Jump to content

FBI Virus & Safe Mode White Screen

SneakyFish
 Share

Recommended Posts

SneakyFish

SneakyFish

Posted
Posted

I got the FBI virus last night and need some help. I've read several threads and have the frst.txt file already. Please advise on what I need to do next.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013
Ran by SYSTEM on 16-07-2013 21:15:49
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] -  [x]
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-09-29] (DigitalPersona, Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)
HKU\Perry\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Perry\...\Run: [AdobeBridge] -  [x]
HKU\Perry\...\Run: [Downloaded Installations] - rundll32 "C:\Users\Perry\AppData\Local\VirtualStore\Downloaded Installations\nhoc.dll",DllRegisterServer [x] <===== ATTENTION
HKU\Perry\...\Run: [Macrovision] - Regsvr32.exe C:\Users\Perry\AppData\Local\Macrovision\nzbjdmqa.dll [x] <===== ATTENTION
HKU\Perry\...\Run: [imagenDll32] - rundll32.exe "C:\Users\Perry\AppData\Roaming\imagenDll32\imagenDll32.dll",LibCrypt_x86 diPadInterval [x] <===== ATTENTION
HKU\Perry\...\Winlogon: [shell] explorer.exe,C:\Users\Perry\AppData\Roaming\cache.dat <==== ATTENTION
Lsa: [Notification Packages] scecli DPPWDFLT

========================== Services (Whitelisted) =================

S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1811704 2009-09-11] (AuthenTec, Inc.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-22] (Microsoft Corporation)
S2 N360; C:\Program Files\Norton Security Suite\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
S3 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
S3 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2011-08-02] (Rovi Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-06-19] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvix86.sys [386720 2013-02-14] (Symantec Corporation)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39064 2011-04-30] (Logitech, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130715.003\NAVENG.SYS [93272 2013-06-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130715.003\NAVEX15.SYS [1611992 2013-06-19] (Symantec Corporation)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1403010.016\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1403010.016\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-02-13] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1403010.016\SYMTDIV.SYS [350368 2012-07-22] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S4 eabfiltr;
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-16 21:15 - 2013-07-16 21:15 - 00000000 ____D C:\FRST
2013-07-15 19:41 - 2013-07-16 02:14 - 00000004 _____ C:\Users\Perry\AppData\Roaming\cache.ini
2013-07-11 02:53 - 2013-05-28 17:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 02:53 - 2013-05-28 17:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-11 02:53 - 2013-05-28 17:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 02:53 - 2013-05-28 17:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-11 02:53 - 2013-05-28 17:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 02:53 - 2013-05-28 17:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 02:53 - 2013-05-28 17:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-11 02:53 - 2013-05-28 17:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 02:53 - 2013-05-28 17:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-11 02:53 - 2013-05-28 17:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-11 02:53 - 2013-05-28 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-11 02:53 - 2013-05-28 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 02:53 - 2013-05-28 17:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 02:53 - 2013-05-28 17:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 02:53 - 2013-05-28 17:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-11 02:53 - 2013-05-28 17:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 02:14 - 2013-06-03 17:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 02:14 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 02:14 - 2013-05-07 20:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 02:14 - 2013-04-17 03:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-11 02:14 - 2013-04-17 03:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-11 02:14 - 2013-04-17 03:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-11 02:14 - 2013-04-17 03:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-11 02:14 - 2013-04-17 02:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-11 02:14 - 2013-04-17 02:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-11 02:14 - 2013-04-17 02:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-11 02:14 - 2013-04-17 02:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-11 02:14 - 2013-04-17 02:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-04 13:47 - 2013-07-04 13:47 - 00000000 ____D C:\Users\Perry\AppData\Roaming\imagenDll32
2013-07-03 12:33 - 2013-07-05 01:56 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Macrovision
2013-07-03 12:33 - 2013-07-05 01:56 - 00000000 ____D C:\Users\Perry\AppData\Local\Macrovision
2013-07-01 15:17 - 2013-07-01 15:17 - 00000000 _____ C:\ProgramData\Help
2013-06-23 13:06 - 2013-06-23 13:12 - 00008796 _____ C:\Users\Perry\Documents\Subaru STI.xlsx

==================== One Month Modified Files and Folders =======

2013-07-16 21:15 - 2013-07-16 21:15 - 00000000 ____D C:\FRST
2013-07-16 02:14 - 2013-07-15 19:41 - 00000004 _____ C:\Users\Perry\AppData\Roaming\cache.ini
2013-07-16 02:14 - 2009-06-26 14:03 - 00048175 _____ C:\ProgramData\nvModes.dat
2013-07-16 02:14 - 2009-06-26 14:03 - 00048175 _____ C:\ProgramData\nvModes.001
2013-07-16 02:14 - 2008-01-04 12:11 - 02051593 _____ C:\Windows\WindowsUpdate.log
2013-07-16 02:14 - 2008-01-04 12:11 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-16 02:14 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 02:14 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 02:12 - 2010-02-02 17:46 - 00007808 _____ C:\Users\Perry\Local Settings\Application Data\d3d9caps.dat
2013-07-16 02:12 - 2010-02-02 17:46 - 00007808 _____ C:\Users\Perry\AppData\Local\d3d9caps.dat
2013-07-16 02:10 - 2010-04-02 18:40 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\CrashDumps
2013-07-16 02:10 - 2010-04-02 18:40 - 00000000 ____D C:\Users\Perry\AppData\Local\CrashDumps
2013-07-15 20:00 - 2006-11-02 02:33 - 00850018 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-15 15:55 - 2011-09-28 14:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-15 13:56 - 2009-06-26 17:46 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Adobe
2013-07-15 13:56 - 2009-06-26 17:46 - 00000000 ____D C:\Users\Perry\AppData\Local\Adobe
2013-07-14 19:09 - 2010-07-25 08:01 - 00075264 _____ C:\Users\Perry\Documents\Books.xlsx
2013-07-14 18:43 - 2009-06-25 15:24 - 00000000 ___RD C:\Users\Perry\Desktop
2013-07-12 23:01 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 14:08 - 2006-11-02 04:47 - 03747448 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 14:06 - 2009-06-29 13:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 03:18 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-07-11 02:57 - 2006-11-02 02:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-07-11 02:56 - 2007-11-26 23:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 02:39 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 02:00 - 2007-11-26 23:08 - 00774022 _____ C:\Windows\PFRO.log
2013-07-10 13:46 - 2007-11-26 23:13 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-07-10 02:10 - 2012-07-09 19:13 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-10 02:10 - 2011-05-13 01:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-05 01:56 - 2013-07-03 12:33 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Macrovision
2013-07-05 01:56 - 2013-07-03 12:33 - 00000000 ____D C:\Users\Perry\AppData\Local\Macrovision
2013-07-04 13:47 - 2013-07-04 13:47 - 00000000 ____D C:\Users\Perry\AppData\Roaming\imagenDll32
2013-07-03 13:16 - 2012-04-12 07:10 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT
2013-07-03 12:33 - 2009-06-25 15:37 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\VirtualStore
2013-07-03 12:33 - 2009-06-25 15:37 - 00000000 ____D C:\Users\Perry\AppData\Local\VirtualStore
2013-07-01 15:20 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-01 15:17 - 2013-07-01 15:17 - 00000000 _____ C:\ProgramData\Help
2013-07-01 15:17 - 2012-08-25 05:52 - 00000268 ___RH C:\Users\Perry\AppData\Roaming\Keyboard Layouts
2013-07-01 15:17 - 2012-08-25 05:52 - 00000020 ____H C:\ProgramData\PKP_DLeo.DAT
2013-07-01 15:17 - 2012-08-25 05:52 - 00000012 ___RH C:\ProgramData\PPD Plugins
2013-07-01 15:17 - 2012-04-12 07:10 - 00000268 ___RH C:\ProgramData\Legacy
2013-07-01 15:17 - 2009-06-25 15:30 - 00000000 ____D C:\Users\Perry\Local Settings\Application Data\Downloaded Installations
2013-07-01 15:17 - 2009-06-25 15:30 - 00000000 ____D C:\Users\Perry\AppData\Local\Downloaded Installations
2013-06-26 14:26 - 2011-12-24 14:09 - 00020992 _____ C:\Users\Perry\Documents\Firearms.xlsx
2013-06-23 13:12 - 2013-06-23 13:06 - 00008796 _____ C:\Users\Perry\Documents\Subaru STI.xlsx

Files to move or delete:
====================
C:\Users\Perry\AppData\Roaming\cache.dat
C:\Users\Perry\AppData\Roaming\cache.ini
C:\ProgramData\nvModes.dat

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4093.63 MB
Available physical RAM: 3505.3 MB
Total Pagefile: 3777.96 MB
Available Pagefile: 3587.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:184.06 GB) (Free:34.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.29 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.76 GB) (Free:1.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 097E097E)
Partition 1: (Active) - (Size=184 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-07-15 20:19

==================== End Of Log ============================

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello SneakyFish and welcome to Malwarebytes!

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKU\Perry\...\Run: [Downloaded Installations] - rundll32 "C:\Users\Perry\AppData\Local\VirtualStore\Downloaded Installations\nhoc.dll",DllRegisterServer [x] <===== ATTENTION

HKU\Perry\...\Run: [Macrovision] - Regsvr32.exe C:\Users\Perry\AppData\Local\Macrovision\nzbjdmqa.dll [x] <===== ATTENTION

HKU\Perry\...\Run: [imagenDll32] - rundll32.exe "C:\Users\Perry\AppData\Roaming\imagenDll32\imagenDll32.dll",LibCrypt_x86 diPadInterval [x] <===== ATTENTION

HKU\Perry\...\Winlogon: [shell] explorer.exe,C:\Users\Perry\AppData\Roaming\cache.dat <==== ATTENTION

C:\Users\Perry\AppData\Roaming\cache.dat

C:\Users\Perry\AppData\Roaming\cache.ini

C:\ProgramData\nvModes.dat

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites
SneakyFish

SneakyFish

Posted
  • Author
Posted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-07-2013
Ran by SYSTEM at 2013-07-16 22:11:44 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

HKU\Perry\Software\Microsoft\Windows\CurrentVersion\Run\\Downloaded Installations => Value deleted successfully.
HKU\Perry\Software\Microsoft\Windows\CurrentVersion\Run\\Macrovision => Value deleted successfully.
HKU\Perry\Software\Microsoft\Windows\CurrentVersion\Run\\imagenDll32 => Value deleted successfully.
HKU\Perry\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Perry\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Perry\AppData\Roaming\cache.ini => Moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.

==== End of Fixlog ====

 

DFB you are a life saver! I am able to get in and it did not white screen. What's next on the list?

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Glad to hear you can boot. Let's start getting rid of the rest of it.
 

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites
SneakyFish

SneakyFish

Posted
  • Author
Posted

Hey DFB sorry for the delayed reply. Was at work all day.

 

Here is the log for TDSSKiller:


