Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

google search / virus ?

Started by pjm333 , May 29 2012 04:13 PM

Please log in to reply

#1
pjm333

Posted 29 May 2012 - 04:13 PM

Member

Member
13 posts

I do alot of google searches but lately say I do a search for "google search hijacked" I click on the link etc but when I click on the back arrow to the search page it will be empty (google.com) or say something like "google search history" I have to re enter the original search.
Been happening for 2 days, did a virus scan & ran cc cleaner but still happening ? Over the same period the computer is "not responding" often.
HP PAVILION ELITE HPE-530F
I have IE 8 and Windows 7
Thanks !.

#2
Gammo

Posted 03 June 2012 - 08:19 AM

Member 2k

Malware Removal
2,299 posts

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

#3
pjm333

Posted 04 June 2012 - 06:53 AM

Member

Topic Starter
Member
13 posts

gammo,
Thanks for your help !

OTL logfile created on: 6/4/2012 8:43:34 AM - Run 2
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Patrick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.52% Memory free
15.96 Gb Paging File | 13.81 Gb Available in Paging File | 86.54% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.23 Gb Total Space | 1328.71 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
Drive D: | 12.94 Gb Total Space | 1.59 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.50 Gb Free Space | 34.24% Space Free | Partition Type: UDF

Computer Name: PATRICK-HP | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 08:42:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2012/06/02 05:29:23 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccsvchst.exe
PRC - [2012/03/21 17:35:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/03/21 17:35:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/22 23:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 12:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 12:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/06 17:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/03/28 21:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 12:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/07 04:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 23:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 23:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/31 17:56:29 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2010/11/20 09:27:23 | 000,476,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2010/11/20 09:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/20 09:26:39 | 000,569,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2010/11/20 09:25:49 | 000,080,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010/09/27 16:10:00 | 000,270,336 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/05 23:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 23:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2009/10/07 04:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 21:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/13 21:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/03/01 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/02 05:29:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2012/03/21 17:35:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2012/03/21 17:35:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 12:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 12:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 21:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/18 20:53:38 | 000,625,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2011/05/06 17:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/03/28 21:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/22 12:23:58 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/28 12:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/01 19:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/02 13:07:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/12 22:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/21 17:35:40 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 17:56:30 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/31 17:56:29 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/31 17:56:29 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/10/01 12:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 12:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 12:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 12:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/27 16:10:00 | 000,517,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/13 09:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/03 02:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/01 16:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2010/03/01 16:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2009/10/07 04:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 04:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/14 14:26:50 | 000,057,312 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDRIVER)
DRV:64bit: - [2007/02/03 13:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 13:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2012/06/03 20:45:10 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120603.009\ex64.sys -- (NAVEX15)
DRV - [2012/06/03 20:45:10 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120603.009\eng64.sys -- (NAVENG)
DRV - [2012/05/30 22:19:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/30 22:19:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/02 18:56:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120601.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/03 21:44:36 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120517.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Patrick\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/09/08 23:30:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011/09/08 23:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/03 09:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/06/04 08:41:16 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3:64bit: - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1520967169-3638953700-3227044673-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7330E27-9A83-4D99-8D7E-8553DE1C3FF0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/19 11:41:35 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2012/03/19 11:41:35 | 000,000,130 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 06:39:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{90301F3C-D128-4C76-8F9A-F9F664DB38E3}
[2012/06/04 06:39:50 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{35E30CA8-D4F6-47BD-87BD-2799D6987874}
[2012/06/03 17:52:55 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4980B347-7733-441F-A026-8E17C2537626}
[2012/06/03 17:52:44 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EEE6FB20-E828-4E81-AD08-95E5916E3373}
[2012/06/03 13:35:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2012/06/03 13:32:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 13:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/03 13:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/03 05:52:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{08E06223-E918-4B51-8FB6-C6DFEA2CEDB6}
[2012/06/03 05:51:59 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{82770856-F509-4BD6-819A-896598BF2C96}
[2012/06/01 18:41:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{5F83CCD3-46B0-4ADB-AE03-273AF1E42BE2}
[2012/06/01 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{84BF2289-3FFD-43BF-8B29-114C0311E067}
[2012/06/01 05:28:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2E6F102B-5664-4310-93F5-E1D3628724D9}
[2012/06/01 05:28:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BCDF4F52-21FD-46D2-BA7A-D1ED1B8E5B8F}
[2012/05/31 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\WildTangent
[2012/05/31 18:58:10 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{95E44782-9466-4482-81DA-524D384D4BA8}
[2012/05/31 16:49:10 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4F36E4E6-64F4-4D6C-B184-10DAD6239BDE}
[2012/05/31 16:49:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{ED623CF9-A0A0-4AF5-8BCD-19A66BA0A1D4}
[2012/05/31 06:53:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Patrick\Desktop\esetsmartinstaller_enu.exe
[2012/05/30 21:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/30 21:37:16 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/05/30 21:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/30 21:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/30 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\TestApp
[2012/05/30 21:25:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\TECH
[2012/05/30 21:14:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{A4EA0614-A4B8-4396-B9BD-F862D4DD0EC3}
[2012/05/30 21:14:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{273C4DE4-58BB-40B8-B884-A0A13A7CC48C}
[2012/05/30 21:11:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/30 21:06:01 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Patrick\Desktop\larry.com
[2012/05/30 15:46:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Patrick\Desktop\aswMBR.exe
[2012/05/30 06:13:43 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{10EC5C86-1862-4115-A712-CA18817C5057}
[2012/05/30 06:13:33 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E7616986-8993-4F8B-A27F-52403979019E}
[2012/05/29 18:13:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EFED52D8-6DCB-46BF-BFFC-C15AB56B9DF7}
[2012/05/29 18:12:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F429E500-745C-47FA-B818-CE26BCD0F23F}
[2012/05/29 07:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2012/05/29 07:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2012/05/29 07:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
[2012/05/29 06:11:06 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{048AB9DD-7F07-400A-8AA7-4FB2F8563C6B}
[2012/05/29 06:10:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{44EEF7A3-7309-4728-9643-8207A70E09C6}
[2012/05/28 18:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/28 18:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/28 17:00:54 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/28 16:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/28 16:31:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2012/05/28 16:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/28 16:31:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/28 16:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/28 16:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/28 16:14:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Diagnostics
[2012/05/28 06:35:34 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{8A31DC4A-DA08-4693-B73B-2F2625F28562}
[2012/05/28 06:35:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{7458C8FD-F8FF-4591-9A47-EFF29181D33B}
[2012/05/27 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{461ABD88-AD43-4929-9BB4-B2BCF96BAC59}
[2012/05/27 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\MediaSmart DVD
[2012/05/27 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{45CA2CC2-7181-48E9-A212-B6E740768FCA}
[2012/05/27 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4E586488-3F83-4C92-8F63-B47D14AAA148}
[2012/05/27 10:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2012/05/27 06:04:35 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6A59AC9C-A37F-4F29-8DE5-F41F5E684438}
[2012/05/27 06:04:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EEAB6E40-C5E6-498B-8E7A-E2E59EB33448}
[2012/05/26 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{AF21497D-6449-4AF0-8773-C693953F8894}
[2012/05/26 09:00:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{B54479C6-D28D-471B-B694-1DBF9EAAFE51}
[2012/05/25 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E8DCDAD3-79D7-4193-82FF-12C788091C04}
[2012/05/25 09:46:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{7055921C-CDBF-42F5-9148-5748ED8DCFB6}
[2012/05/25 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{1EB7079F-59E1-457D-9998-3240450B0F5A}
[2012/05/24 17:25:21 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E2ED6258-05ED-4335-A9B5-992884ABF81D}
[2012/05/24 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9F62F5B0-BB5D-4F4A-8CED-1E8B3895A6D3}
[2012/05/24 01:45:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C87B2290-B88F-472D-B43D-D771E343AC97}
[2012/05/24 01:45:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{685143D3-6E2F-496F-A168-2FD5F769F27E}
[2012/05/23 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{34D055A5-2F16-498B-9232-365C05044DE9}
[2012/05/23 08:31:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F00F29C4-75D7-48ED-89F3-841AFF5222A4}
[2012/05/22 20:07:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{476FF0F7-C455-4B43-8F88-A98A85318B24}
[2012/05/22 20:07:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9B7EEDF4-1E32-4290-91E6-2974F995D902}
[2012/05/22 07:42:49 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{D40AD7CB-F825-467F-8D34-6C3D800C983B}
[2012/05/22 07:42:40 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{37CE0D57-EC56-4259-AEAF-4CB187E742A4}
[2012/05/21 13:26:49 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{489BB383-EA32-467F-A0D5-4606B293EB8E}
[2012/05/21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{33389A6F-EF30-4291-9F2D-E2959661BE49}
[2012/05/21 12:45:53 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2026CFF6-21D2-446B-9151-D562E9DA9556}
[2012/05/20 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{EB07F3FD-B6B7-44BE-918F-5BAD3CB04396}
[2012/05/20 22:28:51 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{83FE7E2E-F1B1-44C8-963D-BF44BD4F675B}
[2012/05/20 22:28:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4263096C-796E-48BA-A128-E15B642EABA1}
[2012/05/20 22:28:16 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{828F3D33-7C28-47FF-9DF0-7C1B926E33C1}
[2012/05/20 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{38B1BD74-F811-4694-BC86-613A5B5A33E5}
[2012/05/20 09:29:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C362092C-850C-4B46-9ADA-352B9FEAB656}
[2012/05/19 13:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/19 13:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/19 13:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/19 10:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/05/19 10:07:56 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Media Share
[2012/05/19 09:53:30 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{51942465-F8BB-4896-9226-C9C29C6C502A}
[2012/05/19 09:53:20 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{1FEF5F26-AA36-4FBB-B8F1-4B1F935148CF}
[2012/05/18 09:04:12 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F0B7A466-87F1-4699-9B31-23E92C517447}
[2012/05/18 09:04:03 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{9BDE5AB8-928E-44CC-BDE4-51AA26025770}
[2012/05/17 15:13:02 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{DCF9E101-970E-4E6D-B269-54AC3EEA8E45}
[2012/05/17 15:12:50 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{8D73B3AE-E346-463B-9CD1-CF5648C273D1}
[2012/05/17 15:11:37 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{B8246642-9397-4618-A556-1FD6F5A44859}
[2012/05/16 21:52:33 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2C40C008-D4BE-4FF0-AA35-487372172203}
[2012/05/16 21:52:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6AE1FF45-AEF0-4C5C-827F-F04DE967E7DE}
[2012/05/16 18:11:31 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{867D71BA-8BFC-4CF6-A6DF-4C20F9DA4877}
[2012/05/16 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{60350172-AD23-498F-A90C-5CC38471F89E}
[2012/05/16 04:14:58 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4F9FC4DE-E807-4501-B896-50342D87F587}
[2012/05/16 04:14:47 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3592DE92-C76E-4D06-9559-3079602AC5C8}
[2012/05/16 00:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2012/05/16 00:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/05/16 00:40:57 | 002,403,392 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012/05/16 00:40:57 | 001,608,768 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012/05/16 00:40:57 | 001,115,136 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012/05/16 00:40:57 | 001,115,136 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012/05/16 00:40:57 | 000,127,488 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012/05/16 00:40:57 | 000,127,488 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012/05/16 00:40:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2012/05/16 00:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2012/05/16 00:40:20 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\InstallShield
[2012/05/15 08:29:17 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{38A4DD99-A2AE-4682-AE25-77A4817CCCA7}
[2012/05/15 08:29:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2556FE1D-90C0-489B-B4C3-85EE9617199D}
[2012/05/14 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BB22988C-2109-456C-8EAC-6BE5309E05EF}
[2012/05/14 15:36:21 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BF9351D1-EBCC-4053-9356-B5BFC6E540DF}
[2012/05/13 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F5235961-22C0-45D7-A0AE-83BFBE9A39CD}
[2012/05/13 23:12:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C74F84CA-C2BC-4A0D-BDD8-40F309D2E4AF}
[2012/05/13 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C2E5DFA3-B26E-4357-83BA-9D771C7B2EA7}
[2012/05/13 09:04:33 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6853ED66-89FD-4BEA-8AD6-84FB6CAE2DDA}
[2012/05/13 09:04:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{608CF39A-1B9C-4D74-8CA8-330FBD577692}
[2012/05/12 08:52:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E3548A8E-DA24-48B0-995E-864CA5D5A72C}
[2012/05/12 08:51:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{FC37B3A1-9AA4-4DB4-A646-98D91ED327F1}
[2012/05/11 20:53:39 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BD475149-E253-4E83-9E3B-2A7E21A5EBF1}
[2012/05/11 02:31:56 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3C6A9B57-2CAD-421B-91E7-34249AF7307F}
[2012/05/11 02:31:44 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{54240AC6-246C-4528-A8CE-29F2681AAD91}
[2012/05/10 06:39:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{C703051C-2ED5-48F6-A900-A5ED0DE42486}
[2012/05/10 06:39:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{FC8F6539-B718-4A11-BE68-074BC2C37552}
[2012/05/09 15:40:11 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3D39A33C-B924-41B7-B6A9-F0DC6786763E}
[2012/05/09 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3AC315C7-D7D6-40E9-BAFC-0C552CCF6164}
[2012/05/09 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{D3D20B52-03B1-4694-87A4-1D3B3665232A}
[2012/05/09 02:24:30 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{79281A44-4774-4106-BB6B-76BE0CBB80D1}
[2012/05/08 23:49:02 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{6C13A559-787F-4700-852C-A117B06ED43B}
[2012/05/08 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{E9C23E02-C07C-4188-9514-6078D84EB568}
[2012/05/08 08:44:56 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{52D59BDB-8368-4B91-BEB1-C1F8D2CF9FFE}
[2012/05/08 08:44:46 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{BB8A0CFE-7FB9-446D-9851-DF31B37F4015}
[2012/05/07 14:13:51 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{3FAF53FA-90F5-4E8C-87B4-0C9066E0C8E2}
[2012/05/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{33C04797-4774-476B-B5FB-E54650222639}
[2012/05/06 21:53:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{61542643-7F7E-4124-BFBF-F4A727123546}
[2012/05/06 20:10:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{4BFB585C-AB6A-404F-B760-1D12F8428423}
[2012/05/06 20:10:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{62271B8F-0A19-41A7-9E4C-6540EEAB31E3}
[2012/05/06 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{85005987-4D53-4E98-8795-7883582996DE}
[2012/05/06 00:20:34 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{281ABF64-34AF-4F7C-AF97-340FD39F96B6}
[2012/05/05 09:07:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{F87954D1-A425-468E-B402-E6897645775F}
[2012/05/05 09:07:37 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\{2D2FCE3F-34A0-46AA-9682-37A8A42A834F}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/04 08:42:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2012/06/04 08:40:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/04 08:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/04 08:40:06 | 2133,753,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/04 08:31:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/04 08:11:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 07:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/04 06:46:43 | 000,016,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 06:46:43 | 000,016,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 15:37:12 | 000,707,369 | ---- | M] () -- C:\Users\Patrick\Desktop\LIFEINSURANCE CASHVALUE.pdf
[2012/06/03 13:31:54 | 000,000,871 | ---- | M] () -- C:\Users\Patrick\Desktop\ERUNT.lnk
[2012/06/03 07:22:50 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 07:22:50 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/03 07:22:50 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/31 20:20:02 | 000,002,526 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/05/31 06:54:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Patrick\Desktop\esetsmartinstaller_enu.exe
[2012/05/30 21:37:29 | 001,597,133 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/30 21:13:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPATRICK-HP$.job
[2012/05/30 21:06:56 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Patrick\Desktop\larry.com
[2012/05/30 15:46:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Patrick\Desktop\aswMBR.exe
[2012/05/30 12:56:47 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/05/30 12:56:47 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/05/29 21:47:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPatrick.job
[2012/05/28 17:56:00 | 000,001,252 | ---- | M] () -- C:\Users\Patrick\Desktop\Disk Cleanup.lnk
[2012/05/28 17:00:54 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/28 16:31:09 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 17:21:34 | 000,000,017 | ---- | M] () -- C:\Users\Patrick\AppData\Local\resmon.resmoncfg
[2012/05/27 10:44:16 | 000,002,054 | ---- | M] () -- C:\Users\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/05/27 10:44:16 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/05/24 20:30:04 | 000,326,376 | ---- | M] () -- C:\Users\Patrick\Desktop\TDBANK MAY.pdf
[2012/05/24 15:06:18 | 001,004,567 | ---- | M] () -- C:\Users\Patrick\Desktop\TD ACCOUNTS2.pdf
[2012/05/19 09:52:35 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/05/19 09:52:12 | 001,597,133 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\Cat.DB
[2012/05/19 09:52:03 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\VT20120410.034
[2012/05/13 03:45:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0602010.005\isolate.ini
[2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/05/11 09:32:56 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 15:37:11 | 000,707,369 | ---- | C] () -- C:\Users\Patrick\Desktop\LIFEINSURANCE CASHVALUE.pdf
[2012/06/03 13:31:54 | 000,000,871 | ---- | C] () -- C:\Users\Patrick\Desktop\ERUNT.lnk
[2012/05/30 21:37:18 | 001,597,133 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/28 17:56:00 | 000,001,252 | ---- | C] () -- C:\Users\Patrick\Desktop\Disk Cleanup.lnk
[2012/05/28 16:31:09 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 17:21:34 | 000,000,017 | ---- | C] () -- C:\Users\Patrick\AppData\Local\resmon.resmoncfg
[2012/05/27 10:44:16 | 000,002,054 | ---- | C] () -- C:\Users\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/05/27 10:44:16 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/05/27 10:44:16 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/05/24 20:30:03 | 000,326,376 | ---- | C] () -- C:\Users\Patrick\Desktop\TDBANK MAY.pdf
[2012/05/24 15:06:17 | 001,004,567 | ---- | C] () -- C:\Users\Patrick\Desktop\TD ACCOUNTS2.pdf
[2012/05/16 00:40:57 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012/05/16 00:40:57 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2012/05/16 00:40:52 | 000,792,416 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2012/05/16 00:40:45 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011/12/19 14:56:02 | 000,003,584 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 12:12:53 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/10/24 05:53:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/09 22:53:31 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/10/02 15:57:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/02 15:57:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/13 15:18:29 | 000,221,824 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011/09/13 15:18:29 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/09/07 12:27:06 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/19 03:34:49 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/01/19 03:34:02 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/01/19 03:27:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 14:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2011/09/17 13:25:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Blio
[2011/12/27 10:59:45 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Flip Video
[2011/10/09 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FotoWire
[2012/02/19 12:04:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\IObit
[2011/10/09 23:17:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech
[2011/09/07 07:20:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\PictureMover
[2012/06/03 17:14:19 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SoftGrid Client
[2012/05/30 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TestApp
[2011/09/07 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TP
[2012/01/02 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Visan
[2012/05/31 20:19:58 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\WildTangent
[2011/09/15 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\WinBatch
[2011/09/07 08:59:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Windows Live Writer
[2012/03/03 17:07:38 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#4
Gammo

Posted 04 June 2012 - 08:26 AM

Member 2k

Malware Removal
2,299 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
pjm333

Posted 04 June 2012 - 10:38 AM

Member

Topic Starter
Member
13 posts

ComboFix 12-06-03.05 - Patrick 06/04/2012 12:16:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6331 [GMT -4:00]
Running from: c:\users\Patrick\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\unins000.dat
C:\Thumbs.db
c:\users\Patrick\AppData\Local\Temp\{5B966EC4-0292-42A0-BA0A-8FDFDAA7BFE1}\fpb.tmp
c:\windows\SysWow64\SETD865.tmp
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 16:22 . 2012-06-04 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 17:31 . 2012-06-03 17:31 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-01 00:19 . 2012-06-01 00:19 -------- d-----w- c:\users\Patrick\AppData\Roaming\WildTangent
2012-05-31 01:40 . 2012-05-31 01:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-31 01:37 . 2012-05-31 01:49 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-31 01:37 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-31 01:37 . 2012-05-31 01:48 -------- d-----w- c:\programdata\PC Tools
2012-05-31 01:37 . 2012-05-31 01:37 -------- d-----w- c:\users\Patrick\AppData\Roaming\TestApp
2012-05-31 01:11 . 2012-05-31 01:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-29 11:51 . 2012-05-30 01:52 -------- d-----w- c:\program files (x86)\PCPitstop
2012-05-29 11:51 . 2012-05-29 11:56 -------- d-----w- c:\programdata\PCPitstop
2012-05-28 22:18 . 2012-05-30 10:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-28 22:18 . 2012-05-30 01:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-28 21:00 . 2012-05-28 21:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-28 20:38 . 2012-05-28 21:00 -------- d-----w- c:\programdata\HitmanPro
2012-05-28 20:31 . 2012-05-28 20:31 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes
2012-05-28 20:31 . 2012-05-28 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-28 20:31 . 2012-05-28 20:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-28 20:31 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-28 20:14 . 2012-06-03 10:47 -------- d-----w- c:\users\Patrick\AppData\Local\Diagnostics
2012-05-27 23:27 . 2012-05-27 23:27 -------- d-----w- c:\users\Patrick\AppData\Local\MediaSmart DVD
2012-05-27 14:44 . 2012-05-27 14:44 -------- d-----w- c:\program files (x86)\Belarc
2012-05-19 17:17 . 2012-05-19 17:17 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-19 17:17 . 2012-05-19 17:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-19 14:07 . 2012-05-19 14:07 -------- d-----w- c:\programdata\Ralink
2012-05-18 13:25 . 2012-05-19 13:52 -------- d-----w- c:\windows\system32\drivers\N360x64\0602010.005
2012-05-16 04:40 . 2012-05-16 04:41 -------- d-----w- c:\program files (x86)\Cisco
2012-05-16 04:40 . 2012-05-16 04:40 -------- d-----w- c:\windows\system32\RaLanguages
2012-05-16 04:40 . 2012-01-10 18:39 127488 ----a-w- c:\windows\SysWow64\RAEXTUI.dll
2012-05-16 04:40 . 2012-01-10 18:39 127488 ----a-w- c:\windows\system32\RAEXTUI.dll
2012-05-16 04:40 . 2012-01-10 18:02 1115136 ----a-w- c:\windows\SysWow64\RAIHV.dll
2012-05-16 04:40 . 2012-01-10 18:02 1115136 ----a-w- c:\windows\system32\RAIHV.dll
2012-05-16 04:40 . 2011-05-04 20:57 2403392 ----a-w- c:\windows\system32\RaCertMgr.dll
2012-05-16 04:40 . 2011-05-04 20:56 1608768 ----a-w- c:\windows\SysWow64\RaCertMgr.dll
2012-05-16 04:40 . 2010-06-29 17:35 792416 ----a-w- c:\windows\system32\DiagFunc.dll
2012-05-16 04:40 . 2010-06-29 17:35 792416 ----a-w- c:\windows\SysWow64\DiagFunc.dll
2012-05-16 04:40 . 2012-05-16 04:40 -------- d-----w- c:\program files (x86)\Ralink
2012-05-16 04:40 . 2012-05-16 04:40 -------- d-----w- c:\users\Patrick\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 09:29 . 2012-04-05 20:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 09:29 . 2011-09-07 13:43 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 17:07 . 2011-10-08 02:51 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-13 02:45 . 2011-01-19 07:34 1860672 ----a-w- c:\windows\system32\drivers\netr28x.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 21:35 . 2012-03-21 21:35 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-03-21 21:35 . 2011-01-19 07:34 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-09 01:37 . 2012-03-09 01:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-24 343168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2012/05/27 20:18;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-03-22 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-08-19 625728]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 257696]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-04-04 1160824]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-05-02 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-21 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 09:29]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 22:49]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 22:49]
.
2012-06-04 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]
.
2012-05-31 c:\windows\Tasks\HPCeeScheduleForPATRICK-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-05-30 c:\windows\Tasks\HPCeeScheduleForPatrick.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-27 489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: google.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-24146680.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-04 12:30:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 16:30
.
Pre-Run: 1,425,964,802,048 bytes free
Post-Run: 1,425,795,432,448 bytes free
.
- - End Of File - - 18BF28AA1B64BF237549EAA095E33E1E

#6
Gammo

Posted 04 June 2012 - 11:34 AM

Member 2k

Malware Removal
2,299 posts

How is your PC running now?

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#7
pjm333

Posted 04 June 2012 - 12:51 PM

Member

Topic Starter
Member
13 posts

21:06:58.0284 3192 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:06:58.0521 3192 ============================================================
21:06:58.0521 3192 Current date / time: 2012/05/30 21:06:58.0521
21:06:58.0521 3192 SystemInfo:
21:06:58.0521 3192
21:06:58.0521 3192 OS Version: 6.1.7601 ServicePack: 1.0
21:06:58.0521 3192 Product type: Workstation
21:06:58.0521 3192 ComputerName: PATRICK-HP
21:06:58.0521 3192 UserName: Patrick
21:06:58.0522 3192 Windows directory: C:\Windows
21:06:58.0522 3192 System windows directory: C:\Windows
21:06:58.0522 3192 Running under WOW64
21:06:58.0522 3192 Processor architecture: Intel x64
21:06:58.0522 3192 Number of processors: 4
21:06:58.0522 3192 Page size: 0x1000
21:06:58.0522 3192 Boot type: Normal boot
21:06:58.0522 3192 ============================================================
21:06:58.0844 3192 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:58.0859 3192 ============================================================
21:06:58.0859 3192 \Device\Harddisk0\DR0:
21:06:58.0860 3192 MBR partitions:
21:06:58.0860 3192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:06:58.0860 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD073800
21:06:58.0860 3192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD0A6000, BlocksNum 0x19E1000
21:06:58.0860 3192 ============================================================
21:06:58.0879 3192 C: <-> \Device\Harddisk0\DR0\Partition1
21:06:58.0934 3192 D: <-> \Device\Harddisk0\DR0\Partition2
21:06:58.0934 3192 ============================================================
21:06:58.0934 3192 Initialize success
21:06:58.0934 3192 ============================================================
21:07:09.0692 2500 ============================================================
21:07:09.0692 2500 Scan started
21:07:09.0692 2500 Mode: Manual;
21:07:09.0692 2500 ============================================================
21:07:10.0379 2500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:07:10.0381 2500 1394ohci - ok
21:07:10.0460 2500 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:07:10.0461 2500 ACDaemon - ok
21:07:10.0516 2500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:07:10.0519 2500 ACPI - ok
21:07:10.0549 2500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:07:10.0549 2500 AcpiPmi - ok
21:07:10.0595 2500 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:07:10.0596 2500 AdobeARMservice - ok
21:07:10.0708 2500 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:07:10.0709 2500 AdobeFlashPlayerUpdateSvc - ok
21:07:10.0766 2500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:07:10.0770 2500 adp94xx - ok
21:07:10.0799 2500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:07:10.0802 2500 adpahci - ok
21:07:10.0826 2500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:07:10.0828 2500 adpu320 - ok
21:07:10.0856 2500 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:07:10.0857 2500 AeLookupSvc - ok
21:07:10.0936 2500 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:07:10.0937 2500 AESTFilters - ok
21:07:10.0984 2500 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:07:10.0989 2500 AFD - ok
21:07:11.0026 2500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:07:11.0026 2500 agp440 - ok
21:07:11.0039 2500 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:07:11.0039 2500 ALG - ok
21:07:11.0056 2500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:07:11.0056 2500 aliide - ok
21:07:11.0310 2500 AMD External Events Utility (a592ca3ec9a5af7f74d5169d556b976f) C:\Windows\system32\atiesrxx.exe
21:07:11.0311 2500 AMD External Events Utility - ok
21:07:11.0382 2500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:07:11.0382 2500 amdide - ok
21:07:11.0397 2500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:07:11.0397 2500 AmdK8 - ok
21:07:11.0769 2500 amdkmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:07:11.0925 2500 amdkmdag - ok
21:07:12.0023 2500 amdkmdap (3d00276750e2d6f35228e12868cf1a46) C:\Windows\system32\DRIVERS\atikmpag.sys
21:07:12.0025 2500 amdkmdap - ok
21:07:12.0040 2500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:07:12.0041 2500 AmdPPM - ok
21:07:12.0074 2500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:07:12.0075 2500 amdsata - ok
21:07:12.0097 2500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:07:12.0099 2500 amdsbs - ok
21:07:12.0111 2500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:07:12.0112 2500 amdxata - ok
21:07:12.0140 2500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:07:12.0140 2500 AppID - ok
21:07:12.0157 2500 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:07:12.0158 2500 AppIDSvc - ok
21:07:12.0173 2500 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:07:12.0174 2500 Appinfo - ok
21:07:12.0198 2500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:07:12.0199 2500 arc - ok
21:07:12.0220 2500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:07:12.0221 2500 arcsas - ok
21:07:12.0231 2500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:07:12.0231 2500 AsyncMac - ok
21:07:12.0242 2500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:07:12.0243 2500 atapi - ok
21:07:12.0282 2500 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
21:07:12.0284 2500 AtiHDAudioService - ok
21:07:12.0345 2500 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:07:12.0350 2500 AudioEndpointBuilder - ok
21:07:12.0355 2500 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:07:12.0357 2500 AudioSrv - ok
21:07:12.0374 2500 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:07:12.0375 2500 AxInstSV - ok
21:07:12.0410 2500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:07:12.0414 2500 b06bdrv - ok
21:07:12.0444 2500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:07:12.0446 2500 b57nd60a - ok
21:07:12.0467 2500 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:07:12.0468 2500 BDESVC - ok
21:07:12.0473 2500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:07:12.0473 2500 Beep - ok
21:07:12.0534 2500 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:07:12.0539 2500 BFE - ok
21:07:12.0740 2500 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120517.001\BHDrvx64.sys
21:07:12.0757 2500 BHDrvx64 - ok
21:07:12.0884 2500 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:07:12.0892 2500 BITS - ok
21:07:12.0912 2500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:07:12.0913 2500 blbdrive - ok
21:07:12.0934 2500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:07:12.0935 2500 bowser - ok
21:07:12.0950 2500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:07:12.0950 2500 BrFiltLo - ok
21:07:12.0962 2500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:07:12.0962 2500 BrFiltUp - ok
21:07:13.0002 2500 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:07:13.0003 2500 Browser - ok
21:07:13.0034 2500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:07:13.0037 2500 Brserid - ok
21:07:13.0052 2500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:07:13.0052 2500 BrSerWdm - ok
21:07:13.0067 2500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:07:13.0067 2500 BrUsbMdm - ok
21:07:13.0076 2500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:07:13.0076 2500 BrUsbSer - ok
21:07:13.0095 2500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:07:13.0096 2500 BTHMODEM - ok
21:07:13.0109 2500 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:07:13.0110 2500 bthserv - ok
21:07:13.0177 2500 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
21:07:13.0185 2500 CamDrL64 - ok
21:07:13.0278 2500 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
21:07:13.0280 2500 ccSet_N360 - ok
21:07:13.0290 2500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:07:13.0291 2500 cdfs - ok
21:07:13.0327 2500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:07:13.0328 2500 cdrom - ok
21:07:13.0359 2500 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:07:13.0360 2500 CertPropSvc - ok
21:07:13.0379 2500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:07:13.0379 2500 circlass - ok
21:07:13.0423 2500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:07:13.0426 2500 CLFS - ok
21:07:13.0523 2500 CLKMSVC10_C6F09094 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
21:07:13.0525 2500 CLKMSVC10_C6F09094 - ok
21:07:13.0587 2500 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:07:13.0588 2500 clr_optimization_v2.0.50727_32 - ok
21:07:13.0635 2500 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:07:13.0636 2500 clr_optimization_v2.0.50727_64 - ok
21:07:13.0687 2500 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:07:13.0688 2500 clr_optimization_v4.0.30319_32 - ok
21:07:13.0718 2500 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:07:13.0718 2500 clr_optimization_v4.0.30319_64 - ok
21:07:13.0757 2500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:07:13.0758 2500 CmBatt - ok
21:07:13.0781 2500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:07:13.0781 2500 cmdide - ok
21:07:13.0829 2500 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:07:13.0833 2500 CNG - ok
21:07:13.0855 2500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:07:13.0855 2500 Compbatt - ok
21:07:13.0876 2500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:07:13.0877 2500 CompositeBus - ok
21:07:13.0878 2500 COMSysApp - ok
21:07:13.0897 2500 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
21:07:13.0897 2500 CpqDfw - ok
21:07:13.0914 2500 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
21:07:13.0914 2500 cqcpu - ok
21:07:13.0926 2500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:07:13.0926 2500 crcdisk - ok
21:07:13.0973 2500 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:07:13.0974 2500 CryptSvc - ok
21:07:14.0060 2500 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:07:14.0063 2500 cvhsvc - ok
21:07:14.0132 2500 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:07:14.0136 2500 DcomLaunch - ok
21:07:14.0188 2500 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:07:14.0191 2500 defragsvc - ok
21:07:14.0225 2500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:07:14.0226 2500 DfsC - ok
21:07:14.0270 2500 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:07:14.0272 2500 Dhcp - ok
21:07:14.0285 2500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:07:14.0285 2500 discache - ok
21:07:14.0303 2500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:07:14.0304 2500 Disk - ok
21:07:14.0328 2500 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:07:14.0329 2500 Dnscache - ok
21:07:14.0373 2500 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:07:14.0375 2500 dot3svc - ok
21:07:14.0396 2500 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:07:14.0397 2500 Dot4 - ok
21:07:14.0429 2500 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
21:07:14.0430 2500 Dot4Print - ok
21:07:14.0445 2500 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:07:14.0446 2500 dot4usb - ok
21:07:14.0473 2500 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:07:14.0475 2500 DPS - ok
21:07:14.0491 2500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:07:14.0491 2500 drmkaud - ok
21:07:14.0560 2500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:07:14.0568 2500 DXGKrnl - ok
21:07:14.0595 2500 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:07:14.0596 2500 EapHost - ok
21:07:14.0736 2500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:07:14.0790 2500 ebdrv - ok
21:07:14.0846 2500 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:07:14.0851 2500 eeCtrl - ok
21:07:14.0920 2500 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:07:14.0921 2500 EFS - ok
21:07:14.0993 2500 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:07:15.0012 2500 ehRecvr - ok
21:07:15.0040 2500 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:07:15.0041 2500 ehSched - ok
21:07:15.0090 2500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:07:15.0103 2500 elxstor - ok
21:07:15.0158 2500 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:07:15.0159 2500 EraserUtilRebootDrv - ok
21:07:15.0187 2500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:07:15.0187 2500 ErrDev - ok
21:07:15.0218 2500 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:07:15.0220 2500 EventSystem - ok
21:07:15.0247 2500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:07:15.0248 2500 exfat - ok
21:07:15.0269 2500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:07:15.0270 2500 fastfat - ok
21:07:15.0328 2500 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:07:15.0335 2500 Fax - ok
21:07:15.0349 2500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:07:15.0349 2500 fdc - ok
21:07:15.0369 2500 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:07:15.0370 2500 fdPHost - ok
21:07:15.0378 2500 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:07:15.0378 2500 FDResPub - ok
21:07:15.0396 2500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:07:15.0397 2500 FileInfo - ok
21:07:15.0414 2500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:07:15.0414 2500 Filetrace - ok
21:07:15.0471 2500 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
21:07:15.0473 2500 FlipShare Service - ok
21:07:15.0554 2500 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
21:07:15.0559 2500 FlipShareServer - ok
21:07:15.0666 2500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:07:15.0667 2500 flpydisk - ok
21:07:15.0705 2500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:07:15.0708 2500 FltMgr - ok
21:07:15.0785 2500 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:07:15.0795 2500 FontCache - ok
21:07:15.0836 2500 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:07:15.0836 2500 FontCache3.0.0.0 - ok
21:07:15.0854 2500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:07:15.0854 2500 FsDepends - ok
21:07:15.0879 2500 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:07:15.0879 2500 Fs_Rec - ok
21:07:15.0895 2500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:07:15.0897 2500 fvevol - ok
21:07:15.0917 2500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:07:15.0918 2500 gagp30kx - ok
21:07:15.0962 2500 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:07:15.0963 2500 GamesAppService - ok
21:07:16.0018 2500 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:07:16.0023 2500 gpsvc - ok
21:07:16.0081 2500 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:07:16.0082 2500 gupdate - ok
21:07:16.0084 2500 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:07:16.0084 2500 gupdatem - ok
21:07:16.0114 2500 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:07:16.0115 2500 gusvc - ok
21:07:16.0135 2500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:07:16.0136 2500 hcw85cir - ok
21:07:16.0179 2500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:07:16.0182 2500 HdAudAddService - ok
21:07:16.0210 2500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:07:16.0211 2500 HDAudBus - ok
21:07:16.0230 2500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:07:16.0230 2500 HidBatt - ok
21:07:16.0253 2500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:07:16.0254 2500 HidBth - ok
21:07:16.0271 2500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:07:16.0272 2500 HidIr - ok
21:07:16.0288 2500 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:07:16.0289 2500 hidserv - ok
21:07:16.0313 2500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:07:16.0314 2500 HidUsb - ok
21:07:16.0339 2500 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:07:16.0340 2500 hkmsvc - ok
21:07:16.0363 2500 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:07:16.0364 2500 HomeGroupListener - ok
21:07:16.0390 2500 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:07:16.0392 2500 HomeGroupProvider - ok
21:07:16.0458 2500 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:07:16.0459 2500 HP Support Assistant Service - ok
21:07:16.0531 2500 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
21:07:16.0534 2500 HPAuto - ok
21:07:16.0589 2500 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:07:16.0591 2500 HPClientSvc - ok
21:07:16.0622 2500 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:07:16.0623 2500 HPDrvMntSvc.exe - ok
21:07:16.0683 2500 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:07:16.0688 2500 hpqwmiex - ok
21:07:16.0814 2500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:07:16.0815 2500 HpSAMD - ok
21:07:16.0866 2500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:07:16.0872 2500 HTTP - ok
21:07:16.0914 2500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:07:16.0914 2500 hwpolicy - ok
21:07:16.0944 2500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:07:16.0945 2500 i8042prt - ok
21:07:16.0992 2500 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:07:16.0994 2500 iaStor - ok
21:07:17.0050 2500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:07:17.0055 2500 iaStorV - ok
21:07:17.0163 2500 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:07:17.0170 2500 idsvc - ok
21:07:17.0342 2500 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120530.001\IDSvia64.sys
21:07:17.0344 2500 IDSVia64 - ok
21:07:17.0394 2500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:07:17.0394 2500 iirsp - ok
21:07:17.0465 2500 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:07:17.0471 2500 IKEEXT - ok
21:07:17.0487 2500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:07:17.0487 2500 intelide - ok
21:07:17.0492 2500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:07:17.0492 2500 intelppm - ok
21:07:17.0510 2500 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:07:17.0512 2500 IPBusEnum - ok
21:07:17.0532 2500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:17.0533 2500 IpFilterDriver - ok
21:07:17.0589 2500 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:07:17.0594 2500 iphlpsvc - ok
21:07:17.0620 2500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:07:17.0621 2500 IPMIDRV - ok
21:07:17.0639 2500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:07:17.0640 2500 IPNAT - ok
21:07:17.0649 2500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:07:17.0650 2500 IRENUM - ok
21:07:17.0659 2500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:07:17.0659 2500 isapnp - ok
21:07:17.0684 2500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:07:17.0686 2500 iScsiPrt - ok
21:07:17.0709 2500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:07:17.0710 2500 kbdclass - ok
21:07:17.0726 2500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:07:17.0726 2500 kbdhid - ok
21:07:17.0752 2500 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:07:17.0752 2500 KeyIso - ok
21:07:17.0767 2500 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:07:17.0768 2500 KSecDD - ok
21:07:17.0787 2500 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:07:17.0788 2500 KSecPkg - ok
21:07:17.0790 2500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:07:17.0791 2500 ksthunk - ok
21:07:17.0828 2500 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:07:17.0831 2500 KtmRm - ok
21:07:17.0862 2500 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:07:17.0865 2500 LanmanServer - ok
21:07:17.0885 2500 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:07:17.0887 2500 LanmanWorkstation - ok
21:07:17.0889 2500 libusb0 - ok
21:07:17.0949 2500 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:07:17.0950 2500 LightScribeService - ok
21:07:17.0961 2500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:07:17.0961 2500 lltdio - ok
21:07:17.0984 2500 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:07:17.0987 2500 lltdsvc - ok
21:07:17.0990 2500 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:07:17.0990 2500 lmhosts - ok
21:07:18.0042 2500 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:07:18.0044 2500 LMS - ok
21:07:18.0059 2500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:18.0060 2500 LSI_FC - ok
21:07:18.0078 2500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:18.0079 2500 LSI_SAS - ok
21:07:18.0096 2500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:18.0097 2500 LSI_SAS2 - ok
21:07:18.0119 2500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:18.0120 2500 LSI_SCSI - ok
21:07:18.0142 2500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:07:18.0143 2500 luafv - ok
21:07:18.0168 2500 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:07:18.0168 2500 LVPr2M64 - ok
21:07:18.0169 2500 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:07:18.0170 2500 LVPr2Mon - ok
21:07:18.0239 2500 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:07:18.0240 2500 LVPrcS64 - ok
21:07:18.0249 2500 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
21:07:18.0249 2500 LVUSBS64 - ok
21:07:18.0293 2500 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:07:18.0294 2500 Mcx2Svc - ok
21:07:18.0306 2500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:07:18.0307 2500 megasas - ok
21:07:18.0338 2500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:18.0341 2500 MegaSR - ok
21:07:18.0353 2500 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:07:18.0354 2500 MEIx64 - ok
21:07:18.0366 2500 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:07:18.0367 2500 MMCSS - ok
21:07:18.0377 2500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:07:18.0377 2500 Modem - ok
21:07:18.0410 2500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:07:18.0411 2500 monitor - ok
21:07:18.0419 2500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:07:18.0419 2500 mouclass - ok
21:07:18.0431 2500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:07:18.0431 2500 mouhid - ok
21:07:18.0468 2500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:07:18.0469 2500 mountmgr - ok
21:07:18.0507 2500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:07:18.0508 2500 mpio - ok
21:07:18.0522 2500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:07:18.0523 2500 mpsdrv - ok
21:07:18.0586 2500 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:07:18.0592 2500 MpsSvc - ok
21:07:18.0649 2500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:07:18.0650 2500 MRxDAV - ok
21:07:18.0685 2500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:18.0686 2500 mrxsmb - ok
21:07:18.0707 2500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:18.0709 2500 mrxsmb10 - ok
21:07:18.0740 2500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:18.0741 2500 mrxsmb20 - ok
21:07:18.0775 2500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:07:18.0776 2500 msahci - ok
21:07:18.0812 2500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:07:18.0813 2500 msdsm - ok
21:07:18.0836 2500 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:07:18.0837 2500 MSDTC - ok
21:07:18.0855 2500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:07:18.0855 2500 Msfs - ok
21:07:18.0870 2500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:07:18.0870 2500 mshidkmdf - ok
21:07:18.0885 2500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:07:18.0886 2500 msisadrv - ok
21:07:18.0906 2500 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:07:18.0908 2500 MSiSCSI - ok
21:07:18.0910 2500 msiserver - ok
21:07:18.0917 2500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:07:18.0917 2500 MSKSSRV - ok
21:07:18.0930 2500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:18.0930 2500 MSPCLOCK - ok
21:07:18.0940 2500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:07:18.0941 2500 MSPQM - ok
21:07:18.0981 2500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:07:18.0984 2500 MsRPC - ok
21:07:19.0036 2500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:07:19.0037 2500 mssmbios - ok
21:07:19.0046 2500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:07:19.0046 2500 MSTEE - ok
21:07:19.0060 2500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:19.0060 2500 MTConfig - ok
21:07:19.0081 2500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:07:19.0082 2500 Mup - ok
21:07:19.0166 2500 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
21:07:19.0167 2500 N360 - ok
21:07:19.0239 2500 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:07:19.0244 2500 napagent - ok
21:07:19.0285 2500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:07:19.0288 2500 NativeWifiP - ok
21:07:19.0424 2500 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120530.004\ENG64.SYS
21:07:19.0424 2500 NAVENG - ok
21:07:19.0523 2500 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120530.004\EX64.SYS
21:07:19.0531 2500 NAVEX15 - ok
21:07:19.0735 2500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:07:19.0743 2500 NDIS - ok
21:07:19.0780 2500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:19.0781 2500 NdisCap - ok
21:07:19.0783 2500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:19.0784 2500 NdisTapi - ok
21:07:19.0807 2500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:19.0808 2500 Ndisuio - ok
21:07:19.0845 2500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:19.0847 2500 NdisWan - ok
21:07:19.0882 2500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:07:19.0883 2500 NDProxy - ok
21:07:19.0916 2500 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
21:07:19.0917 2500 Net Driver HPZ12 - ok
21:07:19.0934 2500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:07:19.0934 2500 NetBIOS - ok
21:07:19.0983 2500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:07:19.0986 2500 NetBT - ok
21:07:20.0007 2500 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:07:20.0008 2500 Netlogon - ok
21:07:20.0050 2500 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:07:20.0054 2500 Netman - ok
21:07:20.0089 2500 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:07:20.0092 2500 netprofm - ok
21:07:20.0196 2500 netr28x (31609b481cc202bfb441e37febcdea05) C:\Windows\system32\DRIVERS\netr28x.sys
21:07:20.0211 2500 netr28x - ok
21:07:20.0280 2500 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:20.0282 2500 NetTcpPortSharing - ok
21:07:20.0344 2500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:20.0345 2500 nfrd960 - ok
21:07:20.0398 2500 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:07:20.0400 2500 NlaSvc - ok
21:07:20.0547 2500 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:07:20.0559 2500 NOBU - ok
21:07:20.0599 2500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:07:20.0600 2500 Npfs - ok
21:07:20.0617 2500 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:07:20.0618 2500 nsi - ok
21:07:20.0623 2500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:07:20.0624 2500 nsiproxy - ok
21:07:20.0725 2500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:07:20.0738 2500 Ntfs - ok
21:07:20.0768 2500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:07:20.0768 2500 Null - ok
21:07:20.0798 2500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:07:20.0799 2500 nvraid - ok
21:07:20.0837 2500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:07:20.0839 2500 nvstor - ok
21:07:20.0869 2500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:07:20.0870 2500 nv_agp - ok
21:07:20.0896 2500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:07:20.0897 2500 ohci1394 - ok
21:07:20.0933 2500 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:20.0934 2500 ose - ok
21:07:21.0158 2500 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:07:21.0178 2500 osppsvc - ok
21:07:21.0248 2500 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:21.0252 2500 p2pimsvc - ok
21:07:21.0291 2500 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:07:21.0295 2500 p2psvc - ok
21:07:21.0326 2500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:07:21.0327 2500 Parport - ok
21:07:21.0359 2500 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:07:21.0360 2500 partmgr - ok
21:07:21.0385 2500 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:07:21.0386 2500 PcaSvc - ok
21:07:21.0403 2500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:07:21.0404 2500 pci - ok
21:07:21.0414 2500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:07:21.0414 2500 pciide - ok
21:07:21.0433 2500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:21.0435 2500 pcmcia - ok
21:07:21.0449 2500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:07:21.0450 2500 pcw - ok
21:07:21.0463 2500 pdfcDispatcher - ok
21:07:21.0508 2500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:07:21.0513 2500 PEAUTH - ok
21:07:21.0584 2500 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:07:21.0585 2500 PerfHost - ok
21:07:21.0676 2500 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:07:21.0694 2500 pla - ok
21:07:21.0745 2500 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:07:21.0748 2500 PlugPlay - ok
21:07:21.0782 2500 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
21:07:21.0783 2500 Pml Driver HPZ12 - ok
21:07:21.0789 2500 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:07:21.0790 2500 PNRPAutoReg - ok
21:07:21.0806 2500 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:21.0808 2500 PNRPsvc - ok
21:07:21.0859 2500 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:07:21.0862 2500 PolicyAgent - ok
21:07:21.0907 2500 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:07:21.0908 2500 Power - ok
21:07:21.0937 2500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:21.0938 2500 PptpMiniport - ok
21:07:21.0956 2500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:07:21.0957 2500 Processor - ok
21:07:21.0986 2500 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:07:21.0988 2500 ProfSvc - ok
21:07:22.0000 2500 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:07:22.0001 2500 ProtectedStorage - ok
21:07:22.0030 2500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:07:22.0031 2500 Psched - ok
21:07:22.0114 2500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:22.0127 2500 ql2300 - ok
21:07:22.0172 2500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:22.0173 2500 ql40xx - ok
21:07:22.0199 2500 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:07:22.0201 2500 QWAVE - ok
21:07:22.0218 2500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:07:22.0219 2500 QWAVEdrv - ok
21:07:22.0293 2500 RalinkRegistryWriter (f4c083e290bcbc8da05c6e2c7f8053b9) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
21:07:22.0295 2500 RalinkRegistryWriter - ok
21:07:22.0332 2500 RalinkRegistryWriter64 (c3b515559046a89bb0e0f2ceef73cabc) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
21:07:22.0334 2500 RalinkRegistryWriter64 - ok
21:07:22.0369 2500 RaMediaServer (accfa0846d9c7bd6a9f506982b812a5c) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
21:07:22.0372 2500 RaMediaServer - ok
21:07:22.0406 2500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:22.0407 2500 RasAcd - ok
21:07:22.0418 2500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:22.0419 2500 RasAgileVpn - ok
21:07:22.0431 2500 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:07:22.0432 2500 RasAuto - ok
21:07:22.0458 2500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:22.0459 2500 Rasl2tp - ok
21:07:22.0581 2500 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:07:22.0585 2500 RasMan - ok
21:07:22.0594 2500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:22.0594 2500 RasPppoe - ok
21:07:22.0609 2500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:22.0610 2500 RasSstp - ok
21:07:22.0639 2500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:22.0642 2500 rdbss - ok
21:07:22.0659 2500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:22.0659 2500 rdpbus - ok
21:07:22.0670 2500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:22.0671 2500 RDPCDD - ok
21:07:22.0687 2500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:07:22.0687 2500 RDPENCDD - ok
21:07:22.0702 2500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:07:22.0703 2500 RDPREFMP - ok
21:07:22.0732 2500 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:07:22.0733 2500 RDPWD - ok
21:07:22.0767 2500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:07:22.0769 2500 rdyboost - ok
21:07:22.0801 2500 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:07:22.0802 2500 RemoteAccess - ok
21:07:22.0820 2500 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:07:22.0822 2500 RemoteRegistry - ok
21:07:22.0874 2500 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
21:07:22.0876 2500 RoxioNow Service - ok
21:07:22.0905 2500 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:07:22.0906 2500 RpcEptMapper - ok
21:07:22.0933 2500 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:07:22.0933 2500 RpcLocator - ok
21:07:22.0987 2500 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:07:22.0990 2500 RpcSs - ok
21:07:23.0004 2500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:23.0005 2500 rspndr - ok
21:07:23.0041 2500 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:07:23.0044 2500 RTL8167 - ok
21:07:23.0067 2500 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:07:23.0068 2500 SamSs - ok
21:07:23.0103 2500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:07:23.0104 2500 sbp2port - ok
21:07:23.0123 2500 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:07:23.0125 2500 SCardSvr - ok
21:07:23.0161 2500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:23.0161 2500 scfilter - ok
21:07:23.0237 2500 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:07:23.0245 2500 Schedule - ok
21:07:23.0271 2500 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:07:23.0271 2500 SCPolicySvc - ok
21:07:23.0308 2500 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:07:23.0310 2500 SDRSVC - ok
21:07:23.0320 2500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:07:23.0321 2500 secdrv - ok
21:07:23.0351 2500 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:07:23.0353 2500 seclogon - ok
21:07:23.0369 2500 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:07:23.0370 2500 SENS - ok
21:07:23.0387 2500 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:07:23.0389 2500 SensrSvc - ok
21:07:23.0401 2500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:07:23.0402 2500 Serenum - ok
21:07:23.0423 2500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:07:23.0424 2500 Serial - ok
21:07:23.0456 2500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:23.0457 2500 sermouse - ok
21:07:23.0484 2500 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:07:23.0486 2500 SessionEnv - ok
21:07:23.0531 2500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:07:23.0531 2500 sffdisk - ok
21:07:23.0537 2500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:23.0537 2500 sffp_mmc - ok
21:07:23.0553 2500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:07:23.0554 2500 sffp_sd - ok
21:07:23.0567 2500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:23.0568 2500 sfloppy - ok
21:07:23.0622 2500 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:07:23.0629 2500 Sftfs - ok
21:07:23.0698 2500 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:07:23.0700 2500 sftlist - ok
21:07:23.0730 2500 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:07:23.0732 2500 Sftplay - ok
21:07:23.0735 2500 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:07:23.0736 2500 Sftredir - ok
21:07:23.0746 2500 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:07:23.0747 2500 Sftvol - ok
21:07:23.0783 2500 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:07:23.0784 2500 sftvsa - ok
21:07:23.0840 2500 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:07:23.0939 2500 SharedAccess - ok
21:07:23.0991 2500 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:07:23.0993 2500 ShellHWDetection - ok
21:07:24.0013 2500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:24.0013 2500 SiSRaid2 - ok
21:07:24.0034 2500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:24.0034 2500 SiSRaid4 - ok
21:07:24.0061 2500 SIVDRIVER (a0fd911feea045d4a4f5154666c76ec7) C:\Windows\system32\Drivers\SIVX64.sys
21:07:24.0062 2500 SIVDRIVER - ok
21:07:24.0084 2500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:07:24.0085 2500 Smb - ok
21:07:24.0094 2500 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:07:24.0095 2500 SNMPTRAP - ok
21:07:24.0105 2500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:07:24.0105 2500 spldr - ok
21:07:24.0167 2500 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:07:24.0170 2500 Spooler - ok
21:07:24.0353 2500 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:07:24.0368 2500 sppsvc - ok
21:07:24.0433 2500 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:07:24.0434 2500 sppuinotify - ok
21:07:24.0525 2500 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
21:07:24.0528 2500 SRTSP - ok
21:07:24.0545 2500 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
21:07:24.0545 2500 SRTSPX - ok
21:07:24.0597 2500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:07:24.0614 2500 srv - ok
21:07:24.0640 2500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:07:24.0644 2500 srv2 - ok
21:07:24.0665 2500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:24.0667 2500 srvnet - ok
21:07:24.0688 2500 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:07:24.0690 2500 SSDPSRV - ok
21:07:24.0702 2500 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:07:24.0704 2500 SstpSvc - ok
21:07:24.0807 2500 STacSV (bacf09a6426aa666f9bdb7d1a7bd1ba7) C:\Program Files\IDT\WDM\STacSV64.exe
21:07:24.0808 2500 STacSV - ok
21:07:24.0827 2500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:24.0828 2500 stexstor - ok
21:07:24.0866 2500 STHDA (84311d693857d5ae2e397b43c91f7b41) C:\Windows\system32\DRIVERS\stwrt64.sys
21:07:24.0871 2500 STHDA - ok
21:07:24.0933 2500 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:07:24.0939 2500 stisvc - ok
21:07:24.0953 2500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:07:24.0954 2500 swenum - ok
21:07:24.0996 2500 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:07:25.0001 2500 swprv - ok
21:07:25.0053 2500 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
21:07:25.0058 2500 SymDS - ok
21:07:25.0120 2500 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
21:07:25.0129 2500 SymEFA - ok
21:07:25.0166 2500 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:07:25.0167 2500 SymEvent - ok
21:07:25.0203 2500 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
21:07:25.0205 2500 SymIRON - ok
21:07:25.0237 2500 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
21:07:25.0241 2500 SymNetS - ok
21:07:25.0341 2500 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:07:25.0355 2500 SysMain - ok
21:07:25.0436 2500 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:07:25.0437 2500 TabletInputService - ok
21:07:25.0481 2500 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:07:25.0484 2500 TapiSrv - ok
21:07:25.0504 2500 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:07:25.0506 2500 TBS - ok
21:07:25.0618 2500 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:07:25.0633 2500 Tcpip - ok
21:07:25.0741 2500 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:25.0749 2500 TCPIP6 - ok
21:07:25.0810 2500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:07:25.0810 2500 tcpipreg - ok
21:07:25.0885 2500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:07:25.0885 2500 TDPIPE - ok
21:07:25.0914 2500 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:07:25.0914 2500 TDTCP - ok
21:07:25.0953 2500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:07:25.0954 2500 tdx - ok
21:07:25.0966 2500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:07:25.0966 2500 TermDD - ok
21:07:26.0027 2500 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:07:26.0035 2500 TermService - ok
21:07:26.0044 2500 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:07:26.0045 2500 Themes - ok
21:07:26.0069 2500 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:07:26.0070 2500 THREADORDER - ok
21:07:26.0089 2500 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:07:26.0091 2500 TrkWks - ok
21:07:26.0128 2500 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:07:26.0129 2500 TrustedInstaller - ok
21:07:26.0152 2500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:26.0152 2500 tssecsrv - ok
21:07:26.0171 2500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:07:26.0172 2500 TsUsbFlt - ok
21:07:26.0204 2500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:26.0205 2500 tunnel - ok
21:07:26.0226 2500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:26.0226 2500 uagp35 - ok
21:07:26.0262 2500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:07:26.0265 2500 udfs - ok
21:07:26.0297 2500 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:07:26.0299 2500 UI0Detect - ok
21:07:26.0317 2500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:07:26.0318 2500 uliagpkx - ok
21:07:26.0355 2500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:07:26.0355 2500 umbus - ok
21:07:26.0371 2500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:07:26.0371 2500 UmPass - ok
21:07:26.0572 2500 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:07:26.0584 2500 UNS - ok
21:07:26.0641 2500 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:07:26.0644 2500 upnphost - ok
21:07:26.0684 2500 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:07:26.0685 2500 usbaudio - ok
21:07:26.0717 2500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:26.0718 2500 usbccgp - ok
21:07:26.0758 2500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:07:26.0758 2500 usbcir - ok
21:07:26.0795 2500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:07:26.0796 2500 usbehci - ok
21:07:26.0826 2500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:26.0829 2500 usbhub - ok
21:07:26.0846 2500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:07:26.0846 2500 usbohci - ok
21:07:26.0862 2500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:26.0862 2500 usbprint - ok
21:07:26.0875 2500 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:07:26.0876 2500 usbscan - ok
21:07:26.0898 2500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:26.0899 2500 USBSTOR - ok
21:07:26.0911 2500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:07:26.0912 2500 usbuhci - ok
21:07:26.0929 2500 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:07:26.0930 2500 UxSms - ok
21:07:26.0955 2500 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:07:26.0955 2500 VaultSvc - ok
21:07:26.0961 2500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:07:26.0961 2500 vdrvroot - ok
21:07:27.0015 2500 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:07:27.0027 2500 vds - ok
21:07:27.0044 2500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:27.0044 2500 vga - ok
21:07:27.0053 2500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:07:27.0053 2500 VgaSave - ok
21:07:27.0102 2500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:07:27.0104 2500 vhdmp - ok
21:07:27.0124 2500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:07:27.0125 2500 viaide - ok
21:07:27.0139 2500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:07:27.0140 2500 volmgr - ok
21:07:27.0192 2500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:07:27.0195 2500 volmgrx - ok
21:07:27.0217 2500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:07:27.0218 2500 volsnap - ok
21:07:27.0235 2500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:27.0237 2500 vsmraid - ok
21:07:27.0338 2500 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:07:27.0346 2500 VSS - ok
21:07:27.0390 2500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:27.0390 2500 vwifibus - ok
21:07:27.0402 2500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:27.0403 2500 vwififlt - ok
21:07:27.0419 2500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:27.0419 2500 vwifimp - ok
21:07:27.0454 2500 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:07:27.0458 2500 W32Time - ok
21:07:27.0485 2500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:27.0486 2500 WacomPen - ok
21:07:27.0499 2500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:27.0500 2500 WANARP - ok
21:07:27.0501 2500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:27.0502 2500 Wanarpv6 - ok
21:07:27.0606 2500 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:07:27.0616 2500 WatAdminSvc - ok
21:07:27.0711 2500 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:07:27.0726 2500 wbengine - ok
21:07:27.0769 2500 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:07:27.0772 2500 WbioSrvc - ok
21:07:27.0818 2500 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:07:27.0821 2500 wcncsvc - ok
21:07:27.0839 2500 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:07:27.0840 2500 WcsPlugInService - ok
21:07:27.0863 2500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:07:27.0863 2500 Wd - ok
21:07:27.0907 2500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:07:27.0912 2500 Wdf01000 - ok
21:07:27.0928 2500 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:27.0930 2500 WdiServiceHost - ok
21:07:27.0931 2500 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:27.0933 2500 WdiSystemHost - ok
21:07:27.0967 2500 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:07:27.0970 2500 WebClient - ok
21:07:27.0993 2500 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:07:27.0996 2500 Wecsvc - ok
21:07:28.0002 2500 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:07:28.0004 2500 wercplsupport - ok
21:07:28.0016 2500 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:07:28.0018 2500 WerSvc - ok
21:07:28.0031 2500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:28.0031 2500 WfpLwf - ok
21:07:28.0041 2500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:07:28.0041 2500 WIMMount - ok
21:07:28.0061 2500 WinDefend - ok
21:07:28.0064 2500 WinHttpAutoProxySvc - ok
21:07:28.0112 2500 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:07:28.0113 2500 Winmgmt - ok
21:07:28.0211 2500 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:07:28.0228 2500 WinRM - ok
21:07:28.0308 2500 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:07:28.0315 2500 Wlansvc - ok
21:07:28.0482 2500 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:07:28.0492 2500 wlidsvc - ok
21:07:28.0543 2500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:07:28.0543 2500 WmiAcpi - ok
21:07:28.0564 2500 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:28.0566 2500 wmiApSrv - ok
21:07:28.0569 2500 WMPNetworkSvc - ok
21:07:28.0582 2500 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:07:28.0584 2500 WPCSvc - ok
21:07:28.0598 2500 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:07:28.0600 2500 WPDBusEnum - ok
21:07:28.0610 2500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:28.0611 2500 ws2ifsl - ok
21:07:28.0622 2500 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:07:28.0624 2500 wscsvc - ok
21:07:28.0625 2500 WSearch - ok
21:07:28.0744 2500 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:07:28.0790 2500 wuauserv - ok
21:07:28.0856 2500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:07:28.0858 2500 WudfPf - ok
21:07:28.0877 2500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:28.0879 2500 WUDFRd - ok
21:07:28.0913 2500 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:07:28.0915 2500 wudfsvc - ok
21:07:28.0934 2500 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:07:28.0937 2500 WwanSvc - ok
21:07:28.0963 2500 MBR (0x1B8) (a86e52eb6bd5e46f19658668977e3f48) \Device\Harddisk0\DR0
21:07:29.0165 2500 \Device\Harddisk0\DR0 - ok
21:07:29.0167 2500 Boot (0x1200) (7ecb92f440c113d5d7f0d7121c2530f3) \Device\Harddisk0\DR0\Partition0
21:07:29.0168 2500 \Device\Harddisk0\DR0\Partition0 - ok
21:07:29.0199 2500 Boot (0x1200) (9a56b4ce6f5e3ec03714cfac3b31cf65) \Device\Harddisk0\DR0\Partition1
21:07:29.0200 2500 \Device\Harddisk0\DR0\Partition1 - ok
21:07:29.0230 2500 Boot (0x1200) (613f48b9c4cfd9b15255e47be82174e2) \Device\Harddisk0\DR0\Partition2
21:07:29.0231 2500 \Device\Harddisk0\DR0\Partition2 - ok
21:07:29.0231 2500 ============================================================
21:07:29.0231 2500 Scan finished
21:07:29.0231 2500 ============================================================
21:07:29.0237 6164 Detected object count: 0
21:07:29.0237 6164 Actual detected object count: 0
21:10:41.0735 6028 ============================================================
21:10:41.0735 6028 Scan started
21:10:41.0735 6028 Mode: Manual; SigCheck; TDLFS;
21:10:41.0735 6028 ============================================================
21:10:42.0200 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:10:42.0268 6028 1394ohci - ok
21:10:42.0352 6028 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:10:42.0369 6028 ACDaemon - ok
21:10:42.0418 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:10:42.0429 6028 ACPI - ok
21:10:42.0464 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:10:42.0498 6028 AcpiPmi - ok
21:10:42.0570 6028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:42.0576 6028 AdobeARMservice - ok
21:10:42.0683 6028 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:42.0692 6028 AdobeFlashPlayerUpdateSvc - ok
21:10:42.0754 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:10:42.0767 6028 adp94xx - ok
21:10:42.0835 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:10:42.0846 6028 adpahci - ok
21:10:42.0861 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:10:42.0870 6028 adpu320 - ok
21:10:42.0891 6028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:10:43.0004 6028 AeLookupSvc - ok
21:10:43.0089 6028 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:10:43.0201 6028 AESTFilters - ok
21:10:43.0248 6028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:10:43.0295 6028 AFD - ok
21:10:43.0325 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:10:43.0333 6028 agp440 - ok
21:10:43.0350 6028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:10:43.0377 6028 ALG - ok
21:10:43.0391 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:10:43.0398 6028 aliide - ok
21:10:43.0432 6028 AMD External Events Utility (a592ca3ec9a5af7f74d5169d556b976f) C:\Windows\system32\atiesrxx.exe
21:10:43.0464 6028 AMD External Events Utility - ok
21:10:43.0477 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:10:43.0485 6028 amdide - ok
21:10:43.0503 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:10:43.0539 6028 AmdK8 - ok
21:10:43.0907 6028 amdkmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:10:44.0013 6028 amdkmdag - ok
21:10:44.0131 6028 amdkmdap (3d00276750e2d6f35228e12868cf1a46) C:\Windows\system32\DRIVERS\atikmpag.sys
21:10:44.0162 6028 amdkmdap - ok
21:10:44.0183 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:10:44.0218 6028 AmdPPM - ok
21:10:44.0242 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:10:44.0250 6028 amdsata - ok
21:10:44.0277 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:10:44.0287 6028 amdsbs - ok
21:10:44.0302 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:10:44.0310 6028 amdxata - ok
21:10:44.0331 6028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:10:44.0363 6028 AppID - ok
21:10:44.0385 6028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:10:44.0420 6028 AppIDSvc - ok
21:10:44.0452 6028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:10:44.0492 6028 Appinfo - ok
21:10:44.0509 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:10:44.0517 6028 arc - ok
21:10:44.0530 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:10:44.0538 6028 arcsas - ok
21:10:44.0553 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:44.0606 6028 AsyncMac - ok
21:10:44.0625 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:10:44.0633 6028 atapi - ok
21:10:44.0678 6028 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
21:10:44.0687 6028 AtiHDAudioService - ok
21:10:44.0752 6028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:10:44.0806 6028 AudioEndpointBuilder - ok
21:10:44.0810 6028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:10:44.0839 6028 AudioSrv - ok
21:10:44.0864 6028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:10:44.0931 6028 AxInstSV - ok
21:10:44.0961 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:10:44.0990 6028 b06bdrv - ok
21:10:45.0020 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:45.0055 6028 b57nd60a - ok
21:10:45.0078 6028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:10:45.0101 6028 BDESVC - ok
21:10:45.0120 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:10:45.0158 6028 Beep - ok
21:10:45.0214 6028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:10:45.0252 6028 BFE - ok
21:10:45.0459 6028 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120517.001\BHDrvx64.sys
21:10:45.0477 6028 BHDrvx64 - ok
21:10:45.0604 6028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:10:45.0634 6028 BITS - ok
21:10:45.0655 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:45.0681 6028 blbdrive - ok
21:10:45.0702 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:10:45.0727 6028 bowser - ok
21:10:45.0741 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:10:45.0766 6028 BrFiltLo - ok
21:10:45.0776 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:10:45.0786 6028 BrFiltUp - ok
21:10:45.0829 6028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:10:45.0865 6028 Browser - ok
21:10:45.0898 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:10:45.0919 6028 Brserid - ok
21:10:45.0938 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:45.0958 6028 BrSerWdm - ok
21:10:46.0002 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:46.0013 6028 BrUsbMdm - ok
21:10:46.0023 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:46.0031 6028 BrUsbSer - ok
21:10:46.0042 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:10:46.0053 6028 BTHMODEM - ok
21:10:46.0068 6028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:10:46.0093 6028 bthserv - ok
21:10:46.0159 6028 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
21:10:46.0176 6028 CamDrL64 - ok
21:10:46.0249 6028 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
21:10:46.0257 6028 ccSet_N360 - ok
21:10:46.0273 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:10:46.0307 6028 cdfs - ok
21:10:46.0347 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:10:46.0364 6028 cdrom - ok
21:10:46.0390 6028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:10:46.0432 6028 CertPropSvc - ok
21:10:46.0446 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:10:46.0457 6028 circlass - ok
21:10:46.0489 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:10:46.0500 6028 CLFS - ok
21:10:46.0591 6028 CLKMSVC10_C6F09094 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
21:10:46.0599 6028 CLKMSVC10_C6F09094 - ok
21:10:46.0667 6028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:46.0674 6028 clr_optimization_v2.0.50727_32 - ok
21:10:46.0715 6028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:46.0722 6028 clr_optimization_v2.0.50727_64 - ok
21:10:46.0779 6028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:46.0786 6028 clr_optimization_v4.0.30319_32 - ok
21:10:46.0821 6028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:46.0828 6028 clr_optimization_v4.0.30319_64 - ok
21:10:46.0896 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:46.0922 6028 CmBatt - ok
21:10:46.0944 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:10:46.0951 6028 cmdide - ok
21:10:47.0003 6028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:10:47.0020 6028 CNG - ok
21:10:47.0029 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:10:47.0037 6028 Compbatt - ok
21:10:47.0063 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:10:47.0093 6028 CompositeBus - ok
21:10:47.0094 6028 COMSysApp - ok
21:10:47.0119 6028 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
21:10:47.0126 6028 CpqDfw - ok
21:10:47.0137 6028 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
21:10:47.0143 6028 cqcpu - ok
21:10:47.0161 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:10:47.0168 6028 crcdisk - ok
21:10:47.0210 6028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:10:47.0244 6028 CryptSvc - ok
21:10:47.0340 6028 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:10:47.0356 6028 cvhsvc - ok
21:10:47.0402 6028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:10:47.0443 6028 DcomLaunch - ok
21:10:47.0484 6028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:10:47.0525 6028 defragsvc - ok
21:10:47.0556 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:10:47.0591 6028 DfsC - ok
21:10:47.0637 6028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:10:47.0677 6028 Dhcp - ok
21:10:47.0688 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:10:47.0723 6028 discache - ok
21:10:47.0742 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:10:47.0750 6028 Disk - ok
21:10:47.0779 6028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:10:47.0797 6028 Dnscache - ok
21:10:47.0839 6028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:10:47.0865 6028 dot3svc - ok
21:10:47.0883 6028 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:10:47.0901 6028 Dot4 - ok
21:10:47.0928 6028 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
21:10:47.0955 6028 Dot4Print - ok
21:10:47.0968 6028 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:10:47.0979 6028 dot4usb - ok
21:10:48.0009 6028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:10:48.0048 6028 DPS - ok
21:10:48.0062 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:10:48.0091 6028 drmkaud - ok
21:10:48.0153 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:10:48.0171 6028 DXGKrnl - ok
21:10:48.0202 6028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:10:48.0228 6028 EapHost - ok
21:10:48.0367 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:10:48.0400 6028 ebdrv - ok
21:10:48.0452 6028 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:10:48.0463 6028 eeCtrl - ok
21:10:48.0539 6028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:10:48.0565 6028 EFS - ok
21:10:48.0635 6028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:10:48.0668 6028 ehRecvr - ok
21:10:48.0707 6028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:10:48.0716 6028 ehSched - ok
21:10:48.0756 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:10:48.0769 6028 elxstor - ok
21:10:48.0802 6028 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:10:48.0809 6028 EraserUtilRebootDrv - ok
21:10:48.0842 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:10:48.0866 6028 ErrDev - ok
21:10:48.0898 6028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:10:48.0926 6028 EventSystem - ok
21:10:48.0951 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:10:48.0987 6028 exfat - ok
21:10:49.0008 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:10:49.0034 6028 fastfat - ok
21:10:49.0091 6028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:10:49.0115 6028 Fax - ok
21:10:49.0136 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:10:49.0144 6028 fdc - ok
21:10:49.0147 6028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:10:49.0172 6028 fdPHost - ok
21:10:49.0189 6028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:10:49.0213 6028 FDResPub - ok
21:10:49.0232 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:10:49.0240 6028 FileInfo - ok
21:10:49.0248 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:10:49.0291 6028 Filetrace - ok
21:10:49.0354 6028 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
21:10:49.0364 6028 FlipShare Service - ok
21:10:49.0438 6028 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
21:10:49.0458 6028 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
21:10:49.0458 6028 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
21:10:49.0513 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:49.0521 6028 flpydisk - ok
21:10:49.0566 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:10:49.0576 6028 FltMgr - ok
21:10:49.0643 6028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:10:49.0660 6028 FontCache - ok
21:10:49.0709 6028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:49.0715 6028 FontCache3.0.0.0 - ok
21:10:49.0737 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:10:49.0745 6028 FsDepends - ok
21:10:49.0773 6028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:10:49.0781 6028 Fs_Rec - ok
21:10:49.0826 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:10:49.0838 6028 fvevol - ok
21:10:49.0859 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:10:49.0867 6028 gagp30kx - ok
21:10:49.0916 6028 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:10:49.0924 6028 GamesAppService - ok
21:10:49.0985 6028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:10:50.0024 6028 gpsvc - ok
21:10:50.0084 6028 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:10:50.0092 6028 gupdate - ok
21:10:50.0093 6028 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:10:50.0100 6028 gupdatem - ok
21:10:50.0128 6028 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:50.0136 6028 gusvc - ok
21:10:50.0150 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:10:50.0170 6028 hcw85cir - ok
21:10:50.0206 6028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:10:50.0227 6028 HdAudAddService - ok
21:10:50.0261 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:10:50.0283 6028 HDAudBus - ok
21:10:50.0304 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:10:50.0313 6028 HidBatt - ok
21:10:50.0327 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:10:50.0353 6028 HidBth - ok
21:10:50.0370 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:10:50.0392 6028 HidIr - ok
21:10:50.0404 6028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:10:50.0444 6028 hidserv - ok
21:10:50.0460 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:10:50.0468 6028 HidUsb - ok
21:10:50.0498 6028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:10:50.0547 6028 hkmsvc - ok
21:10:50.0583 6028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:10:50.0593 6028 HomeGroupListener - ok
21:10:50.0606 6028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:10:50.0630 6028 HomeGroupProvider - ok
21:10:50.0701 6028 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:10:50.0708 6028 HP Support Assistant Service - ok
21:10:50.0773 6028 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
21:10:50.0786 6028 HPAuto - ok
21:10:50.0821 6028 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:10:50.0830 6028 HPClientSvc - ok
21:10:50.0866 6028 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:10:50.0872 6028 HPDrvMntSvc.exe - ok
21:10:50.0927 6028 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:10:50.0941 6028 hpqwmiex - ok
21:10:51.0033 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:10:51.0041 6028 HpSAMD - ok
21:10:51.0096 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:10:51.0141 6028 HTTP - ok
21:10:51.0156 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:10:51.0163 6028 hwpolicy - ok
21:10:51.0200 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:10:51.0209 6028 i8042prt - ok
21:10:51.0259 6028 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:10:51.0270 6028 iaStor - ok
21:10:51.0318 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:10:51.0329 6028 iaStorV - ok
21:10:51.0429 6028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:10:51.0444 6028 idsvc - ok
21:10:51.0597 6028 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120530.001\IDSvia64.sys
21:10:51.0608 6028 IDSVia64 - ok
21:10:51.0673 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:10:51.0681 6028 iirsp - ok
21:10:51.0735 6028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:10:51.0766 6028 IKEEXT - ok
21:10:51.0778 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:10:51.0785 6028 intelide - ok
21:10:51.0789 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:10:51.0815 6028 intelppm - ok
21:10:51.0849 6028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:10:51.0874 6028 IPBusEnum - ok
21:10:51.0907 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:51.0943 6028 IpFilterDriver - ok
21:10:52.0000 6028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:10:52.0045 6028 iphlpsvc - ok
21:10:52.0066 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:10:52.0084 6028 IPMIDRV - ok
21:10:52.0110 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:10:52.0149 6028 IPNAT - ok
21:10:52.0168 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:10:52.0180 6028 IRENUM - ok
21:10:52.0213 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:10:52.0221 6028 isapnp - ok
21:10:52.0251 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:10:52.0261 6028 iScsiPrt - ok
21:10:52.0288 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:52.0296 6028 kbdclass - ok
21:10:52.0305 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:52.0321 6028 kbdhid - ok
21:10:52.0354 6028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:10:52.0363 6028 KeyIso - ok
21:10:52.0381 6028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:10:52.0389 6028 KSecDD - ok
21:10:52.0402 6028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:10:52.0411 6028 KSecPkg - ok
21:10:52.0425 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:10:52.0449 6028 ksthunk - ok
21:10:52.0491 6028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:10:52.0528 6028 KtmRm - ok
21:10:52.0561 6028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:10:52.0588 6028 LanmanServer - ok
21:10:52.0631 6028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:10:52.0657 6028 LanmanWorkstation - ok
21:10:52.0659 6028 libusb0 - ok
21:10:52.0756 6028 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:10:52.0759 6028 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:10:52.0760 6028 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:10:52.0779 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:10:52.0804 6028 lltdio - ok
21:10:52.0875 6028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:10:52.0903 6028 lltdsvc - ok
21:10:52.0906 6028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:10:52.0931 6028 lmhosts - ok
21:10:52.0979 6028 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:10:52.0989 6028 LMS - ok
21:10:53.0009 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:10:53.0017 6028 LSI_FC - ok
21:10:53.0028 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:10:53.0036 6028 LSI_SAS - ok
21:10:53.0047 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:10:53.0055 6028 LSI_SAS2 - ok
21:10:53.0070 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:10:53.0078 6028 LSI_SCSI - ok
21:10:53.0116 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:10:53.0142 6028 luafv - ok
21:10:53.0178 6028 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:10:53.0185 6028 LVPr2M64 - ok
21:10:53.0186 6028 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:10:53.0192 6028 LVPr2Mon - ok
21:10:53.0262 6028 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:10:53.0270 6028 LVPrcS64 - ok
21:10:53.0284 6028 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
21:10:53.0290 6028 LVUSBS64 - ok
21:10:53.0340 6028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:10:53.0349 6028 Mcx2Svc - ok
21:10:53.0365 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:10:53.0372 6028 megasas - ok
21:10:53.0397 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:10:53.0408 6028 MegaSR - ok
21:10:53.0445 6028 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:10:53.0452 6028 MEIx64 - ok
21:10:53.0461 6028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:10:53.0501 6028 MMCSS - ok
21:10:53.0520 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:10:53.0552 6028 Modem - ok
21:10:53.0577 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:10:53.0599 6028 monitor - ok
21:10:53.0621 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:10:53.0629 6028 mouclass - ok
21:10:53.0645 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:10:53.0654 6028 mouhid - ok
21:10:53.0681 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:10:53.0690 6028 mountmgr - ok
21:10:53.0721 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:10:53.0730 6028 mpio - ok
21:10:53.0749 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:10:53.0773 6028 mpsdrv - ok
21:10:53.0836 6028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:10:53.0867 6028 MpsSvc - ok
21:10:53.0900 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:10:53.0926 6028 MRxDAV - ok
21:10:53.0959 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:53.0982 6028 mrxsmb - ok
21:10:54.0008 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:54.0037 6028 mrxsmb10 - ok
21:10:54.0063 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:54.0071 6028 mrxsmb20 - ok
21:10:54.0098 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:10:54.0106 6028 msahci - ok
21:10:54.0134 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:10:54.0143 6028 msdsm - ok
21:10:54.0171 6028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:10:54.0193 6028 MSDTC - ok
21:10:54.0213 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:10:54.0238 6028 Msfs - ok
21:10:54.0264 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:10:54.0301 6028 mshidkmdf - ok
21:10:54.0303 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:10:54.0311 6028 msisadrv - ok
21:10:54.0349 6028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:10:54.0375 6028 MSiSCSI - ok
21:10:54.0377 6028 msiserver - ok
21:10:54.0396 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:10:54.0420 6028 MSKSSRV - ok
21:10:54.0433 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:54.0467 6028 MSPCLOCK - ok
21:10:54.0479 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:10:54.0518 6028 MSPQM - ok
21:10:54.0555 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:10:54.0566 6028 MsRPC - ok
21:10:54.0587 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:10:54.0594 6028 mssmbios - ok
21:10:54.0608 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:10:54.0646 6028 MSTEE - ok
21:10:54.0659 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:10:54.0667 6028 MTConfig - ok
21:10:54.0680 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:10:54.0687 6028 Mup - ok
21:10:54.0777 6028 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
21:10:54.0784 6028 N360 - ok
21:10:54.0834 6028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:10:54.0870 6028 napagent - ok
21:10:54.0907 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:10:54.0937 6028 NativeWifiP - ok
21:10:55.0094 6028 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120530.004\ENG64.SYS
21:10:55.0101 6028 NAVENG - ok
21:10:55.0196 6028 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120530.004\EX64.SYS
21:10:55.0224 6028 NAVEX15 - ok
21:10:55.0369 6028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:10:55.0386 6028 NDIS - ok
21:10:55.0403 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:10:55.0428 6028 NdisCap - ok
21:10:55.0446 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:55.0482 6028 NdisTapi - ok
21:10:55.0513 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:55.0537 6028 Ndisuio - ok
21:10:55.0575 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:55.0611 6028 NdisWan - ok
21:10:55.0649 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:10:55.0673 6028 NDProxy - ok
21:10:55.0707 6028 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
21:10:55.0710 6028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:10:55.0710 6028 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:10:55.0724 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:10:55.0767 6028 NetBIOS - ok
21:10:55.0810 6028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:10:55.0836 6028 NetBT - ok
21:10:55.0847 6028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:10:55.0855 6028 Netlogon - ok
21:10:55.0901 6028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:10:55.0943 6028 Netman - ok
21:10:55.0976 6028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:10:56.0005 6028 netprofm - ok
21:10:56.0106 6028 netr28x (31609b481cc202bfb441e37febcdea05) C:\Windows\system32\DRIVERS\netr28x.sys
21:10:56.0131 6028 netr28x - ok
21:10:56.0216 6028 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:56.0223 6028 NetTcpPortSharing - ok
21:10:56.0279 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:10:56.0287 6028 nfrd960 - ok
21:10:56.0320 6028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:10:56.0362 6028 NlaSvc - ok
21:10:56.0518 6028 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:10:56.0554 6028 NOBU - ok
21:10:56.0594 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:10:56.0618 6028 Npfs - ok
21:10:56.0624 6028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:10:56.0648 6028 nsi - ok
21:10:56.0654 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:10:56.0678 6028 nsiproxy - ok
21:10:56.0774 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:10:56.0799 6028 Ntfs - ok
21:10:56.0853 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:10:56.0893 6028 Null - ok
21:10:56.0927 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:10:56.0936 6028 nvraid - ok
21:10:56.0952 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:10:56.0961 6028 nvstor - ok
21:10:56.0996 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:10:57.0004 6028 nv_agp - ok
21:10:57.0035 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:10:57.0044 6028 ohci1394 - ok
21:10:57.0097 6028 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:57.0105 6028 ose - ok
21:10:57.0333 6028 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:10:57.0392 6028 osppsvc - ok
21:10:57.0460 6028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:10:57.0479 6028 p2pimsvc - ok
21:10:57.0513 6028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:10:57.0525 6028 p2psvc - ok
21:10:57.0549 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:10:57.0575 6028 Parport - ok
21:10:57.0606 6028 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:10:57.0614 6028 partmgr - ok
21:10:57.0632 6028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:10:57.0659 6028 PcaSvc - ok
21:10:57.0686 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:10:57.0696 6028 pci - ok
21:10:57.0708 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:10:57.0716 6028 pciide - ok
21:10:57.0739 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:10:57.0749 6028 pcmcia - ok
21:10:57.0767 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:10:57.0774 6028 pcw - ok
21:10:57.0793 6028 pdfcDispatcher - ok
21:10:57.0839 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:10:57.0884 6028 PEAUTH - ok
21:10:57.0952 6028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:10:57.0974 6028 PerfHost - ok
21:10:58.0066 6028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:10:58.0101 6028 pla - ok
21:10:58.0148 6028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:10:58.0160 6028 PlugPlay - ok
21:10:58.0186 6028 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
21:10:58.0203 6028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:10:58.0203 6028 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:10:58.0217 6028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:10:58.0239 6028 PNRPAutoReg - ok
21:10:58.0254 6028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:10:58.0265 6028 PNRPsvc - ok
21:10:58.0312 6028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:10:58.0340 6028 PolicyAgent - ok
21:10:58.0371 6028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:10:58.0411 6028 Power - ok
21:10:58.0436 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:10:58.0462 6028 PptpMiniport - ok
21:10:58.0479 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:10:58.0498 6028 Processor - ok
21:10:58.0521 6028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:10:58.0562 6028 ProfSvc - ok
21:10:58.0594 6028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:10:58.0602 6028 ProtectedStorage - ok
21:10:58.0639 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:10:58.0664 6028 Psched - ok
21:10:58.0745 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:10:58.0769 6028 ql2300 - ok
21:10:58.0840 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:10:58.0848 6028 ql40xx - ok
21:10:58.0879 6028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:10:58.0912 6028 QWAVE - ok
21:10:58.0935 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:10:58.0961 6028 QWAVEdrv - ok
21:10:59.0021 6028 RalinkRegistryWriter (f4c083e290bcbc8da05c6e2c7f8053b9) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
21:10:59.0042 6028 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning
21:10:59.0042 6028 RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1)
21:10:59.0083 6028 RalinkRegistryWriter64 (c3b515559046a89bb0e0f2ceef73cabc) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
21:10:59.0090 6028 RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - warning
21:10:59.0090 6028 RalinkRegistryWriter64 - detected UnsignedFile.Multi.Generic (1)
21:10:59.0133 6028 RaMediaServer (accfa0846d9c7bd6a9f506982b812a5c) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
21:10:59.0146 6028 RaMediaServer - ok
21:10:59.0182 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:10:59.0207 6028 RasAcd - ok
21:10:59.0242 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:10:59.0283 6028 RasAgileVpn - ok
21:10:59.0303 6028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:10:59.0329 6028 RasAuto - ok
21:10:59.0336 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:59.0360 6028 Rasl2tp - ok
21:10:59.0404 6028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:10:59.0440 6028 RasMan - ok
21:10:59.0466 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:59.0498 6028 RasPppoe - ok
21:10:59.0504 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:10:59.0529 6028 RasSstp - ok
21:10:59.0558 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:10:59.0595 6028 rdbss - ok
21:10:59.0615 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:10:59.0636 6028 rdpbus - ok
21:10:59.0650 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:59.0693 6028 RDPCDD - ok
21:10:59.0714 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:10:59.0752 6028 RDPENCDD - ok
21:10:59.0766 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:10:59.0790 6028 RDPREFMP - ok
21:10:59.0818 6028 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:10:59.0847 6028 RDPWD - ok
21:10:59.0879 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:10:59.0889 6028 rdyboost - ok
21:10:59.0913 6028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:10:59.0948 6028 RemoteAccess - ok
21:10:59.0968 6028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:11:00.0005 6028 RemoteRegistry - ok
21:11:00.0059 6028 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
21:11:00.0069 6028 RoxioNow Service - ok
21:11:00.0100 6028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:11:00.0127 6028 RpcEptMapper - ok
21:11:00.0152 6028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:11:00.0170 6028 RpcLocator - ok
21:11:00.0216 6028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:11:00.0244 6028 RpcSs - ok
21:11:00.0260 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:11:00.0284 6028 rspndr - ok
21:11:00.0318 6028 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:11:00.0328 6028 RTL8167 - ok
21:11:00.0347 6028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:11:00.0355 6028 SamSs - ok
21:11:00.0395 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:11:00.0404 6028 sbp2port - ok
21:11:00.0424 6028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:11:00.0450 6028 SCardSvr - ok
21:11:00.0488 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:11:00.0522 6028 scfilter - ok
21:11:00.0596 6028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:11:00.0639 6028 Schedule - ok
21:11:00.0670 6028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:11:00.0695 6028 SCPolicySvc - ok
21:11:00.0732 6028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:11:00.0754 6028 SDRSVC - ok
21:11:00.0768 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:11:00.0792 6028 secdrv - ok
21:11:00.0823 6028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:11:00.0866 6028 seclogon - ok
21:11:00.0889 6028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:11:00.0915 6028 SENS - ok
21:11:00.0931 6028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:11:00.0940 6028 SensrSvc - ok
21:11:00.0957 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:11:00.0981 6028 Serenum - ok
21:11:01.0003 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:11:01.0012 6028 Serial - ok
21:11:01.0036 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:11:01.0061 6028 sermouse - ok
21:11:01.0086 6028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 14:16:13
-----------------------------
14:16:13.416 OS Version: Windows x64 6.1.7601 Service Pack 1
14:16:13.416 Number of processors: 4 586 0x2A07
14:16:13.416 ComputerName: PATRICK-HP UserName: Patrick
14:16:14.742 Initialize success
14:16:24.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:16:24.861 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
14:16:24.871 Disk 0 MBR read successfully
14:16:24.873 Disk 0 MBR scan
14:16:24.874 Disk 0 unknown MBR code
14:16:24.880 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:16:24.890 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1417447 MB offset 206848
14:16:24.920 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13250 MB offset 2903138304
14:16:24.962 Disk 0 scanning C:\Windows\system32\drivers
14:16:31.052 Service scanning
14:16:43.395 Modules scanning
14:16:43.396 Disk 0 trace - called modules:
14:16:43.410 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:16:43.410 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800967c060]
14:16:43.410 3 CLASSPNP.SYS[fffff88001d8243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80083d3050]
14:16:43.412 Scan finished successfully
14:46:50.164 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
14:46:50.168 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"

#8
Gammo

Posted 04 June 2012 - 01:26 PM

Member 2k

Malware Removal
2,299 posts

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool: