC67A-E394-46ae-B150-B3365343F166}G
2014-07-25 19:31:56.414 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_RDRPluginG
2014-07-25 19:31:56.415 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_SNDPluginG
2014-07-25 19:31:56.415 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_SvcMgr-A2B50D70-5EA1-45a0-A983-0DB9E7101676G
2014-07-25 19:31:56.417 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_{4E9CB39A-5F78-4887-A3D6-2790DE9DDE11}1
2014-07-25 19:31:56.418 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\_lck\_{869594F6-6511-4780-AD37-49B479DA2A4F}1
2014-07-25 19:34:34.802 Could not open C:\System Volume Information\{01a2d0e1-0c97-11e4-9558-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.802 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.803 Could not open C:\System Volume Information\{3f056e3b-0d2c-11e4-a490-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.804 Could not open C:\System Volume Information\{46b58ed1-0af1-11e4-b148-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.805 Could not open C:\System Volume Information\{46b58f1a-0af1-11e4-b148-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.805 Could not open C:\System Volume Information\{6382732c-12d9-11e4-89fa-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.806 Could not open C:\System Volume Information\{63827332-12d9-11e4-89fa-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.806 Could not open C:\System Volume Information\{6382735e-12d9-11e4-89fa-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.807 Could not open C:\System Volume Information\{6382737c-12d9-11e4-89fa-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.807 Could not open C:\System Volume Information\{69552c74-0d28-11e4-ac84-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.808 Could not open C:\System Volume Information\{80ebdf7e-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.808 Could not open C:\System Volume Information\{80ebdfc3-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.809 Could not open C:\System Volume Information\{80ebdff8-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.809 Could not open C:\System Volume Information\{80ebe005-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.810 Could not open C:\System Volume Information\{80ebe026-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.810 Could not open C:\System Volume Information\{80ebe031-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.811 Could not open C:\System Volume Information\{80ebe052-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.811 Could not open C:\System Volume Information\{80ebe060-0d3f-11e4-b802-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.811 Could not open C:\System Volume Information\{863e9530-1158-11e4-81ee-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.812 Could not open C:\System Volume Information\{863e953b-1158-11e4-81ee-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.812 Could not open C:\System Volume Information\{f9b7f475-1421-11e4-9620-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.813 Could not open C:\System Volume Information\{fc74d4ad-1123-11e4-86bb-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:34:34.813 Could not open C:\System Volume Information\{fc74d4c9-1123-11e4-86bb-001f16e1b64a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-25 19:39:28.983 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-07-25 19:39:28.985 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-07-25 19:39:32.921 Could not open C:\Windows\System32\config\components
2014-07-25 19:39:32.978 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2014-07-25 19:39:32.982 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-07-25 19:39:32.985 Could not open C:\Windows\System32\config\RegBack\SAM
2014-07-25 19:39:32.989 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-07-25 19:39:32.993 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-07-25 19:39:32.997 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-07-25 20:02:28.539 SafeClean bin directory is empty.

2014-07-25 21:25:06.636 Scan completed.
2014-07-25 21:25:06.636 

------------------------------------------------------------

 

Thanks! 

 

Steve



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:05 AM

Posted 25 July 2014 - 06:42 PM

Hi Steve,

It looks like you are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:05 AM

Posted 28 July 2014 - 01:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users