google redirect virus

[andersns]

Google searches get redirected. please help. Norton and malware don't detect it.

DDS.txt

[andersns]

edit

Attach.txt

[Maniac]

Hello andersns and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

Vuze

Vuze Remote Toolbar

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log

[andersns]

Okay so I followed the steps, but the problem continues.

TDS log

17:36:25.0201 1540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

17:36:25.0513 1540 ============================================================

17:36:25.0513 1540 Current date / time: 2012/07/26 17:36:25.0513

17:36:25.0513 1540 SystemInfo:

17:36:25.0513 1540

17:36:25.0513 1540 OS Version: 6.1.7600 ServicePack: 0.0

17:36:25.0513 1540 Product type: Workstation

17:36:25.0513 1540 ComputerName: NICK-PC

17:36:25.0513 1540 UserName: Nick

17:36:25.0513 1540 Windows directory: C:\Windows

17:36:25.0513 1540 System windows directory: C:\Windows

17:36:25.0513 1540 Running under WOW64

17:36:25.0513 1540 Processor architecture: Intel x64

17:36:25.0513 1540 Number of processors: 2

17:36:25.0513 1540 Page size: 0x1000

17:36:25.0513 1540 Boot type: Safe boot with network

17:36:25.0513 1540 ============================================================

17:36:26.0839 1540 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:36:26.0855 1540 ============================================================

17:36:26.0855 1540 \Device\Harddisk0\DR0:

17:36:26.0855 1540 MBR partitions:

17:36:26.0855 1540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

17:36:26.0855 1540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37EFB000

17:36:26.0855 1540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37F5F000, BlocksNum 0x23F3000

17:36:26.0855 1540 ============================================================

17:36:26.0870 1540 C: <-> \Device\Harddisk0\DR0\Partition1

17:36:26.0902 1540 D: <-> \Device\Harddisk0\DR0\Partition2

17:36:26.0902 1540 ============================================================

17:36:26.0902 1540 Initialize success

17:36:26.0902 1540 ============================================================

17:39:11.0997 1408 ============================================================

17:39:11.0997 1408 Scan started

17:39:11.0997 1408 Mode: Manual; SigCheck; TDLFS;

17:39:11.0997 1408 ============================================================

17:39:13.0011 1408 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

17:39:13.0120 1408 1394ohci - ok

17:39:13.0151 1408 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys

17:39:13.0151 1408 Accelerometer - ok

17:39:13.0260 1408 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

17:39:13.0276 1408 ACDaemon - ok

17:39:13.0323 1408 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:39:13.0338 1408 ACPI - ok

17:39:13.0370 1408 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:39:13.0448 1408 AcpiPmi - ok

17:39:13.0494 1408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:39:13.0510 1408 adp94xx - ok

17:39:13.0557 1408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:39:13.0572 1408 adpahci - ok

17:39:13.0588 1408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:39:13.0604 1408 adpu320 - ok

17:39:13.0635 1408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

17:39:13.0791 1408 AeLookupSvc - ok

17:39:13.0900 1408 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe

17:39:13.0978 1408 AESTFilters - ok

17:39:14.0040 1408 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

17:39:14.0103 1408 AFD - ok

17:39:14.0196 1408 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

17:39:14.0290 1408 AgereSoftModem - ok

17:39:14.0321 1408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:39:14.0337 1408 agp440 - ok

17:39:14.0352 1408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

17:39:14.0430 1408 ALG - ok

17:39:14.0446 1408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:39:14.0462 1408 aliide - ok

17:39:14.0540 1408 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe

17:39:14.0602 1408 AMD External Events Utility - ok

17:39:14.0633 1408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:39:14.0633 1408 amdide - ok

17:39:14.0664 1408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:39:14.0711 1408 AmdK8 - ok

17:39:14.0742 1408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:39:14.0789 1408 AmdPPM - ok

17:39:14.0852 1408 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:39:14.0852 1408 amdsata - ok

17:39:14.0883 1408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:39:14.0898 1408 amdsbs - ok

17:39:14.0914 1408 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:39:14.0914 1408 amdxata - ok

17:39:14.0945 1408 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:39:15.0023 1408 AppID - ok

17:39:15.0039 1408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

17:39:15.0101 1408 AppIDSvc - ok

17:39:15.0148 1408 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

17:39:15.0195 1408 Appinfo - ok

17:39:15.0288 1408 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:39:15.0304 1408 Apple Mobile Device - ok

17:39:15.0335 1408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:39:15.0351 1408 arc - ok

17:39:15.0366 1408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:39:15.0366 1408 arcsas - ok

17:39:15.0398 1408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:39:15.0460 1408 AsyncMac - ok

17:39:15.0491 1408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:39:15.0507 1408 atapi - ok

17:39:15.0616 1408 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

17:39:15.0663 1408 athr - ok

17:39:15.0803 1408 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys

17:39:15.0819 1408 AtiHdmiService - ok

17:39:16.0162 1408 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys

17:39:16.0271 1408 atikmdag - ok

17:39:16.0443 1408 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

17:39:16.0458 1408 AtiPcie - ok

17:39:16.0521 1408 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

17:39:16.0583 1408 AudioEndpointBuilder - ok

17:39:16.0583 1408 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

17:39:16.0630 1408 AudioSrv - ok

17:39:16.0661 1408 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

17:39:16.0755 1408 AxInstSV - ok

17:39:16.0817 1408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:39:16.0864 1408 b06bdrv - ok

17:39:16.0911 1408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:39:16.0958 1408 b57nd60a - ok

17:39:17.0004 1408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

17:39:17.0051 1408 BDESVC - ok

17:39:17.0067 1408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:39:17.0098 1408 Beep - ok

17:39:17.0301 1408 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120619.001\BHDrvx64.sys

17:39:17.0332 1408 BHDrvx64 - ok

17:39:17.0410 1408 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

17:39:17.0488 1408 BITS - ok

17:39:17.0550 1408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:39:17.0582 1408 blbdrive - ok

17:39:17.0675 1408 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

17:39:17.0691 1408 Bonjour Service - ok

17:39:17.0722 1408 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:39:17.0784 1408 bowser - ok

17:39:17.0816 1408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:39:17.0862 1408 BrFiltLo - ok

17:39:17.0894 1408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:39:17.0909 1408 BrFiltUp - ok

17:39:17.0925 1408 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

17:39:17.0987 1408 Browser - ok

17:39:18.0018 1408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:39:18.0050 1408 Brserid - ok

17:39:18.0081 1408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:39:18.0112 1408 BrSerWdm - ok

17:39:18.0143 1408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:39:18.0174 1408 BrUsbMdm - ok

17:39:18.0190 1408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:39:18.0221 1408 BrUsbSer - ok

17:39:18.0252 1408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:39:18.0284 1408 BTHMODEM - ok

17:39:18.0315 1408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

17:39:18.0346 1408 bthserv - ok

17:39:18.0393 1408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:39:18.0455 1408 cdfs - ok

17:39:18.0502 1408 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:39:18.0533 1408 cdrom - ok

17:39:18.0580 1408 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

17:39:18.0627 1408 CertPropSvc - ok

17:39:18.0674 1408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:39:18.0689 1408 circlass - ok

17:39:18.0720 1408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:39:18.0736 1408 CLFS - ok

17:39:18.0814 1408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:39:18.0830 1408 clr_optimization_v2.0.50727_32 - ok

17:39:18.0876 1408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:39:18.0876 1408 clr_optimization_v2.0.50727_64 - ok

17:39:18.0954 1408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:39:18.0986 1408 clr_optimization_v4.0.30319_32 - ok

17:39:19.0017 1408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:39:19.0032 1408 clr_optimization_v4.0.30319_64 - ok

17:39:19.0064 1408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:39:19.0095 1408 CmBatt - ok

17:39:19.0126 1408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:39:19.0126 1408 cmdide - ok

17:39:19.0188 1408 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

17:39:19.0220 1408 CNG - ok

17:39:19.0329 1408 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

17:39:19.0329 1408 Com4QLBEx - ok

17:39:19.0360 1408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:39:19.0360 1408 Compbatt - ok

17:39:19.0391 1408 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:39:19.0438 1408 CompositeBus - ok

17:39:19.0454 1408 COMSysApp - ok

17:39:19.0469 1408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:39:19.0485 1408 crcdisk - ok

17:39:19.0547 1408 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

17:39:19.0594 1408 CryptSvc - ok

17:39:19.0656 1408 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

17:39:19.0719 1408 DcomLaunch - ok

17:39:19.0766 1408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

17:39:19.0828 1408 defragsvc - ok

17:39:19.0890 1408 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:39:19.0937 1408 DfsC - ok

17:39:19.0984 1408 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

17:39:20.0078 1408 Dhcp - ok

17:39:20.0109 1408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:39:20.0156 1408 discache - ok

17:39:20.0202 1408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:39:20.0218 1408 Disk - ok

17:39:20.0265 1408 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

17:39:20.0296 1408 Dnscache - ok

17:39:20.0327 1408 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

17:39:20.0374 1408 dot3svc - ok

17:39:20.0405 1408 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

17:39:20.0468 1408 DPS - ok

17:39:20.0561 1408 DragonSvc (bb45013a0e6ec0f39be4ef663ff2e993) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

17:39:20.0577 1408 DragonSvc - ok

17:39:20.0592 1408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:39:20.0608 1408 drmkaud - ok

17:39:20.0655 1408 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:39:20.0670 1408 dtsoftbus01 - ok

17:39:20.0764 1408 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:39:20.0780 1408 DXGKrnl - ok

17:39:20.0811 1408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

17:39:20.0873 1408 EapHost - ok

17:39:21.0076 1408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:39:21.0154 1408 ebdrv - ok

17:39:21.0263 1408 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

17:39:21.0279 1408 eeCtrl - ok

17:39:21.0404 1408 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

17:39:21.0497 1408 EFS - ok

17:39:21.0575 1408 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

17:39:21.0653 1408 ehRecvr - ok

17:39:21.0669 1408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

17:39:21.0716 1408 ehSched - ok

17:39:21.0794 1408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:39:21.0809 1408 elxstor - ok

17:39:21.0840 1408 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys

17:39:21.0887 1408 enecir - ok

17:39:21.0918 1408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:39:21.0965 1408 ErrDev - ok

17:39:22.0028 1408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

17:39:22.0074 1408 EventSystem - ok

17:39:22.0090 1408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:39:22.0152 1408 exfat - ok

17:39:22.0184 1408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:39:22.0215 1408 fastfat - ok

17:39:22.0277 1408 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

17:39:22.0324 1408 Fax - ok

17:39:22.0340 1408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:39:22.0386 1408 fdc - ok

17:39:22.0418 1408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

17:39:22.0449 1408 fdPHost - ok

17:39:22.0464 1408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

17:39:22.0527 1408 FDResPub - ok

17:39:22.0558 1408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:39:22.0574 1408 FileInfo - ok

17:39:22.0589 1408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:39:22.0636 1408 Filetrace - ok

17:39:22.0667 1408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:39:22.0698 1408 flpydisk - ok

17:39:22.0761 1408 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:39:22.0761 1408 FltMgr - ok

17:39:22.0854 1408 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

17:39:22.0932 1408 FontCache - ok

17:39:22.0995 1408 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:39:23.0010 1408 FontCache3.0.0.0 - ok

17:39:23.0042 1408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:39:23.0057 1408 FsDepends - ok

17:39:23.0088 1408 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

17:39:23.0104 1408 Fs_Rec - ok

17:39:23.0135 1408 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:39:23.0151 1408 fvevol - ok

17:39:23.0182 1408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:39:23.0198 1408 gagp30kx - ok

17:39:23.0260 1408 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

17:39:23.0276 1408 GameConsoleService - ok

17:39:23.0338 1408 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:39:23.0354 1408 GEARAspiWDM - ok

17:39:23.0416 1408 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

17:39:23.0463 1408 gpsvc - ok

17:39:23.0556 1408 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:39:23.0572 1408 gupdate - ok

17:39:23.0588 1408 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:39:23.0588 1408 gupdatem - ok

17:39:23.0619 1408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:39:23.0666 1408 hcw85cir - ok

17:39:23.0728 1408 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

17:39:23.0759 1408 HdAudAddService - ok

17:39:23.0790 1408 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:39:23.0837 1408 HDAudBus - ok

17:39:23.0853 1408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:39:23.0884 1408 HidBatt - ok

17:39:23.0915 1408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:39:23.0946 1408 HidBth - ok

17:39:23.0993 1408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:39:24.0024 1408 HidIr - ok

17:39:24.0056 1408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

17:39:24.0102 1408 hidserv - ok

17:39:24.0165 1408 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:39:24.0165 1408 HidUsb - ok

17:39:24.0196 1408 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

17:39:24.0258 1408 hkmsvc - ok

17:39:24.0290 1408 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

17:39:24.0336 1408 HomeGroupListener - ok

17:39:24.0368 1408 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

17:39:24.0368 1408 HomeGroupProvider - ok

17:39:24.0477 1408 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

17:39:24.0477 1408 HP Support Assistant Service - ok

17:39:24.0539 1408 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

17:39:24.0555 1408 HPDrvMntSvc.exe - ok

17:39:24.0570 1408 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys

17:39:24.0586 1408 hpdskflt - ok

17:39:24.0695 1408 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

17:39:24.0726 1408 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

17:39:24.0726 1408 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

17:39:24.0773 1408 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

17:39:24.0804 1408 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

17:39:24.0804 1408 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

17:39:24.0851 1408 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

17:39:24.0898 1408 HpqKbFiltr - ok

17:39:24.0992 1408 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

17:39:25.0007 1408 hpqwmiex - ok

17:39:25.0038 1408 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:39:25.0038 1408 HpSAMD - ok

17:39:25.0163 1408 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

17:39:25.0226 1408 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

17:39:25.0226 1408 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

17:39:25.0257 1408 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe

17:39:25.0272 1408 hpsrv - ok

17:39:25.0319 1408 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:39:25.0382 1408 HTTP - ok

17:39:25.0397 1408 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:39:25.0413 1408 hwpolicy - ok

17:39:25.0444 1408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:39:25.0460 1408 i8042prt - ok

17:39:25.0553 1408 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:39:25.0569 1408 iaStorV - ok

17:39:25.0631 1408 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

17:39:25.0662 1408 IDriverT ( UnsignedFile.Multi.Generic ) - warning

17:39:25.0662 1408 IDriverT - detected UnsignedFile.Multi.Generic (1)

17:39:25.0772 1408 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:39:25.0787 1408 idsvc - ok

17:39:26.0006 1408 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120710.001\IDSvia64.sys

17:39:26.0021 1408 IDSVia64 - ok

17:39:26.0427 1408 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:39:26.0536 1408 igfx - ok

17:39:26.0676 1408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:39:26.0676 1408 iirsp - ok

17:39:26.0754 1408 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

17:39:26.0817 1408 IKEEXT - ok

17:39:26.0848 1408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:39:26.0848 1408 intelide - ok

17:39:26.0879 1408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:39:26.0910 1408 intelppm - ok

17:39:26.0957 1408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

17:39:26.0988 1408 IPBusEnum - ok

17:39:27.0020 1408 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:39:27.0066 1408 IpFilterDriver - ok

17:39:27.0098 1408 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:39:27.0113 1408 IPMIDRV - ok

17:39:27.0144 1408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:39:27.0207 1408 IPNAT - ok

17:39:27.0300 1408 iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe

17:39:27.0332 1408 iPod Service - ok

17:39:27.0347 1408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:39:27.0347 1408 IRENUM - ok

17:39:27.0378 1408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:39:27.0378 1408 isapnp - ok

17:39:27.0410 1408 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:39:27.0425 1408 iScsiPrt - ok

17:39:27.0456 1408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:39:27.0472 1408 kbdclass - ok

17:39:27.0488 1408 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:39:27.0519 1408 kbdhid - ok

17:39:27.0550 1408 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:39:27.0566 1408 KeyIso - ok

17:39:27.0612 1408 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

17:39:27.0628 1408 KSecDD - ok

17:39:27.0659 1408 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

17:39:27.0675 1408 KSecPkg - ok

17:39:27.0690 1408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:39:27.0737 1408 ksthunk - ok

17:39:27.0784 1408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

17:39:27.0846 1408 KtmRm - ok

17:39:27.0924 1408 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

17:39:27.0971 1408 LanmanServer - ok

17:39:28.0018 1408 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

17:39:28.0080 1408 LanmanWorkstation - ok

17:39:28.0158 1408 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

17:39:28.0190 1408 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

17:39:28.0190 1408 LightScribeService - detected UnsignedFile.Multi.Generic (1)

17:39:28.0236 1408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:39:28.0283 1408 lltdio - ok

17:39:28.0346 1408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

17:39:28.0408 1408 lltdsvc - ok

17:39:28.0439 1408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

17:39:28.0470 1408 lmhosts - ok

17:39:28.0517 1408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:39:28.0533 1408 LSI_FC - ok

17:39:28.0564 1408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:39:28.0564 1408 LSI_SAS - ok

17:39:28.0580 1408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:39:28.0595 1408 LSI_SAS2 - ok

17:39:28.0611 1408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:39:28.0626 1408 LSI_SCSI - ok

17:39:28.0658 1408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:39:28.0704 1408 luafv - ok

17:39:28.0751 1408 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

17:39:28.0767 1408 Mcx2Svc - ok

17:39:28.0782 1408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:39:28.0798 1408 megasas - ok

17:39:28.0814 1408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:39:28.0829 1408 MegaSR - ok

17:39:28.0876 1408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:39:28.0923 1408 MMCSS - ok

17:39:28.0938 1408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:39:28.0985 1408 Modem - ok

17:39:29.0032 1408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:39:29.0079 1408 monitor - ok

17:39:29.0141 1408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:39:29.0141 1408 mouclass - ok

17:39:29.0172 1408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:39:29.0204 1408 mouhid - ok

17:39:29.0250 1408 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:39:29.0266 1408 mountmgr - ok

17:39:29.0360 1408 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:39:29.0360 1408 MozillaMaintenance - ok

17:39:29.0391 1408 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:39:29.0391 1408 mpio - ok

17:39:29.0422 1408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:39:29.0453 1408 mpsdrv - ok

17:39:29.0484 1408 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:39:29.0516 1408 MRxDAV - ok

17:39:29.0562 1408 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:39:29.0625 1408 mrxsmb - ok

17:39:29.0672 1408 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:39:29.0703 1408 mrxsmb10 - ok

17:39:29.0734 1408 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:39:29.0765 1408 mrxsmb20 - ok

17:39:29.0796 1408 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

17:39:29.0812 1408 msahci - ok

17:39:29.0843 1408 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:39:29.0859 1408 msdsm - ok

17:39:29.0890 1408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

17:39:29.0921 1408 MSDTC - ok

17:39:29.0984 1408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:39:30.0015 1408 Msfs - ok

17:39:30.0030 1408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:39:30.0077 1408 mshidkmdf - ok

17:39:30.0093 1408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:39:30.0108 1408 msisadrv - ok

17:39:30.0124 1408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

17:39:30.0186 1408 MSiSCSI - ok

17:39:30.0186 1408 msiserver - ok

17:39:30.0218 1408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:39:30.0249 1408 MSKSSRV - ok

17:39:30.0264 1408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:39:30.0296 1408 MSPCLOCK - ok

17:39:30.0327 1408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:39:30.0374 1408 MSPQM - ok

17:39:30.0420 1408 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:39:30.0436 1408 MsRPC - ok

17:39:30.0467 1408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:39:30.0467 1408 mssmbios - ok

17:39:30.0483 1408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:39:30.0530 1408 MSTEE - ok

17:39:30.0561 1408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:39:30.0592 1408 MTConfig - ok

17:39:30.0608 1408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:39:30.0623 1408 Mup - ok

17:39:30.0764 1408 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe

17:39:30.0779 1408 N360 - ok

17:39:30.0826 1408 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

17:39:30.0873 1408 napagent - ok

17:39:30.0935 1408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:39:30.0982 1408 NativeWifiP - ok

17:39:31.0122 1408 NAVENG - ok

17:39:31.0154 1408 NAVEX15 - ok

17:39:31.0200 1408 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:39:31.0232 1408 NDIS - ok

17:39:31.0247 1408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:39:31.0278 1408 NdisCap - ok

17:39:31.0310 1408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:39:31.0341 1408 NdisTapi - ok

17:39:31.0372 1408 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:39:31.0419 1408 Ndisuio - ok

17:39:31.0450 1408 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:39:31.0481 1408 NdisWan - ok

17:39:31.0497 1408 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:39:31.0559 1408 NDProxy - ok

17:39:31.0622 1408 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

17:39:31.0653 1408 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

17:39:31.0653 1408 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

17:39:31.0700 1408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:39:31.0762 1408 NetBIOS - ok

17:39:31.0793 1408 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:39:31.0856 1408 NetBT - ok

17:39:31.0887 1408 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:39:31.0902 1408 Netlogon - ok

17:39:31.0949 1408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

17:39:31.0996 1408 Netman - ok

17:39:32.0043 1408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

17:39:32.0105 1408 netprofm - ok

17:39:32.0168 1408 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:39:32.0168 1408 NetTcpPortSharing - ok

17:39:32.0480 1408 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

17:39:32.0589 1408 netw5v64 - ok

17:39:32.0729 1408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:39:32.0729 1408 nfrd960 - ok

17:39:32.0792 1408 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

17:39:32.0838 1408 NlaSvc - ok

17:39:32.0885 1408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:39:32.0932 1408 Npfs - ok

17:39:32.0948 1408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

17:39:32.0994 1408 nsi - ok

17:39:33.0010 1408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:39:33.0041 1408 nsiproxy - ok

17:39:33.0182 1408 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:39:33.0228 1408 Ntfs - ok

17:39:33.0338 1408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:39:33.0384 1408 Null - ok

17:39:33.0447 1408 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:39:33.0462 1408 nvraid - ok

17:39:33.0478 1408 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:39:33.0494 1408 nvstor - ok

17:39:33.0525 1408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:39:33.0540 1408 nv_agp - ok

17:39:33.0650 1408 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:39:33.0665 1408 odserv - ok

17:39:33.0696 1408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:39:33.0728 1408 ohci1394 - ok

17:39:33.0790 1408 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:39:33.0806 1408 ose - ok

17:39:34.0164 1408 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:39:34.0242 1408 osppsvc - ok

17:39:34.0383 1408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:39:34.0445 1408 p2pimsvc - ok

17:39:34.0476 1408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

17:39:34.0508 1408 p2psvc - ok

17:39:34.0570 1408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:39:34.0570 1408 Parport - ok

17:39:34.0632 1408 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

17:39:34.0632 1408 partmgr - ok

17:39:34.0664 1408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

17:39:34.0695 1408 PcaSvc - ok

17:39:34.0742 1408 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:39:34.0757 1408 pci - ok

17:39:34.0788 1408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:39:34.0788 1408 pciide - ok

17:39:34.0820 1408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:39:34.0835 1408 pcmcia - ok

17:39:34.0851 1408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:39:34.0851 1408 pcw - ok

17:39:34.0898 1408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:39:34.0960 1408 PEAUTH - ok

17:39:35.0022 1408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

17:39:35.0116 1408 PerfHost - ok

17:39:35.0225 1408 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

17:39:35.0288 1408 pla - ok

17:39:35.0366 1408 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

17:39:35.0428 1408 PlugPlay - ok

17:39:35.0490 1408 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

17:39:35.0490 1408 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

17:39:35.0490 1408 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

17:39:35.0506 1408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

17:39:35.0522 1408 PNRPAutoReg - ok

17:39:35.0537 1408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:39:35.0553 1408 PNRPsvc - ok

17:39:35.0600 1408 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

17:39:35.0662 1408 PolicyAgent - ok

17:39:35.0709 1408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

17:39:35.0771 1408 Power - ok

17:39:35.0834 1408 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:39:35.0880 1408 PptpMiniport - ok

17:39:35.0912 1408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:39:35.0943 1408 Processor - ok

17:39:35.0990 1408 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

17:39:36.0052 1408 ProfSvc - ok

17:39:36.0083 1408 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:39:36.0099 1408 ProtectedStorage - ok

17:39:36.0114 1408 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:39:36.0146 1408 Psched - ok

17:39:36.0208 1408 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

17:39:36.0224 1408 PSI_SVC_2 - ok

17:39:36.0270 1408 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:39:36.0270 1408 PxHlpa64 - ok

17:39:36.0364 1408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:39:36.0395 1408 ql2300 - ok

17:39:36.0520 1408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:39:36.0536 1408 ql40xx - ok

17:39:36.0567 1408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

17:39:36.0582 1408 QWAVE - ok

17:39:36.0614 1408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:39:36.0645 1408 QWAVEdrv - ok

17:39:36.0676 1408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:39:36.0723 1408 RasAcd - ok

17:39:36.0754 1408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:39:36.0785 1408 RasAgileVpn - ok

17:39:36.0801 1408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

17:39:36.0863 1408 RasAuto - ok

17:39:36.0894 1408 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:39:36.0941 1408 Rasl2tp - ok

17:39:36.0972 1408 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

17:39:37.0035 1408 RasMan - ok

17:39:37.0066 1408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:39:37.0113 1408 RasPppoe - ok

17:39:37.0144 1408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:39:37.0191 1408 RasSstp - ok

17:39:37.0238 1408 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:39:37.0284 1408 rdbss - ok

17:39:37.0316 1408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:39:37.0347 1408 rdpbus - ok

17:39:37.0378 1408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:39:37.0409 1408 RDPCDD - ok

17:39:37.0440 1408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:39:37.0487 1408 RDPENCDD - ok

17:39:37.0503 1408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:39:37.0534 1408 RDPREFMP - ok

17:39:37.0581 1408 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

17:39:37.0628 1408 RDPWD - ok

17:39:37.0659 1408 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:39:37.0674 1408 rdyboost - ok

17:39:37.0721 1408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

17:39:37.0768 1408 RemoteAccess - ok

17:39:37.0815 1408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

17:39:37.0862 1408 RemoteRegistry - ok

17:39:37.0940 1408 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

17:39:37.0955 1408 RichVideo - ok

17:39:37.0971 1408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

17:39:38.0033 1408 RpcEptMapper - ok

17:39:38.0064 1408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

17:39:38.0096 1408 RpcLocator - ok

17:39:38.0142 1408 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

17:39:38.0174 1408 RpcSs - ok

17:39:38.0236 1408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:39:38.0283 1408 rspndr - ok

17:39:38.0330 1408 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys

17:39:38.0345 1408 RSUSBSTOR - ok

17:39:38.0376 1408 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:39:38.0423 1408 RTL8167 - ok

17:39:38.0439 1408 RtsUIR - ok

17:39:38.0470 1408 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:39:38.0470 1408 SamSs - ok

17:39:38.0501 1408 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:39:38.0517 1408 sbp2port - ok

17:39:38.0548 1408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

17:39:38.0579 1408 SCardSvr - ok

17:39:38.0595 1408 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:39:38.0657 1408 scfilter - ok

17:39:38.0735 1408 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

17:39:38.0798 1408 Schedule - ok

17:39:38.0829 1408 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

17:39:38.0860 1408 SCPolicySvc - ok

17:39:38.0891 1408 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

17:39:38.0922 1408 sdbus - ok

17:39:38.0954 1408 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

17:39:39.0016 1408 SDRSVC - ok

17:39:39.0032 1408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:39:39.0078 1408 secdrv - ok

17:39:39.0110 1408 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

17:39:39.0156 1408 seclogon - ok

17:39:39.0188 1408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

17:39:39.0219 1408 SENS - ok

17:39:39.0250 1408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

17:39:39.0297 1408 SensrSvc - ok

17:39:39.0328 1408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:39:39.0359 1408 Serenum - ok

17:39:39.0375 1408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:39:39.0390 1408 Serial - ok

17:39:39.0422 1408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:39:39.0453 1408 sermouse - ok

17:39:39.0515 1408 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

17:39:39.0546 1408 SessionEnv - ok

17:39:39.0562 1408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:39:39.0609 1408 sffdisk - ok

17:39:39.0624 1408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:39:39.0656 1408 sffp_mmc - ok

17:39:39.0687 1408 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:39:39.0702 1408 sffp_sd - ok

17:39:39.0718 1408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:39:39.0749 1408 sfloppy - ok

17:39:39.0812 1408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

17:39:39.0843 1408 SharedAccess - ok

17:39:39.0890 1408 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

17:39:39.0921 1408 ShellHWDetection - ok

17:39:39.0952 1408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:39:39.0952 1408 SiSRaid2 - ok

17:39:39.0983 1408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:39:39.0999 1408 SiSRaid4 - ok

17:39:40.0077 1408 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe

17:39:40.0077 1408 SkypeUpdate - ok

17:39:40.0124 1408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:39:40.0155 1408 Smb - ok

17:39:40.0186 1408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

17:39:40.0217 1408 SNMPTRAP - ok

17:39:40.0358 1408 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

17:39:40.0389 1408 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning

17:39:40.0389 1408 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)

17:39:40.0420 1408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:39:40.0420 1408 spldr - ok

17:39:40.0498 1408 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

17:39:40.0545 1408 Spooler - ok

17:39:40.0748 1408 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

17:39:40.0826 1408 sppsvc - ok

17:39:40.0950 1408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

17:39:40.0997 1408 sppuinotify - ok

17:39:41.0138 1408 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS

17:39:41.0153 1408 SRTSP - ok

17:39:41.0169 1408 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS

17:39:41.0184 1408 SRTSPX - ok

17:39:41.0247 1408 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:39:41.0309 1408 srv - ok

17:39:41.0340 1408 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:39:41.0372 1408 srv2 - ok

17:39:41.0418 1408 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

17:39:41.0434 1408 SrvHsfHDA - ok

17:39:41.0528 1408 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

17:39:41.0543 1408 SrvHsfV92 - ok

17:39:41.0715 1408 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

17:39:41.0730 1408 SrvHsfWinac - ok

17:39:41.0777 1408 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:39:41.0808 1408 srvnet - ok

17:39:41.0840 1408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

17:39:41.0902 1408 SSDPSRV - ok

17:39:41.0918 1408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

17:39:41.0964 1408 SstpSvc - ok

17:39:42.0089 1408 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe

17:39:42.0152 1408 STacSV - ok

17:39:42.0183 1408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:39:42.0198 1408 stexstor - ok

17:39:42.0245 1408 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys

17:39:42.0276 1408 STHDA - ok

17:39:42.0323 1408 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

17:39:42.0370 1408 StillCam - ok

17:39:42.0464 1408 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

17:39:42.0510 1408 stisvc - ok

17:39:42.0542 1408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:39:42.0557 1408 swenum - ok

17:39:42.0698 1408 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

17:39:42.0729 1408 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

17:39:42.0729 1408 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

17:39:42.0760 1408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

17:39:42.0822 1408 swprv - ok

17:39:42.0932 1408 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS

17:39:42.0947 1408 SymDS - ok

17:39:43.0025 1408 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS

17:39:43.0041 1408 SymEFA - ok

17:39:43.0088 1408 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

17:39:43.0103 1408 SymEvent - ok

17:39:43.0119 1408 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS

17:39:43.0119 1408 SymIRON - ok

17:39:43.0166 1408 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS

17:39:43.0181 1408 SymNetS - ok

17:39:43.0228 1408 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys

17:39:43.0228 1408 SynTP - ok

17:39:43.0337 1408 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

17:39:43.0400 1408 SysMain - ok

17:39:43.0524 1408 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

17:39:43.0540 1408 TabletInputService - ok

17:39:43.0556 1408 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

17:39:43.0618 1408 TapiSrv - ok

17:39:43.0634 1408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

17:39:43.0665 1408 TBS - ok

17:39:43.0836 1408 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

17:39:43.0868 1408 Tcpip - ok

17:39:44.0070 1408 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

17:39:44.0102 1408 TCPIP6 - ok

17:39:44.0226 1408 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:39:44.0258 1408 tcpipreg - ok

17:39:44.0273 1408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:39:44.0320 1408 TDPIPE - ok

17:39:44.0367 1408 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

17:39:44.0429 1408 TDTCP - ok

17:39:44.0476 1408 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:39:44.0538 1408 tdx - ok

17:39:44.0570 1408 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:39:44.0585 1408 TermDD - ok

17:39:44.0648 1408 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

17:39:44.0710 1408 TermService - ok

17:39:44.0741 1408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

17:39:44.0772 1408 Themes - ok

17:39:44.0804 1408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:39:44.0835 1408 THREADORDER - ok

17:39:44.0850 1408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

17:39:44.0897 1408 TrkWks - ok

17:39:44.0960 1408 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

17:39:44.0975 1408 TrustedInstaller - ok

17:39:45.0006 1408 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:39:45.0038 1408 tssecsrv - ok

17:39:45.0069 1408 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:39:45.0100 1408 tunnel - ok

17:39:45.0131 1408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:39:45.0147 1408 uagp35 - ok

17:39:45.0162 1408 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

17:39:45.0225 1408 udfs - ok

17:39:45.0287 1408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

17:39:45.0287 1408 UI0Detect - ok

17:39:45.0318 1408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:39:45.0334 1408 uliagpkx - ok

17:39:45.0365 1408 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:39:45.0396 1408 umbus - ok

17:39:45.0443 1408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:39:45.0474 1408 UmPass - ok

17:39:45.0506 1408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

17:39:45.0568 1408 upnphost - ok

17:39:45.0615 1408 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

17:39:45.0662 1408 USBAAPL64 - ok

17:39:45.0708 1408 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

17:39:45.0740 1408 usbaudio - ok

17:39:45.0786 1408 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

17:39:45.0833 1408 usbccgp - ok

17:39:45.0833 1408 USBCCID - ok

17:39:45.0880 1408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:39:45.0911 1408 usbcir - ok

17:39:45.0942 1408 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

17:39:45.0958 1408 usbehci - ok

17:39:46.0005 1408 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys

17:39:46.0020 1408 usbfilter - ok

17:39:46.0067 1408 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

17:39:46.0098 1408 usbhub - ok

17:39:46.0130 1408 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

17:39:46.0145 1408 usbohci - ok

17:39:46.0192 1408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:39:46.0223 1408 usbprint - ok

17:39:46.0254 1408 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:39:46.0301 1408 usbscan - ok

17:39:46.0348 1408 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:39:46.0410 1408 USBSTOR - ok

17:39:46.0426 1408 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

17:39:46.0426 1408 usbuhci - ok

17:39:46.0488 1408 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

17:39:46.0535 1408 usbvideo - ok

17:39:46.0566 1408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

17:39:46.0613 1408 UxSms - ok

17:39:46.0660 1408 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:39:46.0660 1408 VaultSvc - ok

17:39:46.0691 1408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:39:46.0707 1408 vdrvroot - ok

17:39:46.0738 1408 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

17:39:46.0785 1408 vds - ok

17:39:46.0816 1408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:39:46.0832 1408 vga - ok

17:39:46.0832 1408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:39:46.0894 1408 VgaSave - ok

17:39:46.0925 1408 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:39:46.0941 1408 vhdmp - ok

17:39:46.0941 1408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:39:46.0941 1408 viaide - ok

17:39:46.0956 1408 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:39:46.0972 1408 volmgr - ok

17:39:47.0019 1408 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:39:47.0034 1408 volmgrx - ok

17:39:47.0066 1408 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:39:47.0066 1408 volsnap - ok

17:39:47.0097 1408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:39:47.0097 1408 vsmraid - ok

17:39:47.0206 1408 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

17:39:47.0237 1408 VSS - ok

17:39:47.0362 1408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:39:47.0393 1408 vwifibus - ok

17:39:47.0440 1408 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:39:47.0471 1408 vwififlt - ok

17:39:47.0518 1408 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:39:47.0518 1408 vwifimp - ok

17:39:47.0580 1408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

17:39:47.0612 1408 W32Time - ok

17:39:47.0643 1408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:39:47.0658 1408 WacomPen - ok

17:39:47.0705 1408 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:39:47.0752 1408 WANARP - ok

17:39:47.0768 1408 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:39:47.0799 1408 Wanarpv6 - ok

17:39:47.0908 1408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

17:39:47.0939 1408 WatAdminSvc - ok

17:39:48.0048 1408 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

17:39:48.0111 1408 wbengine - ok

17:39:48.0236 1408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

17:39:48.0251 1408 WbioSrvc - ok

17:39:48.0314 1408 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

17:39:48.0360 1408 wcncsvc - ok

17:39:48.0392 1408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

17:39:48.0438 1408 WcsPlugInService - ok

17:39:48.0470 1408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:39:48.0485 1408 Wd - ok

17:39:48.0548 1408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:39:48.0563 1408 Wdf01000 - ok

17:39:48.0594 1408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:39:48.0626 1408 WdiServiceHost - ok

17:39:48.0641 1408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:39:48.0657 1408 WdiSystemHost - ok

17:39:48.0704 1408 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

17:39:48.0750 1408 WebClient - ok

17:39:48.0797 1408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

17:39:48.0844 1408 Wecsvc - ok

17:39:48.0875 1408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

17:39:48.0906 1408 wercplsupport - ok

17:39:48.0922 1408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

17:39:48.0953 1408 WerSvc - ok

17:39:49.0000 1408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:39:49.0031 1408 WfpLwf - ok

17:39:49.0047 1408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:39:49.0047 1408 WIMMount - ok

17:39:49.0047 1408 WinHttpAutoProxySvc - ok

17:39:49.0125 1408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

17:39:49.0172 1408 Winmgmt - ok

17:39:49.0296 1408 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

17:39:49.0374 1408 WinRM - ok

17:39:49.0562 1408 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

17:39:49.0593 1408 WinUsb - ok

17:39:49.0671 1408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

17:39:49.0718 1408 Wlansvc - ok

17:39:49.0936 1408 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:39:49.0983 1408 wlidsvc - ok

17:39:50.0123 1408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:39:50.0123 1408 WmiAcpi - ok

17:39:50.0186 1408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

17:39:50.0232 1408 wmiApSrv - ok

17:39:50.0264 1408 WMPNetworkSvc - ok

17:39:50.0295 1408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

17:39:50.0310 1408 WPCSvc - ok

17:39:50.0310 1408 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

17:39:50.0373 1408 WPDBusEnum - ok

17:39:50.0404 1408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:39:50.0435 1408 ws2ifsl - ok

17:39:50.0435 1408 WSearch - ok

17:39:50.0622 1408 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

17:39:50.0669 1408 wuauserv - ok

17:39:50.0794 1408 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

17:39:50.0841 1408 WudfPf - ok

17:39:50.0903 1408 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:39:50.0934 1408 WUDFRd - ok

17:39:50.0966 1408 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

17:39:51.0012 1408 wudfsvc - ok

17:39:51.0059 1408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

17:39:51.0122 1408 WwanSvc - ok

17:39:51.0200 1408 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

17:39:51.0231 1408 yukonw7 - ok

17:39:51.0340 1408 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

17:39:51.0356 1408 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok

17:39:51.0356 1408 MBR (0x1B8) (1d82abe77c362645e4648d325ba8c970) \Device\Harddisk0\DR0

17:39:51.0418 1408 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

17:39:51.0418 1408 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

17:39:52.0011 1408 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:39:52.0011 1408 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:39:52.0042 1408 Boot (0x1200) (99f07bea3cdf0e25d455c84cb3ca09fc) \Device\Harddisk0\DR0\Partition0

17:39:52.0042 1408 \Device\Harddisk0\DR0\Partition0 - ok

17:39:52.0058 1408 Boot (0x1200) (1c8aab63049b06ae57a2bc99b0526d3d) \Device\Harddisk0\DR0\Partition1

17:39:52.0058 1408 \Device\Harddisk0\DR0\Partition1 - ok

17:39:52.0089 1408 Boot (0x1200) (d0dc491fb66bcc9631bd07040655ba11) \Device\Harddisk0\DR0\Partition2

17:39:52.0089 1408 \Device\Harddisk0\DR0\Partition2 - ok

17:39:52.0089 1408 ============================================================

17:39:52.0089 1408 Scan finished

17:39:52.0089 1408 ============================================================

17:39:52.0089 0344 Detected object count: 11

17:39:52.0089 0344 Actual detected object count: 11

17:41:00.0323 0344 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0323 0344 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0323 0344 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0323 0344 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0339 0344 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0339 0344 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0355 0344 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0355 0344 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0370 0344 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0370 0344 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0386 0344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0386 0344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0401 0344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0401 0344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0417 0344 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0417 0344 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:00.0433 0344 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:00.0433 0344 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:01.0181 0344 \Device\Harddisk0\DR0\# - copied to quarantine

17:41:01.0181 0344 \Device\Harddisk0\DR0 - copied to quarantine

17:41:01.0244 0344 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

17:41:01.0244 0344 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

17:41:01.0259 0344 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

17:41:01.0275 0344 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

17:41:01.0275 0344 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

17:41:01.0291 0344 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

17:41:01.0291 0344 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

17:41:01.0291 0344 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

17:41:01.0291 0344 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

17:41:01.0291 0344 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

17:41:01.0306 0344 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

17:41:01.0306 0344 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

17:41:01.0306 0344 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

17:41:01.0337 0344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

17:41:01.0400 0344 \Device\Harddisk0\DR0 - ok

17:41:02.0071 0344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

17:41:02.0071 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:41:02.0071 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:41:21.0134 1536 Deinitialize success

Malware log

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.26.15

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Nick :: NICK-PC [administrator]

7/26/2012 5:50:52 PM

mbam-log-2012-07-26 (17-50-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218479

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Users\Nick\AppData\Local\Babylon\ATI\bkefddlrv.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

Registry Keys Detected: 3

HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ATI (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\Nick\AppData\Local\Babylon\ATI\bkefddlrv.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Nick\Downloads\ffdshow_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Nick\AppData\Local\Babylon\ATI\bkefddlrv.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

(end)

[Maniac]

Step 1

Please re-run TDSSKiller, but this time use Delete option for this entry:

17:41:02.0071 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:41:02.0071 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[andersns]

I think I killed the virus. here is the combofix log. thnks

ComboFix 12-07-27.03 - Nick 07/28/2012 21:59:02.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1879 [GMT -4:00]

Running from: c:\users\Nick\Downloads\ComboFix.exe

AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\videos\HP MediaSmart Demo.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))

.

.

2012-07-29 02:08 . 2012-07-29 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-27 05:49 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-26 21:54 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-07-26 21:41 . 2012-07-28 20:42 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-24 20:01 . 2012-07-24 20:01 -------- d-----w- C:\06b8f91deb8dbc8898fc50dc08a7c9

2012-07-24 19:51 . 2012-07-24 19:51 -------- d-----w- c:\windows\Sun

2012-07-24 19:42 . 2012-07-26 20:14 -------- d-----w- c:\program files (x86)\PC Tools

2012-07-24 19:38 . 2012-07-27 00:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-07-24 19:37 . 2012-07-24 19:37 -------- d-----w- c:\users\Nick\AppData\Roaming\TestApp

2012-07-24 18:46 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-07-23 21:12 . 2012-07-23 21:12 -------- d-----w- c:\users\Nick\AppData\Local\Macromedia

2012-07-14 21:14 . 2012-07-14 21:14 -------- d-----w- c:\program files (x86)\EA GAMES

2012-07-10 22:04 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-02 00:48 . 2012-07-26 21:53 -------- d-----w- c:\users\Guest

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 05:43 . 2010-08-03 19:58 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2011-05-09 01:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-23 19:05 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-23 19:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-23 19:05 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-23 19:05 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-23 19:05 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-23 19:05 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-23 19:05 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-23 19:04 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-23 19:04 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-04 10:52 . 2012-06-12 22:33 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-12 22:33 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-12 22:33 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32 . 2012-06-12 22:33 208896 ----a-w- c:\windows\system32\profsvc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-03 2736736]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]

2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-06-03 22:24 2736736 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-03 2736736]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"Facebook Update"="c:\users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-27 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-10-22 202256]

"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-29 113120]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002_97\BHDrvx64.sys [2012-07-11 1161376]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-28 283200]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120727.001\IDSvia64.sys [2012-07-26 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/04/20 01:27];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-03 05:38 146928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2011-01-11 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-26 138912]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3617824257-3243041365-1295750767-1001Core.job

- c:\users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-07 00:37]

.

2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3617824257-3243041365-1295750767-1001UA.job

- c:\users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-07 00:37]

.

2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 01:33]

.

2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 01:33]

.

2012-07-08 c:\windows\Tasks\HPCeeScheduleForNick.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-31 171520]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-11 487424]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?AF=109930&babsrc=HP_ss&mntrId=f0bb93c900000000000078e4002394c1

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\j4uk2a1x.default\

FF - prefs.js: browser.startup.homepage - hxxps://myservices.timewarnercable.com/account/sharing/|https://video.timewarnercable.com/services.cfm?activity=schedule

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109930

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - f0bb93c900000000000078e4002394c1

FF - user.js: extensions.BabylonToolbar_i.hardId - f0bb93c900000000000078e4002394c1

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15414

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:09

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\05\0e\11'\0er"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2012-07-28 22:18:44 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-29 02:18

.

Pre-Run: 252,104,466,432 bytes free

Post-Run: 251,758,825,472 bytes free

.

- - End Of File - - FE24E0C878507E1D3CCFC9E5A70B5B5C

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files (x86)\OApps\bho_project.dll

Folder::
c:\program files (x86)\Vuze_Remote

Registry::
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-

DDS::
uStart Page = hxxp://search.babylon.com/?AF=109930&babsrc=HP_ss&mntrId=f0bb93c900000000000078e4002394c1

FireFox::
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\j4uk2a1x.default\
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - f0bb93c900000000000078e4002394c1
FF - user.js: extensions.BabylonToolbar_i.hardId - f0bb93c900000000000078e4002394c1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15414
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!