22:20:00.0007 5896  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
22:20:00.0631 5896  ============================================================
22:20:00.0631 5896  Current date / time: 2013/07/16 22:20:00.0631
22:20:00.0631 5896  SystemInfo:
22:20:00.0631 5896 
22:20:00.0631 5896  OS Version: 6.0.6002 ServicePack: 2.0
22:20:00.0631 5896  Product type: Workstation
22:20:00.0631 5896  ComputerName: PERRY-PC
22:20:00.0631 5896  UserName: Perry
22:20:00.0631 5896  Windows directory: C:\Windows
22:20:00.0631 5896  System windows directory: C:\Windows
22:20:00.0631 5896  Processor architecture: Intel x86
22:20:00.0631 5896  Number of processors: 2
22:20:00.0631 5896  Page size: 0x1000
22:20:00.0631 5896  Boot type: Normal boot
22:20:00.0631 5896  ============================================================
22:20:01.0177 5896  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:20:01.0177 5896  ============================================================
22:20:01.0177 5896  \Device\Harddisk0\DR0:
22:20:01.0177 5896  MBR partitions:
22:20:01.0177 5896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17020A9D
22:20:01.0177 5896  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B92D57C, BlocksNum 0x1897005
22:20:01.0208 5896  ============================================================
22:20:01.0302 5896  C: <-> \Device\Harddisk0\DR0\Partition1
22:20:01.0333 5896  D: <-> \Device\Harddisk0\DR0\Partition2
22:20:01.0348 5896  ============================================================
22:20:01.0348 5896  Initialize success
22:20:01.0348 5896  ============================================================
22:20:06.0262 6112  ============================================================
22:20:06.0262 6112  Scan started
22:20:06.0262 6112  Mode: Manual;
22:20:06.0262 6112  ============================================================
22:20:08.0087 6112  ================ Scan system memory ========================
22:20:08.0087 6112  System memory - ok
22:20:08.0087 6112  ================ Scan services =============================
22:20:08.0524 6112  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:20:08.0524 6112  ACPI - ok
22:20:08.0680 6112  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:20:08.0696 6112  AdobeARMservice - ok
22:20:08.0789 6112  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:08.0789 6112  AdobeFlashPlayerUpdateSvc - ok
22:20:08.0898 6112  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:20:08.0898 6112  adp94xx - ok
22:20:08.0945 6112  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:20:08.0945 6112  adpahci - ok
22:20:08.0992 6112  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:20:09.0008 6112  adpu160m - ok
22:20:09.0039 6112  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:20:09.0039 6112  adpu320 - ok
22:20:09.0086 6112  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:20:09.0086 6112  AeLookupSvc - ok
22:20:09.0148 6112  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:20:09.0164 6112  AFD - ok
22:20:09.0257 6112  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:20:09.0288 6112  agp440 - ok
22:20:09.0304 6112  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:20:09.0320 6112  aic78xx - ok
22:20:09.0351 6112  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:20:09.0351 6112  ALG - ok
22:20:09.0366 6112  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:20:09.0366 6112  aliide - ok
22:20:09.0398 6112  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:20:09.0398 6112  amdagp - ok
22:20:09.0413 6112  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
22:20:09.0429 6112  amdide - ok
22:20:09.0429 6112  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:20:09.0444 6112  AmdK7 - ok
22:20:09.0444 6112  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:20:09.0444 6112  AmdK8 - ok
22:20:09.0507 6112  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:20:09.0507 6112  Appinfo - ok
22:20:09.0600 6112  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:09.0632 6112  Apple Mobile Device - ok
22:20:09.0647 6112  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
22:20:09.0663 6112  arc - ok
22:20:09.0710 6112  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:20:09.0710 6112  arcsas - ok
22:20:09.0819 6112  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:20:09.0819 6112  aspnet_state - ok
22:20:09.0866 6112  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:20:09.0866 6112  AsyncMac - ok
22:20:09.0897 6112  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:20:09.0897 6112  atapi - ok
22:20:10.0240 6112  [ 4FEE29D288226C9252E49A3277F025C3 ] ATService       C:\Program Files\Fingerprint Sensor\AtService.exe
22:20:10.0302 6112  ATService - ok
22:20:10.0380 6112  [ 53FF3096D5D9AE2A75C16703A9819965 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
22:20:10.0396 6112  ATSwpWDF - ok
22:20:10.0458 6112  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:20:10.0458 6112  AudioEndpointBuilder - ok
22:20:10.0474 6112  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:20:10.0474 6112  Audiosrv - ok
22:20:10.0630 6112  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
22:20:10.0630 6112  BCM43XV - ok
22:20:10.0692 6112  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:20:10.0692 6112  Beep - ok
22:20:10.0724 6112  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:20:10.0739 6112  BFE - ok
22:20:11.0192 6112  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx86.sys
22:20:11.0192 6112  BHDrvx86 - ok
22:20:11.0269 6112  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:20:11.0285 6112  BITS - ok
22:20:11.0285 6112  blbdrive - ok
22:20:11.0394 6112  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:20:11.0394 6112  Bonjour Service - ok
22:20:11.0425 6112  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:20:11.0425 6112  bowser - ok
22:20:11.0472 6112  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:20:11.0472 6112  BrFiltLo - ok
22:20:11.0488 6112  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:20:11.0488 6112  BrFiltUp - ok
22:20:11.0519 6112  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:20:11.0519 6112  Browser - ok
22:20:11.0550 6112  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:20:11.0566 6112  Brserid - ok
22:20:11.0566 6112  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:20:11.0566 6112  BrSerWdm - ok
22:20:11.0566 6112  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:20:11.0581 6112  BrUsbMdm - ok
22:20:11.0628 6112  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:20:11.0628 6112  BrUsbSer - ok
22:20:11.0675 6112  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
22:20:11.0675 6112  BthEnum - ok
22:20:11.0706 6112  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:20:11.0706 6112  BTHMODEM - ok
22:20:11.0753 6112  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:20:11.0753 6112  BthPan - ok
22:20:11.0815 6112  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:20:11.0847 6112  BTHPORT - ok
22:20:11.0909 6112  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
22:20:11.0909 6112  BthServ - ok
22:20:11.0925 6112  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:20:11.0925 6112  BTHUSB - ok
22:20:11.0987 6112  [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:20:12.0003 6112  btwaudio - ok
22:20:12.0018 6112  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
22:20:12.0018 6112  btwavdt - ok
22:20:12.0034 6112  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:20:12.0065 6112  btwrchid - ok
22:20:12.0174 6112  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys
22:20:12.0174 6112  ccSet_N360 - ok
22:20:12.0237 6112  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:20:12.0237 6112  cdfs - ok
22:20:12.0268 6112  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:20:12.0268 6112  cdrom - ok
22:20:12.0330 6112  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:20:12.0330 6112  CertPropSvc - ok
22:20:12.0346 6112  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:20:12.0361 6112  circlass - ok
22:20:12.0393 6112  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:20:12.0408 6112  CLFS - ok
22:20:12.0517 6112  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:12.0517 6112  clr_optimization_v2.0.50727_32 - ok
22:20:12.0549 6112  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:12.0549 6112  clr_optimization_v4.0.30319_32 - ok
22:20:12.0611 6112  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:20:12.0611 6112  CmBatt - ok
22:20:12.0642 6112  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:20:12.0642 6112  cmdide - ok
22:20:12.0720 6112  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:20:12.0736 6112  Com4QLBEx - ok
22:20:12.0767 6112  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:20:12.0783 6112  Compbatt - ok
22:20:12.0783 6112  COMSysApp - ok
22:20:12.0798 6112  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:20:12.0798 6112  crcdisk - ok
22:20:12.0814 6112  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:20:12.0814 6112  Crusoe - ok
22:20:12.0861 6112  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:20:12.0861 6112  CryptSvc - ok
22:20:12.0954 6112  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:20:12.0954 6112  DcomLaunch - ok
22:20:13.0001 6112  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:20:13.0032 6112  DfsC - ok
22:20:13.0204 6112  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:20:13.0266 6112  DFSR - ok
22:20:13.0329 6112  [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
22:20:13.0329 6112  dg_ssudbus - ok
22:20:13.0391 6112  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:20:13.0391 6112  Dhcp - ok
22:20:13.0422 6112  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:20:13.0422 6112  disk - ok
22:20:13.0469 6112  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:20:13.0469 6112  Dnscache - ok
22:20:13.0516 6112  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:20:13.0547 6112  dot3svc - ok
22:20:13.0578 6112  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:20:13.0594 6112  Dot4 - ok
22:20:13.0609 6112  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:20:13.0609 6112  Dot4Print - ok
22:20:13.0625 6112  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:20:13.0625 6112  dot4usb - ok
22:20:13.0703 6112  [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
22:20:13.0719 6112  DpHost - ok
22:20:13.0797 6112  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:20:13.0797 6112  DPS - ok
22:20:13.0843 6112  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:20:13.0843 6112  drmkaud - ok
22:20:13.0906 6112  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:20:13.0906 6112  DXGKrnl - ok
22:20:13.0953 6112  [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
22:20:13.0953 6112  E100B - ok
22:20:13.0984 6112  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:20:13.0984 6112  E1G60 - ok
22:20:14.0031 6112  EagleNT - ok
22:20:14.0062 6112  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:20:14.0062 6112  EapHost - ok
22:20:14.0109 6112  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:20:14.0109 6112  Ecache - ok
22:20:14.0249 6112  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:20:14.0249 6112  eeCtrl - ok
22:20:14.0311 6112  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:20:14.0327 6112  ehRecvr - ok
22:20:14.0343 6112  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:20:14.0358 6112  ehSched - ok
22:20:14.0358 6112  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:20:14.0374 6112  ehstart - ok
22:20:14.0436 6112  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:20:14.0452 6112  elxstor - ok
22:20:14.0499 6112  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:20:14.0499 6112  EMDMgmt - ok
22:20:14.0530 6112  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:20:14.0530 6112  EraserUtilRebootDrv - ok
22:20:14.0577 6112  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:20:14.0577 6112  EventSystem - ok
22:20:14.0623 6112  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:20:14.0623 6112  exfat - ok
22:20:14.0670 6112  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:20:14.0670 6112  fastfat - ok
22:20:14.0701 6112  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:20:14.0701 6112  fdc - ok
22:20:14.0732 6112  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:20:14.0732 6112  fdPHost - ok
22:20:14.0748 6112  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:20:14.0748 6112  FDResPub - ok
22:20:14.0779 6112  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:20:14.0795 6112  FileInfo - ok
22:20:14.0826 6112  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:20:14.0826 6112  Filetrace - ok
22:20:14.0826 6112  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:20:14.0826 6112  flpydisk - ok
22:20:14.0857 6112  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:20:14.0873 6112  FltMgr - ok
22:20:14.0982 6112  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
22:20:14.0998 6112  FontCache - ok
22:20:15.0076 6112  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:20:15.0076 6112  FontCache3.0.0.0 - ok
22:20:15.0122 6112  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:20:15.0122 6112  Fs_Rec - ok
22:20:15.0154 6112  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:20:15.0169 6112  gagp30kx - ok
22:20:15.0200 6112  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:20:15.0200 6112  GEARAspiWDM - ok
22:20:15.0232 6112  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:20:15.0247 6112  gpsvc - ok
22:20:15.0294 6112  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:20:15.0294 6112  HdAudAddService - ok
22:20:15.0497 6112  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:20:15.0497 6112  HDAudBus - ok
22:20:15.0528 6112  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:20:15.0528 6112  HidBth - ok
22:20:15.0528 6112  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:20:15.0528 6112  HidIr - ok
22:20:15.0544 6112  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:20:15.0559 6112  hidserv - ok
22:20:15.0559 6112  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:20:15.0559 6112  HidUsb - ok
22:20:15.0590 6112  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:20:15.0590 6112  hkmsvc - ok
22:20:15.0653 6112  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
22:20:15.0653 6112  HP Health Check Service - ok
22:20:15.0700 6112  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:20:15.0731 6112  HpCISSs - ok
22:20:15.0856 6112  [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:20:15.0856 6112  hpqcxs08 - ok
22:20:15.0902 6112  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:20:15.0934 6112  hpqddsvc - ok
22:20:15.0965 6112  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:20:15.0980 6112  HpqKbFiltr - ok
22:20:15.0980 6112  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
22:20:15.0980 6112  HpqRemHid - ok
22:20:16.0012 6112  [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:20:16.0012 6112  hpqwmiex - ok
22:20:16.0058 6112  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:20:16.0058 6112  HSFHWAZL - ok
22:20:16.0183 6112  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:20:16.0230 6112  HSF_DPV - ok
22:20:16.0230 6112  HTCAND32 - ok
22:20:16.0292 6112  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:20:16.0511 6112  HTTP - ok
22:20:16.0542 6112  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:20:16.0542 6112  i2omp - ok
22:20:16.0604 6112  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:20:16.0604 6112  i8042prt - ok
22:20:16.0651 6112  [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:20:16.0651 6112  IAANTMON - ok
22:20:16.0807 6112  [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
22:20:16.0838 6112  ialm - ok
22:20:16.0901 6112  [ BAABB0301949774A66B955C65319635A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:20:16.0901 6112  iaStor - ok
22:20:16.0948 6112  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:20:16.0963 6112  iaStorV - ok
22:20:17.0026 6112  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:20:17.0026 6112  IDriverT - ok
22:20:17.0135 6112  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:20:17.0166 6112  idsvc - ok
22:20:17.0338 6112  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvix86.sys
22:20:17.0353 6112  IDSVix86 - ok
22:20:17.0400 6112  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:20:17.0400 6112  iirsp - ok
22:20:17.0447 6112  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:20:17.0447 6112  IKEEXT - ok
22:20:17.0650 6112  [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:20:17.0665 6112  IntcAzAudAddService - ok
22:20:17.0696 6112  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:20:17.0696 6112  intelide - ok
22:20:17.0759 6112  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:20:17.0759 6112  intelppm - ok
22:20:17.0852 6112  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:20:17.0852 6112  IPBusEnum - ok
22:20:17.0899 6112  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:17.0899 6112  IpFilterDriver - ok
22:20:17.0930 6112  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:20:17.0930 6112  iphlpsvc - ok
22:20:17.0946 6112  IpInIp - ok
22:20:17.0977 6112  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:20:17.0977 6112  IPMIDRV - ok
22:20:18.0024 6112  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:20:18.0024 6112  IPNAT - ok
22:20:18.0102 6112  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:20:18.0102 6112  iPod Service - ok
22:20:18.0149 6112  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:20:18.0149 6112  IRENUM - ok
22:20:18.0149 6112  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:20:18.0149 6112  isapnp - ok
22:20:18.0195 6112  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:20:18.0195 6112  iScsiPrt - ok
22:20:18.0227 6112  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:20:18.0227 6112  iteatapi - ok
22:20:18.0227 6112  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:20:18.0227 6112  iteraid - ok
22:20:18.0273 6112  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:20:18.0273 6112  kbdclass - ok
22:20:18.0305 6112  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:20:18.0305 6112  kbdhid - ok
22:20:18.0336 6112  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:20:18.0336 6112  KeyIso - ok
22:20:18.0383 6112  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:20:18.0398 6112  KSecDD - ok
22:20:18.0445 6112  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:20:18.0445 6112  KtmRm - ok
22:20:18.0492 6112  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:20:18.0492 6112  LanmanServer - ok
22:20:18.0507 6112  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:20:18.0523 6112  LanmanWorkstation - ok
22:20:18.0601 6112  [ 9582504591A9F405F7505FEFB4F64123 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:20:18.0617 6112  LBTServ - ok
22:20:18.0679 6112  [ 05D6B85ECC3204931923AB7940B9596E ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:20:18.0679 6112  LHidFilt - ok
22:20:18.0726 6112  [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:20:18.0726 6112  LightScribeService - ok
22:20:18.0757 6112  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:20:18.0757 6112  lltdio - ok
22:20:18.0788 6112  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:20:18.0804 6112  lltdsvc - ok
22:20:18.0835 6112  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:20:18.0835 6112  lmhosts - ok
22:20:18.0851 6112  [ 053DBCC1082FDF74AB145A71917A6556 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:20:18.0851 6112  LMouFilt - ok
22:20:18.0897 6112  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:20:18.0897 6112  LSI_FC - ok
22:20:18.0897 6112  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:20:18.0897 6112  LSI_SAS - ok
22:20:18.0913 6112  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:20:18.0913 6112  LSI_SCSI - ok
22:20:18.0944 6112  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:20:18.0944 6112  luafv - ok
22:20:18.0975 6112  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:20:18.0975 6112  Mcx2Svc - ok
22:20:18.0991 6112  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
22:20:18.0991 6112  megasas - ok
22:20:19.0022 6112  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:20:19.0022 6112  MMCSS - ok
22:20:19.0069 6112  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:20:19.0069 6112  Modem - ok
22:20:19.0116 6112  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
22:20:19.0116 6112  MODEMCSA - ok
22:20:19.0131 6112  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:20:19.0131 6112  monitor - ok
22:20:19.0163 6112  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:20:19.0163 6112  mouclass - ok
22:20:19.0163 6112  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:20:19.0163 6112  mouhid - ok
22:20:19.0209 6112  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:20:19.0209 6112  MountMgr - ok
22:20:19.0256 6112  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:20:19.0256 6112  MozillaMaintenance - ok
22:20:19.0303 6112  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:20:19.0303 6112  mpio - ok
22:20:19.0334 6112  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:20:19.0334 6112  mpsdrv - ok
22:20:19.0397 6112  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:20:19.0412 6112  MpsSvc - ok
22:20:19.0412 6112  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:20:19.0412 6112  Mraid35x - ok
22:20:19.0443 6112  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:20:19.0459 6112  MRxDAV - ok
22:20:19.0475 6112  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:19.0490 6112  mrxsmb - ok
22:20:19.0521 6112  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:19.0521 6112  mrxsmb10 - ok
22:20:19.0553 6112  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:19.0553 6112  mrxsmb20 - ok
22:20:19.0584 6112  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:20:19.0584 6112  msahci - ok
22:20:19.0599 6112  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:20:19.0615 6112  msdsm - ok
22:20:19.0646 6112  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:20:19.0646 6112  MSDTC - ok
22:20:19.0693 6112  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:20:19.0693 6112  Msfs - ok
22:20:19.0709 6112  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:20:19.0709 6112  msisadrv - ok
22:20:19.0755 6112  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:20:19.0771 6112  MSiSCSI - ok
22:20:19.0771 6112  msiserver - ok
22:20:19.0818 6112  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:20:19.0818 6112  MSKSSRV - ok
22:20:19.0833 6112  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:19.0833 6112  MSPCLOCK - ok
22:20:19.0865 6112  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:20:19.0865 6112  MSPQM - ok
22:20:19.0927 6112  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:20:19.0943 6112  MsRPC - ok
22:20:19.0989 6112  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:20:19.0989 6112  mssmbios - ok
22:20:20.0114 6112  MSSQL$SQLEXPRESS - ok
22:20:20.0348 6112  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:20:20.0348 6112  MSSQLServerADHelper100 - ok
22:20:20.0379 6112  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:20:20.0395 6112  MSTEE - ok
22:20:20.0426 6112  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:20:20.0426 6112  Mup - ok
22:20:20.0691 6112  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
22:20:20.0691 6112  N360 - ok
22:20:20.0723 6112  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:20:20.0723 6112  napagent - ok
22:20:20.0785 6112  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:20:20.0816 6112  NativeWifiP - ok
22:20:20.0879 6112  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130715.003\NAVENG.SYS
22:20:20.0894 6112  NAVENG - ok
22:20:21.0144 6112  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130715.003\NAVEX15.SYS
22:20:21.0159 6112  NAVEX15 - ok
22:20:21.0253 6112  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:20:21.0269 6112  NDIS - ok
22:20:21.0315 6112  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:21.0315 6112  NdisTapi - ok
22:20:21.0347 6112  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:21.0362 6112  Ndisuio - ok
22:20:21.0409 6112  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:21.0425 6112  NdisWan - ok
22:20:21.0503 6112  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:20:21.0503 6112  NDProxy - ok
22:20:21.0549 6112  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:20:21.0549 6112  Net Driver HPZ12 - ok
22:20:21.0581 6112  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:20:21.0596 6112  NetBIOS - ok
22:20:21.0643 6112  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:20:21.0658 6112  netbt - ok
22:20:21.0674 6112  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:20:21.0690 6112  Netlogon - ok
22:20:21.0721 6112  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:20:21.0721 6112  Netman - ok
22:20:21.0799 6112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:20:21.0814 6112  NetMsmqActivator - ok
22:20:21.0814 6112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:20:21.0814 6112  NetPipeActivator - ok
22:20:21.0861 6112  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:20:21.0861 6112  netprofm - ok
22:20:21.0877 6112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:20:21.0877 6112  NetTcpActivator - ok
22:20:21.0877 6112  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:20:21.0877 6112  NetTcpPortSharing - ok
22:20:22.0142 6112  [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
22:20:22.0220 6112  NETw4v32 - ok
22:20:22.0579 6112  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
22:20:22.0657 6112  NETw5v32 - ok
22:20:22.0688 6112  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:20:22.0688 6112  nfrd960 - ok
22:20:22.0719 6112  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:20:22.0719 6112  NlaSvc - ok
22:20:22.0750 6112  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:20:22.0750 6112  Npfs - ok
22:20:22.0797 6112  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:20:22.0797 6112  nsi - ok
22:20:22.0844 6112  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:20:22.0844 6112  nsiproxy - ok
22:20:22.0906 6112  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:20:22.0938 6112  Ntfs - ok
22:20:22.0969 6112  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:20:23.0000 6112  ntrigdigi - ok
22:20:23.0031 6112  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:20:23.0031 6112  Null - ok
22:20:23.0608 6112  [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:20:23.0718 6112  nvlddmkm - ok
22:20:23.0764 6112  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:20:23.0764 6112  nvraid - ok
22:20:23.0764 6112  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:20:23.0764 6112  nvstor - ok
22:20:23.0842 6112  [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:20:23.0858 6112  nvsvc - ok
22:20:23.0874 6112  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:20:23.0920 6112  nv_agp - ok
22:20:23.0920 6112  NwlnkFlt - ok
22:20:23.0920 6112  NwlnkFwd - ok
22:20:24.0092 6112  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:20:24.0108 6112  odserv - ok
22:20:24.0139 6112  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:20:24.0139 6112  ohci1394 - ok
22:20:24.0232 6112  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:24.0248 6112  ose - ok
22:20:24.0342 6112  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:20:24.0357 6112  p2pimsvc - ok
22:20:24.0373 6112  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:20:24.0373 6112  p2psvc - ok
22:20:24.0404 6112  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:20:24.0435 6112  Parport - ok
22:20:24.0451 6112  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:20:24.0466 6112  partmgr - ok
22:20:24.0466 6112  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:20:24.0482 6112  Parvdm - ok
22:20:24.0513 6112  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:20:24.0513 6112  PcaSvc - ok
22:20:24.0560 6112  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:20:24.0560 6112  pci - ok
22:20:24.0591 6112  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:20:24.0591 6112  pciide - ok
22:20:24.0591 6112  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:20:24.0591 6112  pcmcia - ok
22:20:24.0716 6112  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:20:24.0747 6112  PEAUTH - ok
22:20:24.0919 6112  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:20:24.0966 6112  pla - ok
22:20:25.0028 6112  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:20:25.0044 6112  PlugPlay - ok
22:20:25.0059 6112  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:20:25.0075 6112  Pml Driver HPZ12 - ok
22:20:25.0090 6112  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:20:25.0090 6112  PNRPAutoReg - ok
22:20:25.0137 6112  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:20:25.0137 6112  PNRPsvc - ok
22:20:25.0184 6112  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:20:25.0199 6112  PolicyAgent - ok
22:20:25.0231 6112  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:20:25.0231 6112  PptpMiniport - ok
22:20:25.0277 6112  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
22:20:25.0277 6112  Processor - ok
22:20:25.0293 6112  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:20:25.0293 6112  ProfSvc - ok
22:20:25.0324 6112  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:20:25.0324 6112  ProtectedStorage - ok
22:20:25.0387 6112  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:20:25.0449 6112  PSched - ok
22:20:25.0574 6112  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:20:25.0589 6112  ql2300 - ok
22:20:25.0621 6112  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:20:25.0667 6112  ql40xx - ok
22:20:25.0761 6112  [ BA396D1C71934E22679D3F4DAC17E7AB ] QPCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
22:20:25.0777 6112  QPCapSvc - ok
22:20:25.0792 6112  [ 4B455E8C41CAD3219CCF53024DCAD604 ] QPSched         C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
22:20:25.0792 6112  QPSched - ok
22:20:25.0839 6112  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:20:25.0839 6112  QWAVE - ok
22:20:25.0870 6112  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:20:25.0870 6112  QWAVEdrv - ok
22:20:25.0901 6112  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:20:25.0901 6112  RasAcd - ok
22:20:25.0933 6112  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:20:25.0933 6112  RasAuto - ok
22:20:25.0979 6112  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:25.0979 6112  Rasl2tp - ok
22:20:26.0026 6112  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:20:26.0026 6112  RasMan - ok
22:20:26.0089 6112  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:26.0089 6112  RasPppoe - ok
22:20:26.0120 6112  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:20:26.0120 6112  RasSstp - ok
22:20:26.0167 6112  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:20:26.0167 6112  rdbss - ok
22:20:26.0229 6112  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:20:26.0229 6112  RDPCDD - ok
22:20:26.0260 6112  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:20:26.0260 6112  rdpdr - ok
22:20:26.0260 6112  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:20:26.0260 6112  RDPENCDD - ok
22:20:26.0369 6112  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:20:26.0369 6112  RDPWD - ok
22:20:26.0416 6112  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:20:26.0416 6112  RemoteAccess - ok
22:20:26.0447 6112  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:20:26.0447 6112  RemoteRegistry - ok
22:20:26.0510 6112  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:20:26.0510 6112  RFCOMM - ok
22:20:26.0635 6112  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:20:26.0635 6112  RichVideo - ok
22:20:26.0713 6112  [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
22:20:26.0744 6112  rimmptsk - ok
22:20:26.0775 6112  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
22:20:26.0775 6112  rimsptsk - ok
22:20:26.0791 6112  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
22:20:26.0791 6112  rismxdp - ok
22:20:26.0869 6112  [ 6BFC6C564E75B1CCAA3D24342DC77C13 ] RoxioNow Service C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
22:20:26.0869 6112  RoxioNow Service - ok
22:20:26.0884 6112  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:20:26.0900 6112  RpcLocator - ok
22:20:26.0931 6112  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:20:26.0947 6112  RpcSs - ok
22:20:26.0978 6112  [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
22:20:26.0978 6112  RsFx0105 - ok
22:20:27.0009 6112  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:20:27.0009 6112  rspndr - ok
22:20:27.0040 6112  [ A1ADC7B4C074744662207DA6EDCDFBB0 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
22:20:27.0040 6112  RTL8169 - ok
22:20:27.0087 6112  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:20:27.0087 6112  SamSs - ok
22:20:27.0149 6112  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:20:27.0149 6112  sbp2port - ok
22:20:27.0196 6112  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:20:27.0196 6112  SCardSvr - ok
22:20:27.0243 6112  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:20:27.0243 6112  Schedule - ok
22:20:27.0259 6112  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:20:27.0259 6112  SCPolicySvc - ok
22:20:27.0305 6112  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:20:27.0337 6112  sdbus - ok
22:20:27.0352 6112  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:20:27.0352 6112  SDRSVC - ok
22:20:27.0399 6112  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:20:27.0399 6112  secdrv - ok
22:20:27.0415 6112  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:20:27.0430 6112  seclogon - ok
22:20:27.0446 6112  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:20:27.0446 6112  SENS - ok
22:20:27.0477 6112  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:20:27.0508 6112  Serenum - ok
22:20:27.0539 6112  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:20:27.0539 6112  Serial - ok
22:20:27.0586 6112  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:20:27.0586 6112  sermouse - ok
22:20:27.0633 6112  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:20:27.0633 6112  SessionEnv - ok
22:20:27.0664 6112  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:20:27.0664 6112  sffdisk - ok
22:20:27.0695 6112  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:20:27.0695 6112  sffp_mmc - ok
22:20:27.0742 6112  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:20:27.0742 6112  sffp_sd - ok
22:20:27.0805 6112  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:20:27.0805 6112  sfloppy - ok
22:20:27.0820 6112  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:20:27.0836 6112  SharedAccess - ok
22:20:27.0914 6112  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:20:27.0929 6112  ShellHWDetection - ok
22:20:27.0976 6112  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:20:27.0976 6112  sisagp - ok
22:20:27.0992 6112  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:20:27.0992 6112  SiSRaid2 - ok
22:20:28.0007 6112  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:20:28.0023 6112  SiSRaid4 - ok
22:20:28.0195 6112  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:20:28.0304 6112  slsvc - ok
22:20:28.0351 6112  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:20:28.0351 6112  SLUINotify - ok
22:20:28.0382 6112  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:20:28.0382 6112  Smb - ok
22:20:28.0460 6112  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
22:20:28.0475 6112  smserial - ok
22:20:28.0507 6112  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:20:28.0522 6112  SNMPTRAP - ok
22:20:28.0553 6112  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:20:28.0553 6112  spldr - ok
22:20:28.0585 6112  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:20:28.0585 6112  Spooler - ok
22:20:28.0631 6112  [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:20:28.0647 6112  SQLAgent$SQLEXPRESS - ok
22:20:28.0725 6112  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:20:28.0725 6112  SQLBrowser - ok
22:20:28.0756 6112  [ 135CDCCC167EF0C250125BBD3ABE18D5 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:20:28.0756 6112  SQLWriter - ok
22:20:28.0896 6112  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS
22:20:28.0912 6112  SRTSP - ok
22:20:28.0912 6112  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS
22:20:28.0912 6112  SRTSPX - ok
22:20:28.0959 6112  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:20:28.0959 6112  srv - ok
22:20:28.0990 6112  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:20:29.0006 6112  srv2 - ok
22:20:29.0052 6112  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:20:29.0052 6112  srvnet - ok
22:20:29.0084 6112  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:20:29.0084 6112  SSDPSRV - ok
22:20:29.0130 6112  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:20:29.0130 6112  SstpSvc - ok
22:20:29.0177 6112  [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
22:20:29.0177 6112  ssudmdm - ok
22:20:29.0271 6112  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:20:29.0271 6112  stisvc - ok
22:20:29.0302 6112  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:20:29.0302 6112  swenum - ok
22:20:29.0489 6112  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:20:29.0505 6112  SwitchBoard - ok
22:20:29.0536 6112  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:20:29.0552 6112  swprv - ok
22:20:29.0598 6112  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:20:29.0598 6112  Symc8xx - ok
22:20:29.0630 6112  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\N360\1403010.016\SYMDS.SYS
22:20:29.0645 6112  SymDS - ok
22:20:29.0692 6112  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\N360\1403010.016\SYMEFA.SYS
22:20:29.0692 6112  SymEFA - ok
22:20:29.0739 6112  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
22:20:29.0754 6112  SymEvent - ok
22:20:29.0754 6112  SymIM - ok
22:20:29.0786 6112  SymIMMP - ok
22:20:29.0817 6112  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS
22:20:29.0832 6112  SymIRON - ok
22:20:29.0879 6112  [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv         C:\Windows\System32\Drivers\N360\1403010.016\SYMTDIV.SYS
22:20:29.0879 6112  SYMTDIv - ok
22:20:29.0942 6112  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:20:29.0942 6112  Sym_hi - ok
22:20:29.0957 6112  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:20:29.0957 6112  Sym_u3 - ok
22:20:30.0004 6112  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:20:30.0004 6112  SynTP - ok
22:20:30.0051 6112  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:20:30.0066 6112  SysMain - ok
22:20:30.0098 6112  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:20:30.0098 6112  TabletInputService - ok
22:20:30.0160 6112  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:20:30.0176 6112  TapiSrv - ok
22:20:30.0207 6112  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:20:30.0207 6112  TBS - ok
22:20:30.0300 6112  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:20:30.0332 6112  Tcpip - ok
22:20:30.0347 6112  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:20:30.0363 6112  Tcpip6 - ok
22:20:30.0378 6112  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:20:30.0394 6112  tcpipreg - ok
22:20:30.0425 6112  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:20:30.0441 6112  TDPIPE - ok
22:20:30.0472 6112  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:20:30.0488 6112  TDTCP - ok
22:20:30.0503 6112  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:20:30.0519 6112  tdx - ok
22:20:30.0534 6112  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:20:30.0534 6112  TermDD - ok
22:20:30.0581 6112  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:20:30.0597 6112  TermService - ok
22:20:30.0612 6112  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:20:30.0612 6112  Themes - ok
22:20:30.0628 6112  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:20:30.0644 6112  THREADORDER - ok
22:20:30.0659 6112  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:20:30.0675 6112  TrkWks - ok
22:20:30.0737 6112  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:20:30.0737 6112  TrustedInstaller - ok
22:20:30.0800 6112  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:20:30.0800 6112  tssecsrv - ok
22:20:30.0831 6112  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:20:30.0831 6112  tunmp - ok
22:20:30.0862 6112  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:20:30.0862 6112  tunnel - ok
22:20:30.0893 6112  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:20:30.0893 6112  uagp35 - ok
22:20:30.0987 6112  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:20:31.0002 6112  udfs - ok
22:20:31.0049 6112  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:20:31.0049 6112  UI0Detect - ok
22:20:31.0065 6112  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:20:31.0065 6112  uliagpkx - ok
22:20:31.0096 6112  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:20:31.0096 6112  uliahci - ok
22:20:31.0096 6112  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:20:31.0096 6112  UlSata - ok
22:20:31.0112 6112  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:20:31.0112 6112  ulsata2 - ok
22:20:31.0158 6112  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:20:31.0158 6112  umbus - ok
22:20:31.0205 6112  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:20:31.0221 6112  upnphost - ok
22:20:31.0268 6112  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
22:20:31.0268 6112  USBAAPL - ok
22:20:31.0299 6112  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:20:31.0299 6112  usbccgp - ok
22:20:31.0314 6112  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:20:31.0314 6112  usbcir - ok
22:20:31.0361 6112  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:20:31.0361 6112  usbehci - ok
22:20:31.0392 6112  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:20:31.0392 6112  usbhub - ok
22:20:31.0408 6112  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:20:31.0424 6112  usbohci - ok
22:20:31.0455 6112  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:20:31.0455 6112  usbprint - ok
22:20:31.0486 6112  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:20:31.0486 6112  usbscan - ok
22:20:31.0502 6112  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:20:31.0502 6112  USBSTOR - ok
22:20:31.0533 6112  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:20:31.0533 6112  usbuhci - ok
22:20:31.0595 6112  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:20:31.0611 6112  usbvideo - ok
22:20:31.0642 6112  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:20:31.0642 6112  UxSms - ok
22:20:31.0689 6112  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:20:31.0689 6112  vds - ok
22:20:31.0720 6112  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:20:31.0720 6112  vga - ok
22:20:31.0767 6112  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:20:31.0767 6112  VgaSave - ok
22:20:31.0782 6112  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:20:31.0782 6112  viaagp - ok
22:20:31.0814 6112  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:20:31.0814 6112  ViaC7 - ok
22:20:31.0814 6112  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:20:31.0814 6112  viaide - ok
22:20:31.0860 6112  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:20:31.0860 6112  volmgr - ok
22:20:31.0954 6112  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:20:31.0970 6112  volmgrx - ok
22:20:32.0032 6112  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:20:32.0032 6112  volsnap - ok
22:20:32.0079 6112  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:20:32.0079 6112  vsmraid - ok
22:20:32.0157 6112  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:20:32.0188 6112  VSS - ok
22:20:32.0219 6112  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:20:32.0219 6112  W32Time - ok
22:20:32.0266 6112  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:20:32.0266 6112  WacomPen - ok
22:20:32.0313 6112  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:20:32.0313 6112  Wanarp - ok
22:20:32.0313 6112  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:20:32.0313 6112  Wanarpv6 - ok
22:20:32.0406 6112  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:20:32.0422 6112  wcncsvc - ok
22:20:32.0453 6112  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:20:32.0453 6112  WcsPlugInService - ok
22:20:32.0484 6112  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:20:32.0484 6112  Wd - ok
22:20:32.0640 6112  [ 6A1AEF46AC445EF4013E494BAC9D66C2 ] WDBackup        C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
22:20:32.0671 6112  WDBackup - ok
22:20:32.0703 6112  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
22:20:32.0703 6112  WDC_SAM - ok
22:20:32.0749 6112  [ 46DA6F2C6B084069EC9C4A1C79BFE8C7 ] WDDriveService  C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
22:20:32.0765 6112  WDDriveService - ok
22:20:32.0796 6112  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:20:32.0812 6112  Wdf01000 - ok
22:20:32.0843 6112  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:20:32.0843 6112  WdiServiceHost - ok
22:20:32.0859 6112  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:20:32.0859 6112  WdiSystemHost - ok
22:20:32.0983 6112  [ B1C9682B3AC27567BDBA4DEDAFB6FA79 ] WDRulesService  C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
22:20:32.0999 6112  WDRulesService - ok
22:20:33.0046 6112  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:20:33.0061 6112  WebClient - ok
22:20:33.0093 6112  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:20:33.0093 6112  Wecsvc - ok
22:20:33.0139 6112  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:20:33.0139 6112  wercplsupport - ok
22:20:33.0171 6112  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:20:33.0186 6112  WerSvc - ok
22:20:33.0249 6112  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:20:33.0264 6112  winachsf - ok
22:20:33.0327 6112  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:20:33.0342 6112  WinDefend - ok
22:20:33.0358 6112  WinHttpAutoProxySvc - ok
22:20:33.0483 6112  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:20:33.0483 6112  Winmgmt - ok
22:20:33.0607 6112  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:20:33.0639 6112  WinRM - ok
22:20:33.0717 6112  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:20:33.0717 6112  Wlansvc - ok
22:20:33.0826 6112  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:20:33.0857 6112  wlidsvc - ok
22:20:33.0888 6112  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:20:33.0888 6112  WmiAcpi - ok
22:20:33.0966 6112  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:20:33.0966 6112  wmiApSrv - ok
22:20:34.0044 6112  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:20:34.0060 6112  WMPNetworkSvc - ok
22:20:34.0107 6112  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:20:34.0107 6112  WPCSvc - ok
22:20:34.0153 6112  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:20:34.0153 6112  WPDBusEnum - ok
22:20:34.0185 6112  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:20:34.0185 6112  WpdUsb - ok
22:20:34.0403 6112  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:20:34.0403 6112  WPFFontCache_v0400 - ok
22:20:34.0746 6112  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:20:34.0746 6112  ws2ifsl - ok
22:20:34.0777 6112  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:20:34.0777 6112  wscsvc - ok
22:20:34.0777 6112  WSearch - ok
22:20:34.0871 6112  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:20:34.0902 6112  wuauserv - ok
22:20:34.0949 6112  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:20:34.0949 6112  WudfPf - ok
22:20:34.0980 6112  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:34.0980 6112  WUDFRd - ok
22:20:35.0011 6112  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:20:35.0011 6112  wudfsvc - ok
22:20:35.0027 6112  ================ Scan global ===============================
22:20:35.0074 6112  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:20:35.0136 6112  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:20:35.0152 6112  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:20:35.0214 6112  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:20:35.0261 6112  [Global] - ok
22:20:35.0261 6112  ================ Scan MBR ==================================
22:20:35.0277 6112  [ 5F4B31D921143A370C269D58CC755F7E ] \Device\Harddisk0\DR0
22:20:35.0308 6112  \Device\Harddisk0\DR0 - ok
22:20:35.0308 6112  ================ Scan VBR ==================================
22:20:35.0323 6112  [ 2542EF875B059562DFEF47B1AEE6591D ] \Device\Harddisk0\DR0\Partition1
22:20:35.0323 6112  \Device\Harddisk0\DR0\Partition1 - ok
22:20:35.0370 6112  [ 980A18A2B11340BF6532E25D0A69C532 ] \Device\Harddisk0\DR0\Partition2
22:20:35.0370 6112  \Device\Harddisk0\DR0\Partition2 - ok
22:20:35.0370 6112  ============================================================
22:20:35.0370 6112  Scan finished
22:20:35.0370 6112  ============================================================
22:20:35.0370 6104  Detected object count: 0
22:20:35.0370 6104  Actual detected object count: 0
22:20:47.0491 5860  Deinitialize success

 

The logs for MBAR and ComboFix are attached.

mbar-log-2013-07-16 (22-23-32).txt

mbar-log-2013-07-17 (06-18-08).txt

system-log.txt

ComboFix.txt

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Things look a whole lot better. Let's run some more scans to verify there isn't anything left:

 

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

----------Step 4 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Still have a little more to do, but we're nearly there.

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

     

    :OTL
    [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites
SneakyFish

SneakyFish

Posted
  • Author
Posted

I ran the OTL script you posted above again and got the following.

 

 

All processes killed
========== OTL ==========
File C:\Windows\assembly\Desktop.ini not found.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 07182013_182017

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Okay no worries.

 

Let's see what programs of yours need updating:

 

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites
SneakyFish

SneakyFish

Posted
  • Author
Posted

 

 Results of screen317's Security Check version 0.99.70 

 Windows Vista Service Pack 2 x86 (UAC is disabled!) 

 Internet Explorer 9 

 Internet Explorer 8 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Disabled! 

Norton Security Suite  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Java 6 Update 27 

 Java SE Development Kit 6 Update 27

 Java DB 10.6.2.1  

 Java version out of Date!

 Adobe Flash Player  11.7.700.224 

 Adobe Reader 10.1.7 Adobe Reader out of Date! 

 Mozilla Firefox 12.0 Firefox out of Date! 

````````Process Check: objlist.exe by Laurent```````` 

 Norton ccSvcHst.exe

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Things look good. Judging by your last few logs, I'd say your system is clean. :)

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

 

---------

Upgrade Java : (32 bits) (Note: the latest version 7u25)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-x32.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

---------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

---------

 

Firefox is out of date.  Using an outdated version of a web browser leaves you extremely vulnerable to malware!
Please visit Mozilla site  and update it to the latest version.

 

---------

Please let me know how the updates went, as failed updates may be due to malware.

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

That error is pretty common. Let me know if you have any other problems with it and we'll take a further look.

 

-------

 

Glad to hear the updates went successfully!

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.


-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available


A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.


---------------------------------------------------------



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:
paypal.gif Every little bit helps. smile.png

-DFB
 

Link to post
Share on other sites
SneakyFish

SneakyFish

Posted
  • Author
Posted

I've deleted the ComboFix shortcut. Is there another way to uninstall it? When i use run it tells me that it cannot be found. Also can I just delete JRT, SecurityCheck, and ESET or is there a particular way i need to remove it? Finally can I go ahead and delete all the log files these programs have generated?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept