[Essexboy]

So the redirects are now gone ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[Advertisements]

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hunt :: HUNT-PC [administrator]

Protection: Disabled

8/3/2012 1:43:21 PM
mbam-log-2012-08-03 (13-43-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196310
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[sknywhtdude]

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hunt :: HUNT-PC [administrator]

Protection: Disabled

8/3/2012 1:43:21 PM
mbam-log-2012-08-03 (13-43-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196310
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Essexboy]

Could you confirm tht the redirects are no longer appearing

[sknywhtdude]

they don't seem to be appearing any longer, i had it on both this computer/laptop and my desktop but none are performing the same actions.

[sknywhtdude]

I immediately ran a scan on tdsskiller on my desktop as well, (my computers are now side by side) and it found on suspicious program but nothing malicious would you like to see it?

[Essexboy]

Yes please, is the desktop also misbehaving ?

[sknywhtdude]

This is my desktop, did the format on the c:\ drive yesterday with fresh windows 7. Google chrome again seems to be acting fine with no redirects as far as i know right now. Not much searching has been going on since the problems started.


13:02:52.0694 1132 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:02:54.0697 1132 ============================================================
13:02:54.0697 1132 Current date / time: 2012/08/03 13:02:54.0697
13:02:54.0697 1132 SystemInfo:
13:02:54.0697 1132
13:02:54.0697 1132 OS Version: 6.1.7601 ServicePack: 1.0
13:02:54.0697 1132 Product type: Workstation
13:02:54.0697 1132 ComputerName: HUNTS-PC
13:02:54.0697 1132 UserName: Hunts
13:02:54.0697 1132 Windows directory: C:\Windows
13:02:54.0697 1132 System windows directory: C:\Windows
13:02:54.0697 1132 Processor architecture: Intel x86
13:02:54.0697 1132 Number of processors: 2
13:02:54.0697 1132 Page size: 0x1000
13:02:54.0697 1132 Boot type: Normal boot
13:02:54.0697 1132 ============================================================
13:02:56.0528 1132 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:02:56.0530 1132 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:02:56.0533 1132 ============================================================
13:02:56.0533 1132 \Device\Harddisk0\DR0:
13:02:56.0533 1132 MBR partitions:
13:02:56.0533 1132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x32000
13:02:56.0533 1132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D800, BlocksNum 0x1D15B000
13:02:56.0534 1132 \Device\Harddisk1\DR1:
13:02:56.0534 1132 MBR partitions:
13:02:56.0534 1132 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74706D71
13:02:56.0534 1132 ============================================================
13:02:56.0562 1132 C: <-> \Device\Harddisk0\DR0\Partition1
13:02:56.0573 1132 H: <-> \Device\Harddisk1\DR1\Partition0
13:02:56.0574 1132 ============================================================
13:02:56.0574 1132 Initialize success
13:02:56.0574 1132 ============================================================
13:03:01.0900 1660 ============================================================
13:03:01.0900 1660 Scan started
13:03:01.0900 1660 Mode: Manual; SigCheck; TDLFS;
13:03:01.0900 1660 ============================================================
13:03:03.0223 1660 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:03:03.0366 1660 1394ohci - ok
13:03:03.0415 1660 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:03:03.0455 1660 ACPI - ok
13:03:03.0496 1660 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:03:03.0566 1660 AcpiPmi - ok
13:03:03.0624 1660 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:03:03.0696 1660 AdobeFlashPlayerUpdateSvc - ok
13:03:03.0736 1660 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:03:03.0799 1660 adp94xx - ok
13:03:03.0823 1660 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:03:03.0869 1660 adpahci - ok
13:03:03.0896 1660 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:03:03.0936 1660 adpu320 - ok
13:03:03.0969 1660 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:03:04.0006 1660 AeLookupSvc - ok
13:03:04.0054 1660 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:03:04.0143 1660 AFD - ok
13:03:04.0182 1660 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:03:04.0222 1660 agp440 - ok
13:03:04.0281 1660 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:03:04.0316 1660 aic78xx - ok
13:03:04.0359 1660 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:03:04.0417 1660 ALG - ok
13:03:04.0481 1660 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:03:04.0507 1660 aliide - ok
13:03:04.0531 1660 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:03:04.0558 1660 amdagp - ok
13:03:04.0583 1660 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:03:04.0609 1660 amdide - ok
13:03:04.0638 1660 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:03:04.0682 1660 AmdK8 - ok
13:03:04.0695 1660 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:03:04.0766 1660 AmdPPM - ok
13:03:04.0798 1660 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:03:04.0835 1660 amdsata - ok
13:03:04.0882 1660 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:03:04.0924 1660 amdsbs - ok
13:03:04.0943 1660 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:03:04.0978 1660 amdxata - ok
13:03:05.0035 1660 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:03:05.0119 1660 AppID - ok
13:03:05.0161 1660 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:03:05.0251 1660 AppIDSvc - ok
13:03:05.0300 1660 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:03:05.0364 1660 Appinfo - ok
13:03:05.0396 1660 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:03:05.0433 1660 arc - ok
13:03:05.0457 1660 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:03:05.0488 1660 arcsas - ok
13:03:05.0509 1660 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:03:05.0560 1660 AsyncMac - ok
13:03:05.0622 1660 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:03:05.0663 1660 atapi - ok
13:03:05.0746 1660 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:03:05.0818 1660 AudioEndpointBuilder - ok
13:03:05.0825 1660 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:03:05.0873 1660 Audiosrv - ok
13:03:05.0922 1660 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:03:06.0015 1660 AxInstSV - ok
13:03:06.0144 1660 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:03:06.0198 1660 b06bdrv - ok
13:03:06.0241 1660 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:03:06.0305 1660 b57nd60x - ok
13:03:06.0451 1660 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:03:06.0560 1660 BCM43XX - ok
13:03:06.0652 1660 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:03:06.0752 1660 BDESVC - ok
13:03:06.0812 1660 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:03:06.0877 1660 Beep - ok
13:03:06.0959 1660 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:03:07.0026 1660 BFE - ok
13:03:07.0193 1660 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
13:03:07.0267 1660 BHDrvx86 - ok
13:03:07.0322 1660 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:03:07.0397 1660 BITS - ok
13:03:07.0443 1660 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:03:07.0493 1660 blbdrive - ok
13:03:07.0531 1660 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:03:07.0571 1660 bowser - ok
13:03:07.0587 1660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:03:07.0652 1660 BrFiltLo - ok
13:03:07.0662 1660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:03:07.0709 1660 BrFiltUp - ok
13:03:07.0768 1660 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:03:07.0827 1660 Browser - ok
13:03:07.0865 1660 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:03:07.0917 1660 Brserid - ok
13:03:07.0940 1660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:03:07.0985 1660 BrSerWdm - ok
13:03:08.0014 1660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:03:08.0048 1660 BrUsbMdm - ok
13:03:08.0070 1660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:03:08.0117 1660 BrUsbSer - ok
13:03:08.0149 1660 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:03:08.0192 1660 BTHMODEM - ok
13:03:08.0231 1660 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:03:08.0299 1660 bthserv - ok
13:03:08.0323 1660 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
13:03:08.0360 1660 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
13:03:08.0361 1660 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
13:03:08.0466 1660 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
13:03:08.0521 1660 ccHP - ok
13:03:08.0559 1660 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:03:08.0622 1660 cdfs - ok
13:03:08.0699 1660 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:03:08.0787 1660 cdrom - ok
13:03:08.0834 1660 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:03:08.0897 1660 CertPropSvc - ok
13:03:08.0915 1660 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:03:08.0950 1660 circlass - ok
13:03:08.0981 1660 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:03:09.0020 1660 CLFS - ok
13:03:09.0087 1660 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:03:09.0141 1660 clr_optimization_v2.0.50727_32 - ok
13:03:09.0323 1660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:03:09.0357 1660 clr_optimization_v4.0.30319_32 - ok
13:03:09.0382 1660 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:03:09.0468 1660 CmBatt - ok
13:03:09.0503 1660 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:03:09.0529 1660 cmdide - ok
13:03:09.0567 1660 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
13:03:09.0652 1660 CNG - ok
13:03:09.0675 1660 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:03:09.0701 1660 Compbatt - ok
13:03:09.0758 1660 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:03:09.0808 1660 CompositeBus - ok
13:03:09.0822 1660 COMSysApp - ok
13:03:09.0844 1660 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:03:09.0870 1660 crcdisk - ok
13:03:09.0908 1660 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
13:03:09.0960 1660 CryptSvc - ok
13:03:10.0015 1660 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:03:10.0093 1660 DcomLaunch - ok
13:03:10.0138 1660 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:03:10.0208 1660 defragsvc - ok
13:03:10.0259 1660 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:03:10.0426 1660 DfsC - ok
13:03:10.0506 1660 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:03:10.0561 1660 Dhcp - ok
13:03:10.0580 1660 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:03:10.0636 1660 discache - ok
13:03:10.0665 1660 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:03:10.0693 1660 Disk - ok
13:03:10.0722 1660 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:03:10.0773 1660 Dnscache - ok
13:03:10.0823 1660 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:03:10.0934 1660 dot3svc - ok
13:03:10.0977 1660 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:03:11.0042 1660 DPS - ok
13:03:11.0118 1660 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:03:11.0293 1660 drmkaud - ok
13:03:11.0361 1660 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:03:11.0457 1660 DXGKrnl - ok
13:03:11.0525 1660 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
13:03:11.0586 1660 e1express - ok
13:03:11.0618 1660 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:03:11.0677 1660 EapHost - ok
13:03:11.0821 1660 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:03:11.0964 1660 ebdrv - ok
13:03:12.0048 1660 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:03:12.0109 1660 eeCtrl - ok
13:03:12.0202 1660 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:03:12.0324 1660 EFS - ok
13:03:12.0398 1660 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:03:12.0637 1660 ehRecvr - ok
13:03:12.0662 1660 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:03:12.0757 1660 ehSched - ok
13:03:12.0818 1660 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:03:12.0863 1660 elxstor - ok
13:03:12.0963 1660 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:03:13.0025 1660 EraserUtilRebootDrv - ok
13:03:13.0063 1660 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:03:13.0107 1660 ErrDev - ok
13:03:13.0159 1660 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:03:13.0231 1660 EventSystem - ok
13:03:13.0260 1660 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:03:13.0333 1660 exfat - ok
13:03:13.0348 1660 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:03:13.0424 1660 fastfat - ok
13:03:13.0491 1660 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:03:13.0639 1660 Fax - ok
13:03:13.0665 1660 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:03:13.0703 1660 fdc - ok
13:03:13.0723 1660 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:03:13.0777 1660 fdPHost - ok
13:03:13.0799 1660 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:03:13.0857 1660 FDResPub - ok
13:03:13.0874 1660 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:03:13.0913 1660 FileInfo - ok
13:03:13.0937 1660 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:03:13.0982 1660 Filetrace - ok
13:03:14.0000 1660 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:03:14.0118 1660 flpydisk - ok
13:03:14.0153 1660 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:03:14.0200 1660 FltMgr - ok
13:03:14.0268 1660 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:03:14.0334 1660 FontCache - ok
13:03:14.0402 1660 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:03:14.0426 1660 FontCache3.0.0.0 - ok
13:03:14.0444 1660 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:03:14.0477 1660 FsDepends - ok
13:03:14.0501 1660 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:03:14.0545 1660 Fs_Rec - ok
13:03:14.0607 1660 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:03:14.0661 1660 fvevol - ok
13:03:14.0679 1660 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:03:14.0708 1660 gagp30kx - ok
13:03:14.0742 1660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:03:14.0781 1660 GEARAspiWDM - ok
13:03:14.0834 1660 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:03:14.0960 1660 gpsvc - ok
13:03:14.0996 1660 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:03:15.0053 1660 hcw85cir - ok
13:03:15.0109 1660 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:03:15.0175 1660 HdAudAddService - ok
13:03:15.0207 1660 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:03:15.0255 1660 HDAudBus - ok
13:03:15.0283 1660 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:03:15.0327 1660 HidBatt - ok
13:03:15.0344 1660 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:03:15.0384 1660 HidBth - ok
13:03:15.0415 1660 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:03:15.0463 1660 HidIr - ok
13:03:15.0495 1660 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:03:15.0551 1660 hidserv - ok
13:03:15.0625 1660 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:03:15.0698 1660 HidUsb - ok
13:03:15.0735 1660 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:03:15.0811 1660 hkmsvc - ok
13:03:15.0852 1660 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:03:15.0904 1660 HomeGroupListener - ok
13:03:15.0944 1660 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:03:16.0006 1660 HomeGroupProvider - ok
13:03:16.0277 1660 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:03:16.0370 1660 HpSAMD - ok
13:03:16.0488 1660 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:03:16.0549 1660 HTTP - ok
13:03:16.0587 1660 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:03:16.0641 1660 hwpolicy - ok
13:03:16.0699 1660 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:03:16.0744 1660 i8042prt - ok
13:03:16.0773 1660 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:03:16.0812 1660 iaStorV - ok
13:03:16.0945 1660 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:03:17.0058 1660 idsvc - ok
13:03:17.0213 1660 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120802.001\IDSvix86.sys
13:03:17.0281 1660 IDSVix86 - ok
13:03:17.0378 1660 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:03:17.0406 1660 iirsp - ok
13:03:17.0480 1660 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:03:17.0554 1660 IKEEXT - ok
13:03:17.0598 1660 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:03:17.0633 1660 intelide - ok
13:03:17.0667 1660 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:03:17.0705 1660 intelppm - ok
13:03:17.0739 1660 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:03:17.0865 1660 IPBusEnum - ok
13:03:17.0888 1660 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:03:17.0943 1660 IpFilterDriver - ok
13:03:18.0051 1660 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:03:18.0168 1660 iphlpsvc - ok
13:03:18.0200 1660 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:03:18.0276 1660 IPMIDRV - ok
13:03:18.0299 1660 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:03:18.0347 1660 IPNAT - ok
13:03:18.0365 1660 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:03:18.0408 1660 IRENUM - ok
13:03:18.0440 1660 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:03:18.0485 1660 isapnp - ok
13:03:18.0517 1660 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:03:18.0571 1660 iScsiPrt - ok
13:03:18.0623 1660 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:03:18.0651 1660 kbdclass - ok
13:03:18.0692 1660 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:03:18.0746 1660 kbdhid - ok
13:03:18.0766 1660 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:03:18.0810 1660 KeyIso - ok
13:03:18.0830 1660 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
13:03:18.0876 1660 KSecDD - ok
13:03:18.0900 1660 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
13:03:18.0951 1660 KSecPkg - ok
13:03:18.0994 1660 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:03:19.0090 1660 KtmRm - ok
13:03:19.0142 1660 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:03:19.0214 1660 LanmanServer - ok
13:03:19.0258 1660 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:03:19.0332 1660 LanmanWorkstation - ok
13:03:19.0369 1660 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:03:19.0448 1660 lltdio - ok
13:03:19.0492 1660 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:03:19.0607 1660 lltdsvc - ok
13:03:19.0619 1660 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:03:19.0669 1660 lmhosts - ok
13:03:19.0703 1660 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:03:19.0751 1660 LSI_FC - ok
13:03:19.0760 1660 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:03:19.0791 1660 LSI_SAS - ok
13:03:19.0804 1660 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:03:19.0831 1660 LSI_SAS2 - ok
13:03:19.0839 1660 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:03:19.0875 1660 LSI_SCSI - ok
13:03:19.0883 1660 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:03:19.0950 1660 luafv - ok
13:03:19.0980 1660 LycoFltr (f90bde6e9c7b6015edf1dc99a97b00c9) C:\Windows\system32\Drivers\Lycosa.sys
13:03:20.0022 1660 LycoFltr - ok
13:03:20.0061 1660 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:03:20.0119 1660 Mcx2Svc - ok
13:03:20.0142 1660 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:03:20.0169 1660 megasas - ok
13:03:20.0198 1660 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:03:20.0237 1660 MegaSR - ok
13:03:20.0260 1660 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:03:20.0314 1660 MMCSS - ok
13:03:20.0327 1660 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:03:20.0385 1660 Modem - ok
13:03:20.0423 1660 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:03:20.0470 1660 monitor - ok
13:03:20.0512 1660 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:03:20.0539 1660 mouclass - ok
13:03:20.0571 1660 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:03:20.0607 1660 mouhid - ok
13:03:20.0644 1660 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:03:20.0682 1660 mountmgr - ok
13:03:20.0719 1660 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:03:20.0770 1660 mpio - ok
13:03:20.0809 1660 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:03:20.0872 1660 mpsdrv - ok
13:03:20.0927 1660 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:03:21.0020 1660 MpsSvc - ok
13:03:21.0202 1660 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:03:21.0300 1660 MRxDAV - ok
13:03:21.0339 1660 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:03:21.0406 1660 mrxsmb - ok
13:03:21.0423 1660 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:03:21.0466 1660 mrxsmb10 - ok
13:03:21.0510 1660 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:03:21.0550 1660 mrxsmb20 - ok
13:03:21.0586 1660 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:03:21.0621 1660 msahci - ok
13:03:21.0727 1660 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:03:21.0777 1660 MSCamSvc - ok
13:03:21.0806 1660 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:03:21.0881 1660 msdsm - ok
13:03:21.0912 1660 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:03:21.0982 1660 MSDTC - ok
13:03:22.0011 1660 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:03:22.0061 1660 Msfs - ok
13:03:22.0075 1660 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:03:22.0115 1660 mshidkmdf - ok
13:03:22.0156 1660 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:03:22.0183 1660 msisadrv - ok
13:03:22.0233 1660 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:03:22.0342 1660 MSiSCSI - ok
13:03:22.0345 1660 msiserver - ok
13:03:22.0384 1660 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:03:22.0435 1660 MSKSSRV - ok
13:03:22.0444 1660 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:03:22.0493 1660 MSPCLOCK - ok
13:03:22.0521 1660 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:03:22.0572 1660 MSPQM - ok
13:03:22.0592 1660 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:03:22.0638 1660 MsRPC - ok
13:03:22.0669 1660 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:03:22.0695 1660 mssmbios - ok
13:03:22.0739 1660 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:03:22.0780 1660 MSTEE - ok
13:03:22.0798 1660 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:03:22.0842 1660 MTConfig - ok
13:03:22.0866 1660 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:03:22.0895 1660 Mup - ok
13:03:23.0049 1660 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton 360 Premier Edition\Engine\4.4.0.12\ccSvcHst.exe
13:03:23.0091 1660 N360 - ok
13:03:23.0136 1660 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:03:23.0217 1660 napagent - ok
13:03:23.0272 1660 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:03:23.0330 1660 NativeWifiP - ok
13:03:23.0459 1660 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120802.032\NAVENG.SYS
13:03:23.0520 1660 NAVENG - ok
13:03:23.0604 1660 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120802.032\NAVEX15.SYS
13:03:23.0697 1660 NAVEX15 - ok
13:03:23.0839 1660 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:03:23.0893 1660 NDIS - ok
13:03:23.0928 1660 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:03:23.0981 1660 NdisCap - ok
13:03:23.0998 1660 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:03:24.0047 1660 NdisTapi - ok
13:03:24.0093 1660 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:03:24.0151 1660 Ndisuio - ok
13:03:24.0196 1660 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:03:24.0266 1660 NdisWan - ok
13:03:24.0300 1660 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:03:24.0349 1660 NDProxy - ok
13:03:24.0384 1660 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:03:24.0441 1660 NetBIOS - ok
13:03:24.0486 1660 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:03:24.0582 1660 NetBT - ok
13:03:24.0614 1660 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:03:24.0657 1660 Netlogon - ok
13:03:24.0702 1660 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:03:24.0768 1660 Netman - ok
13:03:24.0800 1660 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:03:24.0875 1660 netprofm - ok
13:03:24.0987 1660 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:03:25.0013 1660 NetTcpPortSharing - ok
13:03:25.0049 1660 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:03:25.0090 1660 nfrd960 - ok
13:03:25.0150 1660 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:03:25.0216 1660 NlaSvc - ok
13:03:25.0227 1660 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:03:25.0289 1660 Npfs - ok
13:03:25.0310 1660 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:03:25.0364 1660 nsi - ok
13:03:25.0383 1660 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:03:25.0438 1660 nsiproxy - ok
13:03:25.0534 1660 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:03:25.0645 1660 Ntfs - ok
13:03:25.0668 1660 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:03:25.0723 1660 Null - ok
13:03:26.0330 1660 nvlddmkm (87522f44e3291b059a220acc8ab0b54e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:03:26.0828 1660 nvlddmkm - ok
13:03:26.0959 1660 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:03:27.0033 1660 nvraid - ok
13:03:27.0066 1660 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:03:27.0115 1660 nvstor - ok
13:03:27.0189 1660 nvsvc (9d7033c20c209ef90c8df24ffba854ef) C:\Windows\system32\nvvsvc.exe
13:03:27.0245 1660 nvsvc - ok
13:03:27.0396 1660 nvUpdatusService (96a196f8d9900b91227bdacada2ee48f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:03:27.0543 1660 nvUpdatusService - ok
13:03:27.0683 1660 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:03:27.0739 1660 nv_agp - ok
13:03:27.0778 1660 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:03:27.0825 1660 ohci1394 - ok
13:03:27.0863 1660 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:03:27.0919 1660 p2pimsvc - ok
13:03:27.0973 1660 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:03:28.0032 1660 p2psvc - ok
13:03:28.0051 1660 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:03:28.0089 1660 Parport - ok
13:03:28.0114 1660 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:03:28.0158 1660 partmgr - ok
13:03:28.0171 1660 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:03:28.0196 1660 Parvdm - ok
13:03:28.0240 1660 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:03:28.0287 1660 PcaSvc - ok
13:03:28.0327 1660 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:03:28.0378 1660 pci - ok
13:03:28.0403 1660 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:03:28.0428 1660 pciide - ok
13:03:28.0452 1660 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:03:28.0499 1660 pcmcia - ok
13:03:28.0520 1660 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:03:28.0547 1660 pcw - ok
13:03:28.0588 1660 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:03:28.0655 1660 PEAUTH - ok
13:03:28.0759 1660 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:03:28.0889 1660 pla - ok
13:03:28.0986 1660 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:03:29.0054 1660 PlugPlay - ok
13:03:29.0074 1660 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:03:29.0139 1660 PNRPAutoReg - ok
13:03:29.0162 1660 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:03:29.0194 1660 PNRPsvc - ok
13:03:29.0262 1660 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:03:29.0342 1660 PolicyAgent - ok
13:03:29.0394 1660 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:03:29.0448 1660 Power - ok
13:03:29.0507 1660 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:03:29.0579 1660 PptpMiniport - ok
13:03:29.0612 1660 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:03:29.0639 1660 Processor - ok
13:03:29.0694 1660 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
13:03:29.0748 1660 ProfSvc - ok
13:03:29.0769 1660 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:03:29.0813 1660 ProtectedStorage - ok
13:03:29.0850 1660 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:03:29.0912 1660 Psched - ok
13:03:30.0078 1660 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:03:30.0173 1660 ql2300 - ok
13:03:30.0290 1660 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:03:30.0374 1660 ql40xx - ok
13:03:30.0416 1660 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:03:30.0494 1660 QWAVE - ok
13:03:30.0511 1660 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:03:30.0542 1660 QWAVEdrv - ok
13:03:30.0559 1660 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:03:30.0611 1660 RasAcd - ok
13:03:30.0644 1660 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:03:30.0695 1660 RasAgileVpn - ok
13:03:30.0728 1660 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:03:30.0793 1660 RasAuto - ok
13:03:30.0820 1660 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:03:30.0878 1660 Rasl2tp - ok
13:03:30.0938 1660 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:03:31.0053 1660 RasMan - ok
13:03:31.0074 1660 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:03:31.0118 1660 RasPppoe - ok
13:03:31.0154 1660 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:03:31.0207 1660 RasSstp - ok
13:03:31.0271 1660 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:03:31.0347 1660 rdbss - ok
13:03:31.0367 1660 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:03:31.0394 1660 rdpbus - ok
13:03:31.0435 1660 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:03:31.0485 1660 RDPCDD - ok
13:03:31.0532 1660 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:03:31.0583 1660 RDPENCDD - ok
13:03:31.0591 1660 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:03:31.0642 1660 RDPREFMP - ok
13:03:31.0681 1660 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
13:03:31.0761 1660 RDPWD - ok
13:03:31.0817 1660 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:03:31.0890 1660 rdyboost - ok
13:03:31.0924 1660 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:03:31.0990 1660 RemoteAccess - ok
13:03:32.0015 1660 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:03:32.0095 1660 RemoteRegistry - ok
13:03:32.0116 1660 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:03:32.0173 1660 RpcEptMapper - ok
13:03:32.0189 1660 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:03:32.0245 1660 RpcLocator - ok
13:03:32.0305 1660 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:03:32.0351 1660 RpcSs - ok
13:03:32.0382 1660 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:03:32.0452 1660 rspndr - ok
13:03:32.0476 1660 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:03:32.0520 1660 SamSs - ok
13:03:32.0552 1660 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:03:32.0618 1660 sbp2port - ok
13:03:32.0652 1660 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:03:32.0724 1660 SCardSvr - ok
13:03:32.0760 1660 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:03:32.0807 1660 scfilter - ok
13:03:32.0876 1660 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:03:32.0962 1660 Schedule - ok
13:03:32.0998 1660 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:03:33.0039 1660 SCPolicySvc - ok
13:03:33.0077 1660 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:03:33.0200 1660 SDRSVC - ok
13:03:33.0231 1660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:03:33.0301 1660 secdrv - ok
13:03:33.0321 1660 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:03:33.0389 1660 seclogon - ok
13:03:33.0421 1660 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:03:33.0476 1660 SENS - ok
13:03:33.0495 1660 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:03:33.0558 1660 SensrSvc - ok
13:03:33.0572 1660 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:03:33.0608 1660 Serenum - ok
13:03:33.0635 1660 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:03:33.0668 1660 Serial - ok
13:03:33.0704 1660 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:03:33.0749 1660 sermouse - ok
13:03:33.0801 1660 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:03:33.0856 1660 SessionEnv - ok
13:03:33.0894 1660 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:03:33.0951 1660 sffdisk - ok
13:03:33.0971 1660 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:03:34.0027 1660 sffp_mmc - ok
13:03:34.0044 1660 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:03:34.0094 1660 sffp_sd - ok
13:03:34.0113 1660 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:03:34.0150 1660 sfloppy - ok
13:03:34.0185 1660 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:03:34.0264 1660 SharedAccess - ok
13:03:34.0318 1660 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:03:34.0379 1660 ShellHWDetection - ok
13:03:34.0412 1660 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:03:34.0452 1660 sisagp - ok
13:03:34.0484 1660 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:03:34.0511 1660 SiSRaid2 - ok
13:03:34.0528 1660 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:03:34.0561 1660 SiSRaid4 - ok
13:03:34.0584 1660 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:03:34.0628 1660 Smb - ok
13:03:34.0675 1660 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:03:34.0710 1660 SNMPTRAP - ok
13:03:34.0730 1660 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:03:34.0764 1660 spldr - ok
13:03:34.0827 1660 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:03:34.0931 1660 Spooler - ok
13:03:35.0097 1660 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:03:35.0546 1660 sppsvc - ok
13:03:35.0634 1660 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:03:35.0676 1660 sppuinotify - ok
13:03:35.0781 1660 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
13:03:35.0818 1660 SRTSP - ok
13:03:35.0860 1660 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
13:03:35.0904 1660 SRTSPX - ok
13:03:35.0940 1660 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:03:36.0120 1660 srv - ok
13:03:36.0178 1660 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:03:36.0252 1660 srv2 - ok
13:03:36.0278 1660 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:03:36.0319 1660 srvnet - ok
13:03:36.0352 1660 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:03:36.0411 1660 SSDPSRV - ok
13:03:36.0435 1660 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:03:36.0497 1660 SstpSvc - ok
13:03:36.0526 1660 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:03:36.0562 1660 stexstor - ok
13:03:36.0635 1660 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:03:36.0737 1660 StiSvc - ok
13:03:36.0773 1660 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:03:36.0815 1660 swenum - ok
13:03:36.0870 1660 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:03:36.0951 1660 swprv - ok
13:03:37.0026 1660 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
13:03:37.0106 1660 SymDS - ok
13:03:37.0132 1660 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
13:03:37.0176 1660 SymEFA - ok
13:03:37.0218 1660 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
13:03:37.0270 1660 SymEvent - ok
13:03:37.0304 1660 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
13:03:37.0341 1660 SymIRON - ok
13:03:37.0379 1660 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
13:03:37.0444 1660 SYMTDIv - ok
13:03:37.0521 1660 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:03:37.0591 1660 SysMain - ok
13:03:37.0634 1660 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:03:37.0687 1660 TabletInputService - ok
13:03:37.0734 1660 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:03:37.0811 1660 TapiSrv - ok
13:03:37.0832 1660 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:03:37.0885 1660 TBS - ok
13:03:37.0987 1660 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:03:38.0170 1660 Tcpip - ok
13:03:38.0208 1660 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:03:38.0265 1660 TCPIP6 - ok
13:03:38.0304 1660 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:03:38.0368 1660 tcpipreg - ok
13:03:38.0393 1660 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:03:38.0436 1660 TDPIPE - ok
13:03:38.0453 1660 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:03:38.0487 1660 TDTCP - ok
13:03:38.0530 1660 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:03:38.0630 1660 tdx - ok
13:03:38.0664 1660 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:03:38.0715 1660 TermDD - ok
13:03:38.0769 1660 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:03:38.0853 1660 TermService - ok
13:03:38.0875 1660 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:03:38.0938 1660 Themes - ok
13:03:38.0968 1660 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:03:39.0011 1660 THREADORDER - ok
13:03:39.0045 1660 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:03:39.0101 1660 TrkWks - ok
13:03:39.0158 1660 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:03:39.0231 1660 TrustedInstaller - ok
13:03:39.0273 1660 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:39.0345 1660 tssecsrv - ok
13:03:39.0379 1660 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:03:39.0429 1660 TsUsbFlt - ok
13:03:39.0497 1660 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:03:39.0568 1660 tunnel - ok
13:03:39.0590 1660 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:03:39.0619 1660 uagp35 - ok
13:03:39.0666 1660 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:03:39.0738 1660 udfs - ok
13:03:39.0765 1660 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:03:39.0817 1660 UI0Detect - ok
13:03:39.0868 1660 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:03:39.0896 1660 uliagpkx - ok
13:03:39.0919 1660 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:03:39.0970 1660 umbus - ok
13:03:39.0989 1660 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:03:40.0031 1660 UmPass - ok
13:03:40.0064 1660 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:03:40.0135 1660 upnphost - ok
13:03:40.0182 1660 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:03:40.0237 1660 usbaudio - ok
13:03:40.0258 1660 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:40.0294 1660 usbccgp - ok
13:03:40.0320 1660 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:03:40.0355 1660 usbcir - ok
13:03:40.0382 1660 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:03:40.0415 1660 usbehci - ok
13:03:40.0465 1660 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:03:40.0526 1660 usbhub - ok
13:03:40.0564 1660 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:03:40.0638 1660 usbohci - ok
13:03:40.0667 1660 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:03:40.0696 1660 usbprint - ok
13:03:40.0718 1660 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:03:40.0747 1660 usbscan - ok
13:03:40.0783 1660 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
13:03:40.0832 1660 USBSTOR - ok
13:03:40.0855 1660 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:03:40.0899 1660 usbuhci - ok
13:03:40.0930 1660 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:03:40.0975 1660 UxSms - ok
13:03:40.0998 1660 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:03:41.0043 1660 VaultSvc - ok
13:03:41.0147 1660 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:03:41.0191 1660 vdrvroot - ok
13:03:41.0244 1660 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:03:41.0369 1660 vds - ok
13:03:41.0409 1660 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:41.0457 1660 vga - ok
13:03:41.0473 1660 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:03:41.0515 1660 VgaSave - ok
13:03:41.0549 1660 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:03:41.0601 1660 vhdmp - ok
13:03:41.0660 1660 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:03:41.0688 1660 viaagp - ok
13:03:41.0723 1660 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:03:41.0765 1660 ViaC7 - ok
13:03:41.0794 1660 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:03:41.0821 1660 viaide - ok
13:03:41.0855 1660 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:03:41.0893 1660 volmgr - ok
13:03:41.0932 1660 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:03:41.0982 1660 volmgrx - ok
13:03:42.0010 1660 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:03:42.0077 1660 volsnap - ok
13:03:42.0116 1660 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:03:42.0156 1660 vsmraid - ok
13:03:42.0237 1660 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:03:42.0353 1660 VSS - ok
13:03:42.0398 1660 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
13:03:42.0445 1660 VSTHWBS2 - ok
13:03:42.0486 1660 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:03:42.0549 1660 VST_DPV - ok
13:03:42.0577 1660 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:03:42.0607 1660 vwifibus - ok
13:03:42.0634 1660 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:03:42.0679 1660 vwififlt - ok
13:03:42.0807 1660 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys
13:03:42.0933 1660 VX6000 - ok
13:03:43.0026 1660 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:03:43.0101 1660 W32Time - ok
13:03:43.0148 1660 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:03:43.0188 1660 WacomPen - ok
13:03:43.0240 1660 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:43.0305 1660 WANARP - ok
13:03:43.0309 1660 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:43.0350 1660 Wanarpv6 - ok
13:03:43.0455 1660 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:03:43.0537 1660 WatAdminSvc - ok
13:03:43.0624 1660 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:03:43.0850 1660 wbengine - ok
13:03:43.0959 1660 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:03:44.0036 1660 WbioSrvc - ok
13:03:44.0102 1660 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:03:44.0157 1660 wcncsvc - ok
13:03:44.0179 1660 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:03:44.0251 1660 WcsPlugInService - ok
13:03:44.0295 1660 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:03:44.0321 1660 Wd - ok
13:03:44.0354 1660 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:03:44.0422 1660 Wdf01000 - ok
13:03:44.0451 1660 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:03:44.0496 1660 WdiServiceHost - ok
13:03:44.0500 1660 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:03:44.0532 1660 WdiSystemHost - ok
13:03:44.0581 1660 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:03:44.0706 1660 WebClient - ok
13:03:44.0732 1660 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:03:44.0816 1660 Wecsvc - ok
13:03:44.0837 1660 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:03:45.0039 1660 wercplsupport - ok
13:03:45.0120 1660 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:03:45.0167 1660 WerSvc - ok
13:03:45.0191 1660 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:03:45.0247 1660 WfpLwf - ok
13:03:45.0261 1660 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:03:45.0288 1660 WIMMount - ok
13:03:45.0346 1660 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:03:45.0396 1660 winachsf - ok
13:03:45.0486 1660 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:03:45.0564 1660 WinDefend - ok
13:03:45.0570 1660 WinHttpAutoProxySvc - ok
13:03:45.0679 1660 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:03:45.0734 1660 Winmgmt - ok
13:03:45.0817 1660 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:03:45.0915 1660 WinRM - ok
13:03:45.0988 1660 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:03:46.0050 1660 Wlansvc - ok
13:03:46.0152 1660 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:03:46.0195 1660 WmiAcpi - ok
13:03:46.0259 1660 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:03:46.0351 1660 wmiApSrv - ok
13:03:46.0485 1660 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:03:46.0588 1660 WMPNetworkSvc - ok
13:03:46.0619 1660 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:03:46.0714 1660 WPCSvc - ok
13:03:46.0752 1660 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:03:46.0811 1660 WPDBusEnum - ok
13:03:46.0855 1660 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:03:46.0921 1660 ws2ifsl - ok
13:03:46.0947 1660 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
13:03:46.0979 1660 wscsvc - ok
13:03:46.0983 1660 WSearch - ok
13:03:47.0094 1660 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:03:47.0191 1660 wuauserv - ok
13:03:47.0315 1660 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:03:47.0386 1660 WudfPf - ok
13:03:47.0427 1660 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:03:47.0516 1660 WUDFRd - ok
13:03:47.0570 1660 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:03:47.0632 1660 wudfsvc - ok
13:03:47.0690 1660 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:03:47.0842 1660 WwanSvc - ok
13:03:47.0914 1660 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:03:48.0027 1660 YahooAUService - ok
13:03:48.0071 1660 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:03:48.0344 1660 \Device\Harddisk0\DR0 - ok
13:03:48.0349 1660 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
13:03:48.0438 1660 \Device\Harddisk1\DR1 - ok
13:03:48.0463 1660 Boot (0x1200) (5621473afc92c09f2f23d2929d860b3b) \Device\Harddisk0\DR0\Partition0
13:03:48.0464 1660 \Device\Harddisk0\DR0\Partition0 - ok
13:03:48.0474 1660 Boot (0x1200) (de7627419f68a067ee1a51239a40e0ef) \Device\Harddisk0\DR0\Partition1
13:03:48.0476 1660 \Device\Harddisk0\DR0\Partition1 - ok
13:03:48.0480 1660 Boot (0x1200) (6d286e64316d9e8db74207997c8580ba) \Device\Harddisk1\DR1\Partition0
13:03:48.0481 1660 \Device\Harddisk1\DR1\Partition0 - ok
13:03:48.0483 1660 ============================================================
13:03:48.0483 1660 Scan finished
13:03:48.0483 1660 ============================================================
13:03:48.0504 3264 Detected object count: 1
13:03:48.0504 3264 Actual detected object count: 1
13:04:07.0603 3264 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:04:07.0603 3264 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

[Essexboy]

That looks good as well... Could you do some googling now and let me know if it is OK

[sknywhtdude]

Nothing is wrong, all websites are good to go after i click multiple searches of my normal web browsing. Seems to be ok now. No redirects anymore on both computers.

[sknywhtdude]

So the programs/logs i sent to you...its showing that the viruses/malware i used to have are gone? Cause the computer seems to be back to its normal state.

[Essexboy]

Thats correct

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[sknywhtdude]

During the Disc Cleanup I did not get a More Options tab/Restore and Shadow Backups... and no delete on pop up.

[Essexboy]

Did you right click and select Run as Administrator ?

[attachment=59401:Untitled.png]

[sknywhtdude]

AHH got it thank you. Are we done?

[Essexboy]

Yep enjoy and keep safe