Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Malware downloaded

(In Progress)
(!)

clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
31-Mar-2013, 06:04 AM #1
Malware downloaded
Hello

I downloaded a program that was marked safe by Norton. However it downloaded some malware with it and changed my home page to delta search, as well as blank tabs to delta search. The computer program processing and internet speed has slowed down so I suspect more programs (malware/viruses) have been downloaded. Also, five programs were downloaded - Browser Protect, Delta Chrome Toolbar, Delta Toolbar, Gorilla Price, Yontoo 2.51. Additionally a window that won't go away keeps coming up with "BrowserProtect.exe has stopped working". Finally, the above five programs are running processes - when closed in Task Manager (windows vista) they come back - hence I think they are malware.

I was cautious about just deleting the programs installed listed above as I've had damage done to my computer previously when this happened about a year ago. Additionally I don't know how to stop the message above reappearing. Also, as mentioned, I think I have additionally (undetected) malware downloaded.

I've run a Norton Scan but it has only detected tracking cookies and deleted these. Nothing else is detected, and the latest virus etc. definitions were downloaded prior to starting the scan.

I've added the logs requested in the "read this before posting" file as attachments as the previous post I attempted was deemed too long (i.e. over 300000 characters". Sorry - I hope this is ok, otherwise I can re-post them individually.

Help would be greatly appreciated.

Thanks
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Mar-2013, 06:17 AM #2
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Mar-2013, 06:18 AM #3
then
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
31-Mar-2013, 07:39 AM #4
Ok, have run both scans and am posting the logs:-
1) 1) adwCleaner[R1].txt
# AdwCleaner v2.115 - Logfile created 03/31/2013 at 12:20:10
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : a - P-PC
# Boot Mode : Normal
# Running from : C:\Users\a\Desktop\security\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : BrowserProtect
Found : Yontoo Desktop Updater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\bprotector_extensions.sqlite
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\bprotector_prefs.js
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\searchplugins\delta.xml
Folder Found : C:\Program Files\Delta
Folder Found : C:\Program Files\NetNucleous
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\a\appData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\a\appData\LocalLow\boost_interprocess
Folder Found : C:\Users\a\appData\Roaming\BabSolution
Folder Found : C:\Users\a\appData\Roaming\Babylon
Folder Found : C:\Users\a\appData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\extensions\ffxtlbr@delta.com
Folder Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\extensions\plugin@yontoo.com
Folder Found : C:\Users\a\appData\Roaming\Yontoo
Folder Found : C:\Users\a\appData\Roaming\yourfiledownloader

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5808c88e56abe45
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\NetNucleous
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\NetNucleous
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\5808c88e56abe45
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKU\S-1-5-21-2887509634-308989567-3342084679-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\prefs.js

Found : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119842&tt=190313_wo1&bab[...]
Found : user_pref("avg.install.userSPSettings", "Delta Search");
Found : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119842&tt=190313_wo1&babsrc=NT_s[...]
Found : user_pref("browser.search.selectedEngine", "Delta Search");
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.id", "36baafb4000000000000001c254fb278");
Found : user_pref("extensions.delta.instlDay", "15794");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Found : user_pref("extensions.delta.vrsnTs", "1.8.10.016:52:25");
Found : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Found : user_pref("extentions.y2layers.installId", "62281d57-6761-4500-a1db-9ac1121070c4");

*************************

AdwCleaner[R1].txt - [11199 octets] - [31/03/2013 12:20:10]

########## EOF - C:\AdwCleaner[R1].txt - [11260 octets] ##########





2) 2) TDSSKiller.2.8.16.0_31.03.2013_12.18.12_log
12:18:12.0977 1556 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
12:18:13.0913 1556 ============================================================
12:18:13.0913 1556 Current date / time: 2013/03/31 12:18:13.0913
12:18:13.0913 1556 SystemInfo:
12:18:13.0913 1556
12:18:13.0913 1556 OS Version: 6.0.6002 ServicePack: 2.0
12:18:13.0913 1556 Product type: Workstation
12:18:13.0913 1556 ComputerName: P-PC
12:18:13.0913 1556 UserName: a
12:18:13.0913 1556 Windows directory: C:\Windows
12:18:13.0913 1556 System windows directory: C:\Windows
12:18:13.0913 1556 Processor architecture: Intel x86
12:18:13.0913 1556 Number of processors: 4
12:18:13.0913 1556 Page size: 0x1000
12:18:13.0913 1556 Boot type: Normal boot
12:18:13.0913 1556 ============================================================
12:18:15.0239 1556 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:18:15.0254 1556 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xB5B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
12:18:15.0301 1556 ============================================================
12:18:15.0301 1556 \Device\Harddisk0\DR0:
12:18:15.0317 1556 MBR partitions:
12:18:15.0317 1556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1000800, BlocksNum 0x28EB2800
12:18:15.0317 1556 \Device\Harddisk1\DR1:
12:18:15.0332 1556 MBR partitions:
12:18:15.0332 1556 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x29EB2000
12:18:15.0332 1556 ============================================================
12:18:15.0364 1556 C: <-> \Device\Harddisk0\DR0\Partition1
12:18:15.0395 1556 D: <-> \Device\Harddisk1\DR1\Partition1
12:18:15.0410 1556 ============================================================
12:18:15.0410 1556 Initialize success
12:18:15.0410 1556 ============================================================
12:18:24.0724 5076 ============================================================
12:18:24.0724 5076 Scan started
12:18:24.0724 5076 Mode: Manual;
12:18:24.0724 5076 ============================================================
12:18:25.0878 5076 ================ Scan system memory ========================
12:18:25.0878 5076 System memory - ok
12:18:25.0878 5076 ================ Scan services =============================
12:18:26.0034 5076 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:18:26.0034 5076 ACPI - ok
12:18:26.0112 5076 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:18:26.0112 5076 AdobeARMservice - ok
12:18:26.0143 5076 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:18:26.0159 5076 adp94xx - ok
12:18:26.0190 5076 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:18:26.0206 5076 adpahci - ok
12:18:26.0221 5076 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:18:26.0237 5076 adpu160m - ok
12:18:26.0268 5076 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:18:26.0268 5076 adpu320 - ok
12:18:26.0299 5076 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:18:26.0299 5076 AeLookupSvc - ok
12:18:26.0346 5076 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:18:26.0362 5076 AFD - ok
12:18:26.0393 5076 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:18:26.0393 5076 aic78xx - ok
12:18:26.0424 5076 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:18:26.0440 5076 ALG - ok
12:18:26.0471 5076 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
12:18:26.0471 5076 aliide - ok
12:18:26.0502 5076 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:18:26.0502 5076 amdagp - ok
12:18:26.0518 5076 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
12:18:26.0518 5076 amdide - ok
12:18:26.0549 5076 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:18:26.0549 5076 AmdK7 - ok
12:18:26.0580 5076 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:18:26.0580 5076 AmdK8 - ok
12:18:26.0627 5076 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:18:26.0627 5076 Appinfo - ok
12:18:26.0658 5076 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
12:18:26.0674 5076 arc - ok
12:18:26.0705 5076 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:18:26.0705 5076 arcsas - ok
12:18:26.0767 5076 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:26.0767 5076 AsyncMac - ok
12:18:26.0814 5076 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:18:26.0814 5076 atapi - ok
12:18:26.0845 5076 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
12:18:26.0908 5076 atksgt - ok
12:18:26.0970 5076 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:18:26.0970 5076 AudioEndpointBuilder - ok
12:18:26.0986 5076 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:18:26.0986 5076 Audiosrv - ok
12:18:27.0204 5076 [ 553E94AE71D233C14A8C8B4AF9286ED0 ] BecHelperService C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
12:18:27.0251 5076 BecHelperService - ok
12:18:27.0282 5076 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:18:27.0282 5076 Beep - ok
12:18:27.0344 5076 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:18:27.0344 5076 BFE - ok
12:18:27.0578 5076 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
12:18:27.0719 5076 BHDrvx86 - ok
12:18:27.0781 5076 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
12:18:27.0812 5076 BITS - ok
12:18:27.0812 5076 blbdrive - ok
12:18:27.0859 5076 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:18:27.0859 5076 bowser - ok
12:18:27.0890 5076 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:18:27.0890 5076 BrFiltLo - ok
12:18:27.0906 5076 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:18:27.0906 5076 BrFiltUp - ok
12:18:27.0937 5076 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:18:27.0937 5076 Browser - ok
12:18:28.0093 5076 [ BB13432FA552AFCE8A66BCB5EE85F652 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
12:18:28.0171 5076 BrowserProtect - ok
12:18:28.0218 5076 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:18:28.0218 5076 Brserid - ok
12:18:28.0234 5076 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:18:28.0234 5076 BrSerWdm - ok
12:18:28.0265 5076 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:18:28.0265 5076 BrUsbMdm - ok
12:18:28.0280 5076 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:18:28.0296 5076 BrUsbSer - ok
12:18:28.0327 5076 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:18:28.0327 5076 BTHMODEM - ok
12:18:28.0436 5076 catchme - ok
12:18:28.0499 5076 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\Windows\system32\drivers\N360\1403000.024\ccSetx86.sys
12:18:28.0499 5076 ccSet_N360 - ok
12:18:28.0546 5076 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:18:28.0546 5076 cdfs - ok
12:18:28.0592 5076 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:18:28.0608 5076 cdrom - ok
12:18:28.0639 5076 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:18:28.0639 5076 CertPropSvc - ok
12:18:28.0670 5076 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:18:28.0670 5076 circlass - ok
12:18:28.0717 5076 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:18:28.0717 5076 CLFS - ok
12:18:28.0811 5076 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:18:28.0811 5076 clr_optimization_v2.0.50727_32 - ok
12:18:28.0826 5076 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:18:28.0826 5076 cmdide - ok
12:18:28.0858 5076 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:18:28.0858 5076 Compbatt - ok
12:18:28.0858 5076 COMSysApp - ok
12:18:28.0873 5076 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:18:28.0873 5076 crcdisk - ok
12:18:28.0904 5076 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:18:28.0904 5076 Crusoe - ok
12:18:28.0982 5076 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:18:28.0982 5076 CryptSvc - ok
12:18:29.0029 5076 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:18:29.0060 5076 DcomLaunch - ok
12:18:29.0107 5076 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:18:29.0107 5076 DfsC - ok
12:18:29.0201 5076 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:18:29.0248 5076 DFSR - ok
12:18:29.0310 5076 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:18:29.0310 5076 Dhcp - ok
12:18:29.0357 5076 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:18:29.0357 5076 disk - ok
12:18:29.0404 5076 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:18:29.0404 5076 Dnscache - ok
12:18:29.0450 5076 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:18:29.0450 5076 dot3svc - ok
12:18:29.0513 5076 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:18:29.0513 5076 DPS - ok
12:18:29.0528 5076 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:18:29.0528 5076 drmkaud - ok
12:18:29.0653 5076 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:18:29.0669 5076 DXGKrnl - ok
12:18:29.0700 5076 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:18:29.0700 5076 E1G60 - ok
12:18:29.0747 5076 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:18:29.0747 5076 EapHost - ok
12:18:29.0809 5076 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:18:29.0825 5076 Ecache - ok
12:18:29.0903 5076 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:18:29.0918 5076 eeCtrl - ok
12:18:29.0981 5076 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:18:29.0981 5076 ehRecvr - ok
12:18:30.0012 5076 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:18:30.0012 5076 ehSched - ok
12:18:30.0028 5076 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:18:30.0028 5076 ehstart - ok
12:18:30.0059 5076 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:18:30.0059 5076 elxstor - ok
12:18:30.0106 5076 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:18:30.0137 5076 EMDMgmt - ok
12:18:30.0184 5076 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:18:30.0184 5076 EraserUtilRebootDrv - ok
12:18:30.0230 5076 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:18:30.0230 5076 EventSystem - ok
12:18:30.0262 5076 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:18:30.0277 5076 exfat - ok
12:18:30.0293 5076 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:18:30.0293 5076 fastfat - ok
12:18:30.0324 5076 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:18:30.0324 5076 fdc - ok
12:18:30.0371 5076 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:18:30.0371 5076 fdPHost - ok
12:18:30.0386 5076 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:18:30.0386 5076 FDResPub - ok
12:18:30.0418 5076 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:18:30.0418 5076 FileInfo - ok
12:18:30.0464 5076 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:18:30.0464 5076 Filetrace - ok
12:18:30.0480 5076 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:30.0480 5076 flpydisk - ok
12:18:30.0527 5076 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:18:30.0527 5076 FltMgr - ok
12:18:30.0605 5076 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:18:30.0698 5076 FontCache - ok
12:18:30.0745 5076 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:18:30.0745 5076 FontCache3.0.0.0 - ok
12:18:30.0792 5076 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:18:30.0792 5076 Fs_Rec - ok
12:18:30.0839 5076 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:18:30.0839 5076 gagp30kx - ok
12:18:30.0870 5076 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:18:30.0870 5076 GEARAspiWDM - ok
12:18:30.0917 5076 [ 545C8F6E6C1B47E091AF7EA1FF83ACE8 ] GenericHidService C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
12:18:30.0917 5076 GenericHidService - ok
12:18:30.0964 5076 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:18:30.0979 5076 gpsvc - ok
12:18:31.0073 5076 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:18:31.0088 5076 gupdate - ok
12:18:31.0088 5076 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:18:31.0088 5076 gupdatem - ok
12:18:31.0135 5076 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:18:31.0135 5076 gusvc - ok
12:18:31.0213 5076 [ DE847265C24E69DF988BCB1399026FC7 ] HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
12:18:31.0244 5076 HauppaugeTVServer - ok
12:18:31.0307 5076 [ 61066EDF92BFF63E63B119E084BC578A ] HCW713x C:\Windows\system32\DRIVERS\HCW713x.sys
12:18:31.0338 5076 HCW713x - ok
12:18:31.0400 5076 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:18:31.0400 5076 HdAudAddService - ok
12:18:31.0447 5076 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:18:31.0463 5076 HDAudBus - ok
12:18:31.0478 5076 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:18:31.0478 5076 HidBth - ok
12:18:31.0510 5076 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:18:31.0510 5076 HidIr - ok
12:18:31.0572 5076 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:18:31.0572 5076 hidserv - ok
12:18:31.0666 5076 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:18:31.0681 5076 HidUsb - ok
12:18:31.0728 5076 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:18:31.0728 5076 hkmsvc - ok
12:18:31.0744 5076 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:18:31.0744 5076 HpCISSs - ok
12:18:31.0790 5076 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:18:31.0790 5076 HTTP - ok
12:18:31.0837 5076 [ 4154079A88089155D10168333B19627F ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:18:31.0837 5076 hwdatacard - ok
12:18:31.0853 5076 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:18:31.0853 5076 i2omp - ok
12:18:31.0900 5076 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:18:31.0900 5076 i8042prt - ok
12:18:31.0931 5076 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:18:31.0931 5076 iaStorV - ok
12:18:32.0009 5076 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:18:32.0024 5076 IDriverT - ok
12:18:32.0087 5076 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:18:32.0118 5076 idsvc - ok
12:18:32.0227 5076 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130329.001\IDSvix86.sys
12:18:32.0258 5076 IDSVix86 - ok
12:18:32.0274 5076 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:18:32.0290 5076 iirsp - ok
12:18:32.0321 5076 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:18:32.0321 5076 IKEEXT - ok
12:18:32.0383 5076 [ 4A705BF2A6F7972F2F2AD8A0D8079F95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:18:32.0446 5076 IntcAzAudAddService - ok
12:18:32.0461 5076 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
12:18:32.0477 5076 intelide - ok
12:18:32.0524 5076 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:18:32.0524 5076 intelppm - ok
12:18:32.0586 5076 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:18:32.0586 5076 IPBusEnum - ok
12:18:32.0617 5076 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:18:32.0617 5076 IpFilterDriver - ok
12:18:32.0664 5076 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:18:32.0664 5076 iphlpsvc - ok
12:18:32.0664 5076 IpInIp - ok
12:18:32.0758 5076 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:18:32.0758 5076 IPMIDRV - ok
12:18:32.0789 5076 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:18:32.0789 5076 IPNAT - ok
12:18:32.0836 5076 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:18:32.0836 5076 IRENUM - ok
12:18:32.0851 5076 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:18:32.0851 5076 isapnp - ok
12:18:32.0898 5076 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:18:32.0898 5076 iScsiPrt - ok
12:18:32.0929 5076 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:18:32.0929 5076 iteatapi - ok
12:18:32.0945 5076 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:18:32.0945 5076 iteraid - ok
12:18:32.0976 5076 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:18:32.0976 5076 kbdclass - ok
12:18:33.0007 5076 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:18:33.0007 5076 kbdhid - ok
12:18:33.0054 5076 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:18:33.0054 5076 KeyIso - ok
12:18:33.0116 5076 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:18:33.0116 5076 KSecDD - ok
12:18:33.0194 5076 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:18:33.0210 5076 KtmRm - ok
12:18:33.0241 5076 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:18:33.0241 5076 LanmanServer - ok
12:18:33.0288 5076 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:18:33.0288 5076 LanmanWorkstation - ok
12:18:33.0319 5076 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
12:18:33.0319 5076 lirsgt - ok
12:18:33.0366 5076 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:18:33.0366 5076 lltdio - ok
12:18:33.0413 5076 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:18:33.0413 5076 lltdsvc - ok
12:18:33.0428 5076 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:18:33.0428 5076 lmhosts - ok
12:18:33.0460 5076 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:18:33.0460 5076 LSI_FC - ok
12:18:33.0491 5076 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:18:33.0491 5076 LSI_SAS - ok
12:18:33.0522 5076 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:18:33.0538 5076 LSI_SCSI - ok
12:18:33.0569 5076 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:18:33.0569 5076 luafv - ok
12:18:33.0662 5076 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
12:18:33.0662 5076 massfilter - ok
12:18:33.0694 5076 [ AF61A1C34E2D3F7543F9CCFC323170B8 ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
12:18:33.0694 5076 mcdbus - ok
12:18:33.0725 5076 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:18:33.0725 5076 Mcx2Svc - ok
12:18:33.0756 5076 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
12:18:33.0756 5076 megasas - ok
12:18:33.0834 5076 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:18:33.0834 5076 Microsoft Office Groove Audit Service - ok
12:18:33.0865 5076 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:18:33.0865 5076 MMCSS - ok
12:18:33.0896 5076 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:18:33.0896 5076 Modem - ok
12:18:33.0943 5076 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:18:33.0943 5076 monitor - ok
12:18:33.0974 5076 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:18:33.0974 5076 mouclass - ok
12:18:33.0990 5076 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:18:33.0990 5076 mouhid - ok
12:18:34.0037 5076 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:18:34.0037 5076 MountMgr - ok
12:18:34.0099 5076 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:18:34.0099 5076 MozillaMaintenance - ok
12:18:34.0130 5076 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:18:34.0130 5076 mpio - ok
12:18:34.0162 5076 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:18:34.0177 5076 mpsdrv - ok
12:18:34.0208 5076 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:18:34.0224 5076 MpsSvc - ok
12:18:34.0240 5076 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:18:34.0240 5076 Mraid35x - ok
12:18:34.0286 5076 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:18:34.0286 5076 MRxDAV - ok
12:18:34.0318 5076 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:34.0318 5076 mrxsmb - ok
12:18:34.0364 5076 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:34.0364 5076 mrxsmb10 - ok
12:18:34.0380 5076 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:34.0380 5076 mrxsmb20 - ok
12:18:34.0396 5076 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
12:18:34.0396 5076 msahci - ok
12:18:34.0427 5076 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:18:34.0427 5076 msdsm - ok
12:18:34.0458 5076 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:18:34.0458 5076 MSDTC - ok
12:18:34.0505 5076 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:18:34.0505 5076 Msfs - ok
12:18:34.0536 5076 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:18:34.0536 5076 msisadrv - ok
12:18:34.0598 5076 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:18:34.0598 5076 MSiSCSI - ok
12:18:34.0614 5076 msiserver - ok
12:18:34.0645 5076 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:18:34.0661 5076 MSKSSRV - ok
12:18:34.0739 5076 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:34.0739 5076 MSPCLOCK - ok
12:18:34.0754 5076 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:18:34.0754 5076 MSPQM - ok
12:18:34.0801 5076 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:18:34.0801 5076 MsRPC - ok
12:18:34.0848 5076 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:18:34.0848 5076 mssmbios - ok
12:18:34.0864 5076 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:18:34.0864 5076 MSTEE - ok
12:18:34.0895 5076 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:18:34.0910 5076 Mup - ok
12:18:34.0942 5076 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
12:18:34.0942 5076 N360 - ok
12:18:35.0004 5076 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:18:35.0035 5076 napagent - ok
12:18:35.0098 5076 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:18:35.0098 5076 NativeWifiP - ok
12:18:35.0176 5076 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130330.009\NAVENG.SYS
12:18:35.0191 5076 NAVENG - ok
12:18:35.0238 5076 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130330.009\NAVEX15.SYS
12:18:35.0285 5076 NAVEX15 - ok
12:18:35.0347 5076 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:18:35.0363 5076 NDIS - ok
12:18:35.0394 5076 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:18:35.0394 5076 NdisTapi - ok
12:18:35.0441 5076 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:18:35.0441 5076 Ndisuio - ok
12:18:35.0472 5076 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:18:35.0472 5076 NdisWan - ok
12:18:35.0503 5076 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:18:35.0519 5076 NDProxy - ok
12:18:35.0550 5076 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:18:35.0550 5076 NetBIOS - ok
12:18:35.0597 5076 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:18:35.0597 5076 netbt - ok
12:18:35.0659 5076 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:18:35.0675 5076 Netlogon - ok
12:18:35.0706 5076 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:18:35.0722 5076 Netman - ok
12:18:35.0768 5076 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:18:35.0784 5076 netprofm - ok
12:18:35.0800 5076 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:18:35.0800 5076 NetTcpPortSharing - ok
12:18:35.0831 5076 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:18:35.0831 5076 nfrd960 - ok
12:18:35.0878 5076 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:18:35.0878 5076 NlaSvc - ok
12:18:35.0924 5076 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:18:35.0924 5076 Npfs - ok
12:18:35.0971 5076 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:18:35.0971 5076 nsi - ok
12:18:36.0002 5076 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:18:36.0002 5076 nsiproxy - ok
12:18:36.0065 5076 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:18:36.0112 5076 Ntfs - ok
12:18:36.0143 5076 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:18:36.0143 5076 ntrigdigi - ok
12:18:36.0174 5076 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:18:36.0174 5076 Null - ok
12:18:36.0205 5076 [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
12:18:36.0205 5076 NVHDA - ok
12:18:36.0502 5076 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:18:36.0736 5076 nvlddmkm - ok
12:18:36.0767 5076 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:18:36.0767 5076 nvraid - ok
12:18:36.0798 5076 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:18:36.0798 5076 nvstor - ok
12:18:36.0860 5076 [ 70145ADE9EFE2CE296DD5FC761B4969B ] nvsvc C:\Windows\system32\nvvsvc.exe
12:18:36.0876 5076 nvsvc - ok
12:18:37.0032 5076 [ D3ACC38A963B71BD4D2DFDC1050219B9 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:18:37.0094 5076 nvUpdatusService - ok
12:18:37.0141 5076 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:18:37.0141 5076 nv_agp - ok
12:18:37.0141 5076 NwlnkFlt - ok
12:18:37.0141 5076 NwlnkFwd - ok
12:18:37.0219 5076 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:18:37.0235 5076 odserv - ok
12:18:37.0297 5076 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:18:37.0297 5076 ohci1394 - ok
12:18:37.0375 5076 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:18:37.0375 5076 ose - ok
12:18:37.0438 5076 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:18:37.0469 5076 p2pimsvc - ok
12:18:37.0500 5076 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:18:37.0500 5076 p2psvc - ok
12:18:37.0547 5076 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:18:37.0547 5076 Parport - ok
12:18:37.0578 5076 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:18:37.0594 5076 partmgr - ok
12:18:37.0625 5076 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:18:37.0625 5076 Parvdm - ok
12:18:37.0640 5076 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:18:37.0656 5076 PcaSvc - ok
12:18:37.0734 5076 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:18:37.0734 5076 pci - ok
12:18:37.0750 5076 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
12:18:37.0765 5076 pciide - ok
12:18:37.0781 5076 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:18:37.0781 5076 pcmcia - ok
12:18:37.0859 5076 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:18:37.0890 5076 PEAUTH - ok
12:18:37.0952 5076 [ 9F2F541C52CD7A452E235E885F7D95DE ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
12:18:38.0015 5076 Ph3xIB32 - ok
12:18:38.0077 5076 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:18:38.0124 5076 pla - ok
12:18:38.0171 5076 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:18:38.0186 5076 PlugPlay - ok
12:18:38.0218 5076 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
12:18:38.0218 5076 PnkBstrA - ok
12:18:38.0249 5076 [ D9D44F1A45EDE8029C40A8E88F8713E6 ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
12:18:38.0249 5076 PnkBstrB - ok
12:18:38.0296 5076 [ 916DD8085D9DF86A1F9D2A7F27C859FC ] PnkBstrK C:\Windows\system32\drivers\PnkBstrK.sys
12:18:38.0296 5076 PnkBstrK - ok
12:18:38.0342 5076 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:18:38.0342 5076 PNRPAutoReg - ok
12:18:38.0374 5076 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:18:38.0374 5076 PNRPsvc - ok
12:18:38.0420 5076 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:18:38.0436 5076 PolicyAgent - ok
12:18:38.0467 5076 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:18:38.0467 5076 PptpMiniport - ok
12:18:38.0498 5076 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
12:18:38.0498 5076 Processor - ok
12:18:38.0530 5076 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:18:38.0530 5076 ProfSvc - ok
12:18:38.0545 5076 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:18:38.0545 5076 ProtectedStorage - ok
12:18:38.0592 5076 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:18:38.0592 5076 PSched - ok
12:18:38.0592 5076 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:18:38.0608 5076 PxHelp20 - ok
12:18:38.0732 5076 [ BE56F88419AE7588B0756C0439366739 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:18:38.0748 5076 QBCFMonitorService - ok
12:18:38.0810 5076 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:18:38.0810 5076 QBFCService - ok
12:18:38.0904 5076 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:18:38.0951 5076 ql2300 - ok
12:18:38.0998 5076 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:18:38.0998 5076 ql40xx - ok
12:18:39.0029 5076 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:18:39.0029 5076 QWAVE - ok
12:18:39.0060 5076 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:18:39.0060 5076 QWAVEdrv - ok
12:18:39.0091 5076 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:18:39.0091 5076 RasAcd - ok
12:18:39.0122 5076 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:18:39.0122 5076 RasAuto - ok
12:18:39.0154 5076 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:18:39.0169 5076 Rasl2tp - ok
12:18:39.0200 5076 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:18:39.0216 5076 RasMan - ok
12:18:39.0247 5076 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:18:39.0247 5076 RasPppoe - ok
12:18:39.0278 5076 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:18:39.0294 5076 RasSstp - ok
12:18:39.0325 5076 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:18:39.0325 5076 rdbss - ok
12:18:39.0356 5076 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:18:39.0356 5076 RDPCDD - ok
12:18:39.0403 5076 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:18:39.0403 5076 rdpdr - ok
12:18:39.0403 5076 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:18:39.0419 5076 RDPENCDD - ok
12:18:39.0450 5076 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:18:39.0466 5076 RDPWD - ok
12:18:39.0512 5076 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:18:39.0512 5076 RemoteAccess - ok
12:18:39.0559 5076 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:18:39.0575 5076 RemoteRegistry - ok
12:18:39.0637 5076 [ 9638E5820858593A12005C753B03CEAE ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:18:39.0715 5076 RoxMediaDB9 - ok
12:18:39.0731 5076 [ 910FBA95EE4F56449AA81315884C8EFD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:18:39.0731 5076 RoxWatch9 - ok
12:18:39.0746 5076 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:18:39.0762 5076 RpcLocator - ok
12:18:39.0809 5076 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:18:39.0809 5076 RpcSs - ok
12:18:39.0840 5076 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:18:39.0840 5076 rspndr - ok
12:18:39.0871 5076 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
12:18:39.0871 5076 RTL8023xp - ok
12:18:39.0934 5076 [ D5D2E9F785FDA3C1E021FDE9F218C7F5 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
12:18:39.0949 5076 RTL8187B - ok
12:18:39.0980 5076 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
12:18:39.0980 5076 RtlProt - ok
12:18:39.0996 5076 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:18:39.0996 5076 SamSs - ok
12:18:40.0012 5076 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:18:40.0012 5076 sbp2port - ok
12:18:40.0058 5076 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:18:40.0058 5076 SCardSvr - ok
12:18:40.0121 5076 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:18:40.0136 5076 Schedule - ok
12:18:40.0152 5076 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:18:40.0152 5076 SCPolicySvc - ok
12:18:40.0199 5076 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:18:40.0199 5076 SDRSVC - ok
12:18:40.0214 5076 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:18:40.0230 5076 secdrv - ok
12:18:40.0261 5076 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:18:40.0261 5076 seclogon - ok
12:18:40.0308 5076 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:18:40.0308 5076 SENS - ok
12:18:40.0324 5076 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:18:40.0324 5076 Serenum - ok
12:18:40.0339 5076 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:18:40.0339 5076 Serial - ok
12:18:40.0386 5076 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:18:40.0386 5076 sermouse - ok
12:18:40.0433 5076 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:18:40.0448 5076 SessionEnv - ok
12:18:40.0464 5076 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:18:40.0464 5076 sffdisk - ok
12:18:40.0480 5076 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:18:40.0480 5076 sffp_mmc - ok
12:18:40.0511 5076 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:18:40.0511 5076 sffp_sd - ok
12:18:40.0526 5076 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:18:40.0526 5076 sfloppy - ok
12:18:40.0604 5076 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:18:40.0604 5076 SharedAccess - ok
12:18:40.0667 5076 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:18:40.0667 5076 ShellHWDetection - ok
12:18:40.0745 5076 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:18:40.0745 5076 SiSRaid2 - ok
12:18:40.0760 5076 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:18:40.0760 5076 SiSRaid4 - ok
12:18:40.0870 5076 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:18:40.0948 5076 slsvc - ok
12:18:40.0994 5076 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:18:40.0994 5076 SLUINotify - ok
12:18:41.0041 5076 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:18:41.0041 5076 Smb - ok
12:18:41.0072 5076 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:18:41.0072 5076 SNMPTRAP - ok
12:18:41.0119 5076 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:18:41.0119 5076 spldr - ok
12:18:41.0166 5076 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:18:41.0166 5076 Spooler - ok
12:18:41.0213 5076 [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd C:\Windows\system32\Drivers\sptd.sys
12:18:41.0213 5076 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A80CD850D69D996C832BEA37E3A6AA1E
12:18:41.0213 5076 sptd ( LockedFile.Multi.Generic ) - warning
12:18:41.0213 5076 sptd - detected LockedFile.Multi.Generic (1)
12:18:41.0275 5076 [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP C:\Windows\System32\Drivers\N360\1403000.024\SRTSP.SYS
12:18:41.0306 5076 SRTSP - ok
12:18:41.0322 5076 [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX C:\Windows\system32\drivers\N360\1403000.024\SRTSPX.SYS
12:18:41.0322 5076 SRTSPX - ok
12:18:41.0369 5076 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:18:41.0384 5076 srv - ok
12:18:41.0384 5076 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:18:41.0416 5076 srv2 - ok
12:18:41.0509 5076 [ BF10BC1CCE119F4112520336EE83942B ] SrvCDEject C:\Program Files\Packard Bell\SrvCDEject.exe
12:18:41.0587 5076 SrvCDEject - ok
12:18:41.0618 5076 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:18:41.0618 5076 srvnet - ok
12:18:41.0665 5076 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:18:41.0665 5076 SSDPSRV - ok
12:18:41.0712 5076 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:18:41.0712 5076 SstpSvc - ok
12:18:41.0774 5076 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
12:18:41.0774 5076 StarOpen - ok
12:18:41.0852 5076 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:18:41.0852 5076 Stereo Service - ok
12:18:41.0915 5076 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:18:41.0930 5076 stisvc - ok
12:18:42.0055 5076 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:18:42.0055 5076 stllssvr - ok
12:18:42.0086 5076 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:18:42.0086 5076 swenum - ok
12:18:42.0149 5076 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:18:42.0211 5076 swprv - ok
12:18:42.0242 5076 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:18:42.0242 5076 Symc8xx - ok
12:18:42.0289 5076 [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS C:\Windows\system32\drivers\N360\1403000.024\SYMDS.SYS
12:18:42.0305 5076 SymDS - ok
12:18:42.0352 5076 [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA C:\Windows\system32\drivers\N360\1403000.024\SYMEFA.SYS
12:18:42.0367 5076 SymEFA - ok
12:18:42.0398 5076 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:18:42.0398 5076 SymEvent - ok
12:18:42.0445 5076 [ 3DAAD401453F5A46CAE076F9D9D1458E ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
12:18:42.0445 5076 SymIM - ok
12:18:42.0476 5076 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1403000.024\Ironx86.SYS
12:18:42.0476 5076 SymIRON - ok
12:18:42.0492 5076 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\System32\Drivers\N360\1403000.024\SYMTDIV.SYS
12:18:42.0492 5076 SYMTDIv - ok
12:18:42.0523 5076 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:18:42.0523 5076 Sym_hi - ok
12:18:42.0539 5076 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:18:42.0539 5076 Sym_u3 - ok
12:18:42.0617 5076 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:18:42.0632 5076 SysMain - ok
12:18:42.0648 5076 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:18:42.0664 5076 TabletInputService - ok
12:18:42.0742 5076 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:18:42.0757 5076 TapiSrv - ok
12:18:42.0804 5076 [ 04E1C782CF14B7282EBC633B0FD3ED16 ] TBPanel C:\Windows\system32\drivers\TBPanel.sys
12:18:42.0804 5076 TBPanel - ok
12:18:42.0882 5076 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:18:42.0882 5076 TBS - ok
12:18:42.0944 5076 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:18:42.0976 5076 Tcpip - ok
12:18:43.0022 5076 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:18:43.0022 5076 Tcpip6 - ok
12:18:43.0085 5076 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:18:43.0085 5076 tcpipreg - ok
12:18:43.0116 5076 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:18:43.0116 5076 TDPIPE - ok
12:18:43.0147 5076 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:18:43.0147 5076 TDTCP - ok
12:18:43.0178 5076 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:18:43.0178 5076 tdx - ok
12:18:43.0241 5076 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:18:43.0241 5076 TermDD - ok
12:18:43.0288 5076 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:18:43.0303 5076 TermService - ok
12:18:43.0319 5076 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:18:43.0319 5076 Themes - ok
12:18:43.0334 5076 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:18:43.0334 5076 THREADORDER - ok
12:18:43.0366 5076 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:18:43.0381 5076 TrkWks - ok
12:18:43.0428 5076 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:18:43.0428 5076 TrustedInstaller - ok
12:18:43.0475 5076 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:43.0475 5076 tssecsrv - ok
12:18:43.0506 5076 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:18:43.0506 5076 tunmp - ok
12:18:43.0553 5076 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:18:43.0553 5076 tunnel - ok
12:18:43.0584 5076 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:18:43.0584 5076 uagp35 - ok
12:18:43.0631 5076 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:18:43.0631 5076 udfs - ok
12:18:43.0678 5076 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:18:43.0678 5076 UI0Detect - ok
12:18:43.0771 5076 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:18:43.0771 5076 uliagpkx - ok
12:18:43.0787 5076 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:18:43.0787 5076 uliahci - ok
12:18:43.0818 5076 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:18:43.0818 5076 UlSata - ok
12:18:43.0834 5076 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:18:43.0834 5076 ulsata2 - ok
12:18:43.0865 5076 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:18:43.0865 5076 umbus - ok
12:18:43.0896 5076 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:18:43.0912 5076 upnphost - ok
12:18:43.0943 5076 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:43.0958 5076 usbccgp - ok
12:18:43.0990 5076 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:18:43.0990 5076 usbcir - ok
12:18:44.0052 5076 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:18:44.0052 5076 usbehci - ok
12:18:44.0099 5076 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:18:44.0099 5076 usbhub - ok
12:18:44.0146 5076 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:18:44.0146 5076 usbohci - ok
12:18:44.0161 5076 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:18:44.0177 5076 usbprint - ok
12:18:44.0208 5076 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:18:44.0208 5076 usbscan - ok
12:18:44.0255 5076 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:44.0255 5076 USBSTOR - ok
12:18:44.0286 5076 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:18:44.0302 5076 usbuhci - ok
12:18:44.0348 5076 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:18:44.0348 5076 usb_rndisx - ok
12:18:44.0380 5076 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:18:44.0380 5076 UxSms - ok
12:18:44.0426 5076 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:18:44.0442 5076 vds - ok
12:18:44.0489 5076 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:44.0489 5076 vga - ok
12:18:44.0520 5076 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:18:44.0520 5076 VgaSave - ok
12:18:44.0536 5076 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:18:44.0536 5076 viaagp - ok
12:18:44.0567 5076 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:18:44.0567 5076 ViaC7 - ok
12:18:44.0629 5076 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:18:44.0629 5076 viaide - ok
12:18:44.0676 5076 [ 144C61A38DFD5CBDF6D7DC828EA46FCD ] vodafone_K380x-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys
12:18:44.0676 5076 vodafone_K380x-z_dc_enum - ok
12:18:44.0723 5076 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:18:44.0723 5076 volmgr - ok
12:18:44.0770 5076 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:18:44.0785 5076 volmgrx - ok
12:18:44.0848 5076 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:18:44.0848 5076 volsnap - ok
12:18:44.0894 5076 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:18:44.0894 5076 vsmraid - ok
12:18:44.0957 5076 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:18:44.0988 5076 VSS - ok
12:18:45.0050 5076 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:18:45.0050 5076 W32Time - ok
12:18:45.0082 5076 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:18:45.0082 5076 WacomPen - ok
12:18:45.0113 5076 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:18:45.0113 5076 Wanarp - ok
12:18:45.0113 5076 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:18:45.0113 5076 Wanarpv6 - ok
12:18:45.0175 5076 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:18:45.0191 5076 wcncsvc - ok
12:18:45.0206 5076 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:18:45.0222 5076 WcsPlugInService - ok
12:18:45.0253 5076 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
12:18:45.0253 5076 Wd - ok
12:18:45.0284 5076 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:18:45.0316 5076 Wdf01000 - ok
12:18:45.0362 5076 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:18:45.0362 5076 WdiServiceHost - ok
12:18:45.0378 5076 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:18:45.0378 5076 WdiSystemHost - ok
12:18:45.0425 5076 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:18:45.0425 5076 WebClient - ok
12:18:45.0472 5076 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:18:45.0503 5076 Wecsvc - ok
12:18:45.0534 5076 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:18:45.0534 5076 wercplsupport - ok
12:18:45.0596 5076 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:18:45.0596 5076 WerSvc - ok
12:18:45.0643 5076 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:18:45.0659 5076 WinDefend - ok
12:18:45.0659 5076 WinHttpAutoProxySvc - ok
12:18:45.0721 5076 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:18:45.0721 5076 Winmgmt - ok
12:18:45.0784 5076 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:18:45.0877 5076 WinRM - ok
12:18:45.0940 5076 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:18:45.0955 5076 Wlansvc - ok
12:18:45.0986 5076 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:18:46.0002 5076 WmiAcpi - ok
12:18:46.0064 5076 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:18:46.0064 5076 wmiApSrv - ok
12:18:46.0127 5076 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:18:46.0142 5076 WMPNetworkSvc - ok
12:18:46.0189 5076 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:18:46.0189 5076 WPCSvc - ok
12:18:46.0236 5076 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:18:46.0252 5076 WPDBusEnum - ok
12:18:46.0283 5076 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:18:46.0283 5076 ws2ifsl - ok
12:18:46.0314 5076 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
12:18:46.0330 5076 wscsvc - ok
12:18:46.0330 5076 WSearch - ok
12:18:46.0423 5076 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:18:46.0486 5076 wuauserv - ok
12:18:46.0532 5076 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:46.0548 5076 WUDFRd - ok
12:18:46.0579 5076 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:18:46.0579 5076 wudfsvc - ok
12:18:46.0657 5076 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
12:18:46.0657 5076 Yontoo Desktop Updater - ok
12:18:46.0704 5076 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:18:46.0704 5076 ZTEusbmdm6k - ok
12:18:46.0735 5076 [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
12:18:46.0735 5076 ZTEusbnet - ok
12:18:46.0798 5076 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:18:46.0798 5076 ZTEusbnmea - ok
12:18:46.0844 5076 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:18:46.0844 5076 ZTEusbser6k - ok
12:18:46.0876 5076 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
12:18:46.0891 5076 ZTEusbvoice - ok
12:18:46.0922 5076 ================ Scan global ===============================
12:18:46.0969 5076 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:18:47.0016 5076 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:18:47.0047 5076 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:18:47.0094 5076 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:18:47.0110 5076 [Global] - ok
12:18:47.0110 5076 ================ Scan MBR ==================================
12:18:47.0125 5076 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:18:47.0531 5076 \Device\Harddisk0\DR0 - ok
12:18:47.0562 5076 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
12:18:47.0562 5076 \Device\Harddisk1\DR1 - ok
12:18:47.0562 5076 ================ Scan VBR ==================================
12:18:47.0562 5076 [ C393A99FF47B742F69541788E31131B1 ] \Device\Harddisk0\DR0\Partition1
12:18:47.0562 5076 \Device\Harddisk0\DR0\Partition1 - ok
12:18:47.0578 5076 [ AD22EB355DF71AA5B5F00490EA2B3D72 ] \Device\Harddisk1\DR1\Partition1
12:18:47.0578 5076 \Device\Harddisk1\DR1\Partition1 - ok
12:18:47.0578 5076 ============================================================
12:18:47.0578 5076 Scan finished
12:18:47.0578 5076 ============================================================
12:18:47.0578 5224 Detected object count: 1
12:18:47.0578 5224 Actual detected object count: 1
12:21:06.0329 5224 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:21:06.0329 5224 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:42.0339 6504 ============================================================
12:21:42.0339 6504 Scan started
12:21:42.0339 6504 Mode: Manual;
12:21:42.0339 6504 ============================================================
12:21:42.0947 6504 ================ Scan system memory ========================
12:21:42.0947 6504 System memory - ok
12:21:42.0947 6504 ================ Scan services =============================
12:21:43.0087 6504 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:21:43.0087 6504 ACPI - ok
12:21:43.0150 6504 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:21:43.0150 6504 AdobeARMservice - ok
12:21:43.0197 6504 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:21:43.0197 6504 adp94xx - ok
12:21:43.0228 6504 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:21:43.0228 6504 adpahci - ok
12:21:43.0243 6504 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:21:43.0243 6504 adpu160m - ok
12:21:43.0275 6504 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:21:43.0275 6504 adpu320 - ok
12:21:43.0306 6504 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:21:43.0306 6504 AeLookupSvc - ok
12:21:43.0353 6504 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:21:43.0353 6504 AFD - ok
12:21:43.0399 6504 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:21:43.0399 6504 aic78xx - ok
12:21:43.0431 6504 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:21:43.0431 6504 ALG - ok
12:21:43.0462 6504 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
12:21:43.0462 6504 aliide - ok
12:21:43.0477 6504 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:21:43.0477 6504 amdagp - ok
12:21:43.0493 6504 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
12:21:43.0493 6504 amdide - ok
12:21:43.0524 6504 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:21:43.0524 6504 AmdK7 - ok
12:21:43.0555 6504 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:21:43.0555 6504 AmdK8 - ok
12:21:43.0571 6504 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:21:43.0571 6504 Appinfo - ok
12:21:43.0602 6504 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
12:21:43.0602 6504 arc - ok
12:21:43.0633 6504 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:21:43.0633 6504 arcsas - ok
12:21:43.0665 6504 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:21:43.0665 6504 AsyncMac - ok
12:21:43.0696 6504 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:21:43.0711 6504 atapi - ok
12:21:43.0727 6504 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
12:21:43.0727 6504 atksgt - ok
12:21:43.0774 6504 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:21:43.0774 6504 AudioEndpointBuilder - ok
12:21:43.0789 6504 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:21:43.0789 6504 Audiosrv - ok
12:21:43.0883 6504 [ 553E94AE71D233C14A8C8B4AF9286ED0 ] BecHelperService C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
12:21:43.0899 6504 BecHelperService - ok
12:21:43.0930 6504 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:21:43.0930 6504 Beep - ok
12:21:43.0992 6504 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:21:43.0992 6504 BFE - ok
12:21:44.0211 6504 [ 75A51EA67D28E41543B8B354A47DF430 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys
12:21:44.0226 6504 BHDrvx86 - ok
12:21:44.0273 6504 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
12:21:44.0289 6504 BITS - ok
12:21:44.0289 6504 blbdrive - ok
12:21:44.0335 6504 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:21:44.0335 6504 bowser - ok
12:21:44.0367 6504 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:21:44.0367 6504 BrFiltLo - ok
12:21:44.0382 6504 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:21:44.0398 6504 BrFiltUp - ok
12:21:44.0413 6504 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:21:44.0413 6504 Browser - ok
12:21:44.0554 6504 [ BB13432FA552AFCE8A66BCB5EE85F652 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
12:21:44.0569 6504 BrowserProtect - ok
12:21:44.0585 6504 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:21:44.0585 6504 Brserid - ok
12:21:44.0616 6504 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:21:44.0616 6504 BrSerWdm - ok
12:21:44.0632 6504 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:21:44.0632 6504 BrUsbMdm - ok
12:21:44.0663 6504 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:21:44.0663 6504 BrUsbSer - ok
12:21:44.0679 6504 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:21:44.0679 6504 BTHMODEM - ok
12:21:44.0757 6504 catchme - ok
12:21:44.0803 6504 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\Windows\system32\drivers\N360\1403000.024\ccSetx86.sys
12:21:44.0803 6504 ccSet_N360 - ok
12:21:44.0835 6504 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:21:44.0835 6504 cdfs - ok
12:21:44.0881 6504 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:21:44.0881 6504 cdrom - ok
12:21:44.0913 6504 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:21:44.0913 6504 CertPropSvc - ok
12:21:44.0944 6504 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:21:44.0944 6504 circlass - ok
12:21:44.0991 6504 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:21:44.0991 6504 CLFS - ok
12:21:45.0022 6504 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:21:45.0022 6504 clr_optimization_v2.0.50727_32 - ok
12:21:45.0037 6504 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:21:45.0037 6504 cmdide - ok
12:21:45.0053 6504 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:21:45.0053 6504 Compbatt - ok
12:21:45.0053 6504 COMSysApp - ok
12:21:45.0069 6504 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:21:45.0069 6504 crcdisk - ok
12:21:45.0084 6504 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:21:45.0084 6504 Crusoe - ok
12:21:45.0115 6504 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:21:45.0115 6504 CryptSvc - ok
12:21:45.0178 6504 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:21:45.0178 6504 DcomLaunch - ok
12:21:45.0225 6504 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:21:45.0225 6504 DfsC - ok
12:21:45.0303 6504 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:21:45.0318 6504 DFSR - ok
12:21:45.0365 6504 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:21:45.0365 6504 Dhcp - ok
12:21:45.0412 6504 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:21:45.0412 6504 disk - ok
12:21:45.0443 6504 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:21:45.0443 6504 Dnscache - ok
12:21:45.0490 6504 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:21:45.0490 6504 dot3svc - ok
12:21:45.0537 6504 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:21:45.0537 6504 DPS - ok
12:21:45.0568 6504 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:21:45.0568 6504 drmkaud - ok
12:21:45.0615 6504 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:21:45.0630 6504 DXGKrnl - ok
12:21:45.0646 6504 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:21:45.0661 6504 E1G60 - ok
12:21:45.0677 6504 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:21:45.0693 6504 EapHost - ok
12:21:45.0724 6504 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:21:45.0724 6504 Ecache - ok
12:21:45.0817 6504 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:21:45.0817 6504 eeCtrl - ok
12:21:45.0880 6504 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:21:45.0880 6504 ehRecvr - ok
12:21:45.0895 6504 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:21:45.0911 6504 ehSched - ok
12:21:45.0911 6504 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:21:45.0911 6504 ehstart - ok
12:21:45.0942 6504 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:21:45.0942 6504 elxstor - ok
12:21:45.0989 6504 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:21:45.0989 6504 EMDMgmt - ok
12:21:46.0036 6504 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:21:46.0036 6504 EraserUtilRebootDrv - ok
12:21:46.0083 6504 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:21:46.0098 6504 EventSystem - ok
12:21:46.0129 6504 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:21:46.0129 6504 exfat - ok
12:21:46.0176 6504 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:21:46.0176 6504 fastfat - ok
12:21:46.0192 6504 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:21:46.0192 6504 fdc - ok
12:21:46.0239 6504 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:21:46.0239 6504 fdPHost - ok
12:21:46.0254 6504 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:21:46.0254 6504 FDResPub - ok
12:21:46.0285 6504 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:21:46.0285 6504 FileInfo - ok
12:21:46.0332 6504 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:21:46.0332 6504 Filetrace - ok
12:21:46.0348 6504 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:21:46.0348 6504 flpydisk - ok
12:21:46.0395 6504 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:21:46.0395 6504 FltMgr - ok
12:21:46.0457 6504 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:21:46.0457 6504 FontCache - ok
12:21:46.0504 6504 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:21:46.0504 6504 FontCache3.0.0.0 - ok
12:21:46.0551 6504 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:21:46.0551 6504 Fs_Rec - ok
12:21:46.0613 6504 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:21:46.0613 6504 gagp30kx - ok
12:21:46.0629 6504 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:21:46.0629 6504 GEARAspiWDM - ok
12:21:46.0675 6504 [ 545C8F6E6C1B47E091AF7EA1FF83ACE8 ] GenericHidService C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
12:21:46.0675 6504 GenericHidService - ok
12:21:46.0722 6504 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:21:46.0722 6504 gpsvc - ok
12:21:46.0816 6504 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:21:46.0816 6504 gupdate - ok
12:21:46.0816 6504 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:21:46.0816 6504 gupdatem - ok
12:21:46.0847 6504 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:21:46.0847 6504 gusvc - ok
12:21:46.0925 6504 [ DE847265C24E69DF988BCB1399026FC7 ] HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
12:21:46.0925 6504 HauppaugeTVServer - ok
12:21:46.0987 6504 [ 61066EDF92BFF63E63B119E084BC578A ] HCW713x C:\Windows\system32\DRIVERS\HCW713x.sys
12:21:47.0003 6504 HCW713x - ok
12:21:47.0050 6504 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:21:47.0050 6504 HdAudAddService - ok
12:21:47.0081 6504 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:21:47.0097 6504 HDAudBus - ok
12:21:47.0112 6504 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:21:47.0112 6504 HidBth - ok
12:21:47.0143 6504 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:21:47.0143 6504 HidIr - ok
12:21:47.0190 6504 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:21:47.0190 6504 hidserv - ok
12:21:47.0237 6504 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:21:47.0237 6504 HidUsb - ok
12:21:47.0268 6504 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:21:47.0268 6504 hkmsvc - ok
12:21:47.0284 6504 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:21:47.0299 6504 HpCISSs - ok
12:21:47.0346 6504 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:21:47.0346 6504 HTTP - ok
12:21:47.0377 6504 [ 4154079A88089155D10168333B19627F ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:21:47.0377 6504 hwdatacard - ok
12:21:47.0393 6504 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:21:47.0409 6504 i2omp - ok
12:21:47.0440 6504 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:21:47.0440 6504 i8042prt - ok
12:21:47.0471 6504 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:21:47.0471 6504 iaStorV - ok
12:21:47.0549 6504 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:21:47.0549 6504 IDriverT - ok
12:21:47.0627 6504 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:21:47.0627 6504 idsvc - ok
12:21:47.0721 6504 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130329.001\IDSvix86.sys
12:21:47.0736 6504 IDSVix86 - ok
12:21:47.0752 6504 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:21:47.0752 6504 iirsp - ok
12:21:47.0799 6504 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:21:47.0799 6504 IKEEXT - ok
12:21:47.0861 6504 [ 4A705BF2A6F7972F2F2AD8A0D8079F95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:21:47.0877 6504 IntcAzAudAddService - ok
12:21:47.0908 6504 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
12:21:47.0908 6504 intelide - ok
12:21:47.0939 6504 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:21:47.0939 6504 intelppm - ok
12:21:47.0970 6504 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:21:47.0970 6504 IPBusEnum - ok
12:21:48.0001 6504 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:21:48.0001 6504 IpFilterDriver - ok
12:21:48.0048 6504 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:21:48.0048 6504 iphlpsvc - ok
12:21:48.0048 6504 IpInIp - ok
12:21:48.0079 6504 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:21:48.0079 6504 IPMIDRV - ok
12:21:48.0111 6504 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:21:48.0111 6504 IPNAT - ok
12:21:48.0142 6504 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:21:48.0142 6504 IRENUM - ok
12:21:48.0157 6504 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:21:48.0157 6504 isapnp - ok
12:21:48.0204 6504 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:21:48.0220 6504 iScsiPrt - ok
12:21:48.0235 6504 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:21:48.0235 6504 iteatapi - ok
12:21:48.0251 6504 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:21:48.0251 6504 iteraid - ok
12:21:48.0282 6504 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:21:48.0282 6504 kbdclass - ok
12:21:48.0313 6504 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:21:48.0313 6504 kbdhid - ok
12:21:48.0360 6504 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:21:48.0360 6504 KeyIso - ok
12:21:48.0407 6504 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:21:48.0438 6504 KSecDD - ok
12:21:48.0485 6504 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:21:48.0501 6504 KtmRm - ok
12:21:48.0532 6504 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:21:48.0532 6504 LanmanServer - ok
12:21:48.0563 6504 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:21:48.0563 6504 LanmanWorkstation - ok
12:21:48.0610 6504 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
12:21:48.0610 6504 lirsgt - ok
12:21:48.0657 6504 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:21:48.0657 6504 lltdio - ok
12:21:48.0688 6504 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:21:48.0703 6504 lltdsvc - ok
12:21:48.0719 6504 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:21:48.0719 6504 lmhosts - ok
12:21:48.0750 6504 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:21:48.0750 6504 LSI_FC - ok
12:21:48.0781 6504 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:21:48.0781 6504 LSI_SAS - ok
12:21:48.0797 6504 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:21:48.0797 6504 LSI_SCSI - ok
12:21:48.0828 6504 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:21:48.0828 6504 luafv - ok
12:21:48.0859 6504 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
12:21:48.0859 6504 massfilter - ok
12:21:48.0906 6504 [ AF61A1C34E2D3F7543F9CCFC323170B8 ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
12:21:48.0906 6504 mcdbus - ok
12:21:48.0937 6504 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:21:48.0937 6504 Mcx2Svc - ok
12:21:48.0984 6504 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
12:21:48.0984 6504 megasas - ok
12:21:49.0047 6504 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:21:49.0047 6504 Microsoft Office Groove Audit Service - ok
12:21:49.0078 6504 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:21:49.0078 6504 MMCSS - ok
12:21:49.0109 6504 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:21:49.0109 6504 Modem - ok
12:21:49.0140 6504 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:21:49.0156 6504 monitor - ok
12:21:49.0187 6504 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:21:49.0187 6504 mouclass - ok
12:21:49.0218 6504 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:21:49.0234 6504 mouhid - ok
12:21:49.0265 6504 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:21:49.0265 6504 MountMgr - ok
12:21:49.0312 6504 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:21:49.0312 6504 MozillaMaintenance - ok
12:21:49.0343 6504 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:21:49.0343 6504 mpio - ok
12:21:49.0374 6504 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:21:49.0374 6504 mpsdrv - ok
12:21:49.0421 6504 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:21:49.0437 6504 MpsSvc - ok
12:21:49.0468 6504 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:21:49.0468 6504 Mraid35x - ok
12:21:49.0499 6504 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:21:49.0499 6504 MRxDAV - ok
12:21:49.0530 6504 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:21:49.0546 6504 mrxsmb - ok
12:21:49.0577 6504 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:21:49.0577 6504 mrxsmb10 - ok
12:21:49.0608 6504 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:21:49.0608 6504 mrxsmb20 - ok
12:21:49.0624 6504 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
12:21:49.0624 6504 msahci - ok
12:21:49.0655 6504 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:21:49.0655 6504 msdsm - ok
12:21:49.0686 6504 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:21:49.0686 6504 MSDTC - ok
12:21:49.0717 6504 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:21:49.0733 6504 Msfs - ok
12:21:49.0764 6504 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:21:49.0764 6504 msisadrv - ok
12:21:49.0795 6504 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:21:49.0811 6504 MSiSCSI - ok
12:21:49.0811 6504 msiserver - ok
12:21:49.0842 6504 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:21:49.0842 6504 MSKSSRV - ok
12:21:49.0889 6504 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:21:49.0889 6504 MSPCLOCK - ok
12:21:49.0905 6504 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:21:49.0905 6504 MSPQM - ok
12:21:49.0951 6504 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:21:49.0951 6504 MsRPC - ok
12:21:49.0967 6504 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:21:49.0967 6504 mssmbios - ok
12:21:49.0983 6504 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:21:49.0983 6504 MSTEE - ok
12:21:50.0029 6504 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:21:50.0029 6504 Mup - ok
12:21:50.0076 6504 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
12:21:50.0076 6504 N360 - ok
12:21:50.0123 6504 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:21:50.0139 6504 napagent - ok
12:21:50.0185 6504 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:21:50.0185 6504 NativeWifiP - ok
12:21:50.0263 6504 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130330.009\NAVENG.SYS
12:21:50.0263 6504 NAVENG - ok
12:21:50.0326 6504 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130330.009\NAVEX15.SYS
12:21:50.0373 6504 NAVEX15 - ok
12:21:50.0404 6504 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:21:50.0419 6504 NDIS - ok
12:21:50.0451 6504 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:21:50.0466 6504 NdisTapi - ok
12:21:50.0497 6504 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:21:50.0513 6504 Ndisuio - ok
12:21:50.0544 6504 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:21:50.0544 6504 NdisWan - ok
12:21:50.0575 6504 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:21:50.0575 6504 NDProxy - ok
12:21:50.0591 6504 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:21:50.0591 6504 NetBIOS - ok
12:21:50.0638 6504 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:21:50.0638 6504 netbt - ok
12:21:50.0669 6504 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:21:50.0669 6504 Netlogon - ok
12:21:50.0716 6504 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:21:50.0716 6504 Netman - ok
12:21:50.0763 6504 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:21:50.0778 6504 netprofm - ok
12:21:50.0809 6504 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:21:50.0825 6504 NetTcpPortSharing - ok
12:21:50.0872 6504 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:21:50.0887 6504 nfrd960 - ok
12:21:50.0919 6504 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:21:50.0950 6504 NlaSvc - ok
12:21:50.0997 6504 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:21:50.0997 6504 Npfs - ok
12:21:51.0043 6504 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:21:51.0043 6504 nsi - ok
12:21:51.0090 6504 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:21:51.0121 6504 nsiproxy - ok
12:21:51.0184 6504 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:21:51.0324 6504 Ntfs - ok
12:21:51.0355 6504 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:21:51.0371 6504 ntrigdigi - ok
12:21:51.0387 6504 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:21:51.0387 6504 Null - ok
12:21:51.0402 6504 [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
12:21:51.0402 6504 NVHDA - ok
12:21:51.0683 6504 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:21:51.0917 6504 nvlddmkm - ok
12:21:51.0948 6504 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:21:51.0948 6504 nvraid - ok
12:21:51.0979 6504 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:21:51.0979 6504 nvstor - ok
12:21:52.0042 6504 [ 70145ADE9EFE2CE296DD5FC761B4969B ] nvsvc C:\Windows\system32\nvvsvc.exe
12:21:52.0057 6504 nvsvc - ok
12:21:52.0198 6504 [ D3ACC38A963B71BD4D2DFDC1050219B9 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:21:52.0276 6504 nvUpdatusService - ok
12:21:52.0307 6504 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:21:52.0307 6504 nv_agp - ok
12:21:52.0307 6504 NwlnkFlt - ok
12:21:52.0323 6504 NwlnkFwd - ok
12:21:52.0385 6504 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:21:52.0401 6504 odserv - ok
12:21:52.0447 6504 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:21:52.0447 6504 ohci1394 - ok
12:21:52.0494 6504 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:21:52.0494 6504 ose - ok
12:21:52.0541 6504 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:21:52.0572 6504 p2pimsvc - ok
12:21:52.0588 6504 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:21:52.0603 6504 p2psvc - ok
12:21:52.0635 6504 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:21:52.0635 6504 Parport - ok
12:21:52.0681 6504 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:21:52.0681 6504 partmgr - ok
12:21:52.0713 6504 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:21:52.0713 6504 Parvdm - ok
12:21:52.0744 6504 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:21:52.0744 6504 PcaSvc - ok
12:21:52.0775 6504 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:21:52.0791 6504 pci - ok
12:21:52.0806 6504 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
12:21:52.0806 6504 pciide - ok
12:21:52.0837 6504 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:21:52.0837 6504 pcmcia - ok
12:21:52.0884 6504 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:21:52.0900 6504 PEAUTH - ok
12:21:52.0978 6504 [ 9F2F541C52CD7A452E235E885F7D95DE ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
12:21:53.0025 6504 Ph3xIB32 - ok
12:21:53.0087 6504 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:21:53.0134 6504 pla - ok
12:21:53.0181 6504 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:21:53.0196 6504 PlugPlay - ok
12:21:53.0212 6504 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
12:21:53.0212 6504 PnkBstrA - ok
12:21:53.0243 6504 [ D9D44F1A45EDE8029C40A8E88F8713E6 ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
12:21:53.0243 6504 PnkBstrB - ok
12:21:53.0290 6504 [ 916DD8085D9DF86A1F9D2A7F27C859FC ] PnkBstrK C:\Windows\system32\drivers\PnkBstrK.sys
12:21:53.0290 6504 PnkBstrK - ok
12:21:53.0337 6504 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:21:53.0337 6504 PNRPAutoReg - ok
12:21:53.0368 6504 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:21:53.0368 6504 PNRPsvc - ok
12:21:53.0415 6504 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:21:53.0430 6504 PolicyAgent - ok
12:21:53.0477 6504 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:21:53.0477 6504 PptpMiniport - ok
12:21:53.0508 6504 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
12:21:53.0508 6504 Processor - ok
12:21:53.0539 6504 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:21:53.0539 6504 ProfSvc - ok
12:21:53.0571 6504 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:21:53.0571 6504 ProtectedStorage - ok
12:21:53.0602 6504 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:21:53.0602 6504 PSched - ok
12:21:53.0602 6504 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:21:53.0617 6504 PxHelp20 - ok
12:21:53.0727 6504 [ BE56F88419AE7588B0756C0439366739 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:21:53.0727 6504 QBCFMonitorService - ok
12:21:53.0773 6504 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:21:53.0789 6504 QBFCService - ok
12:21:53.0820 6504 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:21:53.0851 6504 ql2300 - ok
12:21:53.0898 6504 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:21:53.0898 6504 ql40xx - ok
12:21:53.0929 6504 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:21:53.0945 6504 QWAVE - ok
12:21:53.0961 6504 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:21:53.0961 6504 QWAVEdrv - ok
12:21:53.0976 6504 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:21:53.0992 6504 RasAcd - ok
12:21:54.0023 6504 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:21:54.0023 6504 RasAuto - ok
12:21:54.0054 6504 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:21:54.0054 6504 Rasl2tp - ok
12:21:54.0101 6504 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:21:54.0101 6504 RasMan - ok
12:21:54.0132 6504 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:21:54.0148 6504 RasPppoe - ok
12:21:54.0179 6504 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:21:54.0179 6504 RasSstp - ok
12:21:54.0226 6504 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:21:54.0226 6504 rdbss - ok
12:21:54.0257 6504 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:21:54.0257 6504 RDPCDD - ok
12:21:54.0288 6504 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:21:54.0304 6504 rdpdr - ok
12:21:54.0304 6504 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:21:54.0304 6504 RDPENCDD - ok
12:21:54.0351 6504 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:21:54.0366 6504 RDPWD - ok
12:21:54.0382 6504 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:21:54.0397 6504 RemoteAccess - ok
12:21:54.0429 6504 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:21:54.0444 6504 RemoteRegistry - ok
12:21:54.0507 6504 [ 9638E5820858593A12005C753B03CEAE ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:21:54.0553 6504 RoxMediaDB9 - ok
12:21:54.0569 6504 [ 910FBA95EE4F56449AA81315884C8EFD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
12:21:54.0569 6504 RoxWatch9 - ok
12:21:54.0585 6504 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:21:54.0585 6504 RpcLocator - ok
12:21:54.0631 6504 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:21:54.0647 6504 RpcSs - ok
12:21:54.0678 6504 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:21:54.0678 6504 rspndr - ok
12:21:54.0725 6504 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
12:21:54.0725 6504 RTL8023xp - ok
12:21:54.0772 6504 [ D5D2E9F785FDA3C1E021FDE9F218C7F5 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
12:21:54.0787 6504 RTL8187B - ok
12:21:54.0803 6504 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
12:21:54.0803 6504 RtlProt - ok
12:21:54.0819 6504 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:21:54.0819 6504 SamSs - ok
12:21:54.0834 6504 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:21:54.0834 6504 sbp2port - ok
12:21:54.0881 6504 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:21:54.0881 6504 SCardSvr - ok
12:21:54.0943 6504 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:21:54.0959 6504 Schedule - ok
12:21:54.0959 6504 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:21:54.0959 6504 SCPolicySvc - ok
12:21:55.0006 6504 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:21:55.0006 6504 SDRSVC - ok
12:21:55.0021 6504 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:21:55.0021 6504 secdrv - ok
12:21:55.0053 6504 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:21:55.0068 6504 seclogon - ok
12:21:55.0099 6504 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:21:55.0115 6504 SENS - ok
12:21:55.0131 6504 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:21:55.0131 6504 Serenum - ok
12:21:55.0146 6504 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:21:55.0146 6504 Serial - ok
12:21:55.0177 6504 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:21:55.0193 6504 sermouse - ok
12:21:55.0240 6504 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:21:55.0240 6504 SessionEnv - ok
12:21:55.0255 6504 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:21:55.0271 6504 sffdisk - ok
12:21:55.0271 6504 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:21:55.0271 6504 sffp_mmc - ok
12:21:55.0287 6504 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:21:55.0302 6504 sffp_sd - ok
12:21:55.0318 6504 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:21:55.0318 6504 sfloppy - ok
12:21:55.0349 6504 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:21:55.0365 6504 SharedAccess - ok
12:21:55.0411 6504 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:21:55.0411 6504 ShellHWDetection - ok
12:21:55.0427 6504 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:21:55.0443 6504 SiSRaid2 - ok
12:21:55.0458 6504 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:21:55.0458 6504 SiSRaid4 - ok
12:21:55.0567 6504 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:21:55.0630 6504 slsvc - ok
12:21:55.0677 6504 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:21:55.0692 6504 SLUINotify - ok
12:21:55.0739 6504 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:21:55.0739 6504 Smb - ok
12:21:55.0755 6504 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:21:55.0770 6504 SNMPTRAP - ok
12:21:55.0801 6504 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:21:55.0801 6504 spldr - ok
12:21:55.0848 6504 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:21:55.0848 6504 Spooler - ok
12:21:55.0895 6504 [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd C:\Windows\system32\Drivers\sptd.sys
12:21:55.0895 6504 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A80CD850D69D996C832BEA37E3A6AA1E
12:21:55.0895 6504 sptd ( LockedFile.Multi.Generic ) - warning
12:21:55.0895 6504 sptd - detected LockedFile.Multi.Generic (1)
12:21:55.0957 6504 [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP C:\Windows\System32\Drivers\N360\1403000.024\SRTSP.SYS
12:21:55.0973 6504 SRTSP - ok
12:21:55.0989 6504 [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX C:\Windows\system32\drivers\N360\1403000.024\SRTSPX.SYS
12:21:55.0989 6504 SRTSPX - ok
12:21:56.0035 6504 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:21:56.0035 6504 srv - ok
12:21:56.0051 6504 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:21:56.0051 6504 srv2 - ok
12:21:56.0098 6504 [ BF10BC1CCE119F4112520336EE83942B ] SrvCDEject C:\Program Files\Packard Bell\SrvCDEject.exe
12:21:56.0113 6504 SrvCDEject - ok
12:21:56.0113 6504 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:21:56.0113 6504 srvnet - ok
12:21:56.0160 6504 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:21:56.0176 6504 SSDPSRV - ok
12:21:56.0207 6504 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:21:56.0207 6504 SstpSvc - ok
12:21:56.0254 6504 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
12:21:56.0254 6504 StarOpen - ok
12:21:56.0332 6504 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:21:56.0347 6504 Stereo Service - ok
12:21:56.0394 6504 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:21:56.0410 6504 stisvc - ok
12:21:56.0441 6504 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:21:56.0457 6504 stllssvr - ok
12:21:56.0472 6504 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:21:56.0472 6504 swenum - ok
12:21:56.0519 6504 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:21:56.0535 6504 swprv - ok
12:21:56.0566 6504 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:21:56.0581 6504 Symc8xx - ok
12:21:56.0628 6504 [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS C:\Windows\system32\drivers\N360\1403000.024\SYMDS.SYS
12:21:56.0644 6504 SymDS - ok
12:21:56.0675 6504 [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA C:\Windows\system32\drivers\N360\1403000.024\SYMEFA.SYS
12:21:56.0722 6504 SymEFA - ok
12:21:56.0753 6504 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:21:56.0753 6504 SymEvent - ok
12:21:56.0800 6504 [ 3DAAD401453F5A46CAE076F9D9D1458E ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
12:21:56.0800 6504 SymIM - ok
12:21:56.0815 6504 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1403000.024\Ironx86.SYS
12:21:56.0831 6504 SymIRON - ok
12:21:56.0847 6504 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\System32\Drivers\N360\1403000.024\SYMTDIV.SYS
12:21:56.0847 6504 SYMTDIv - ok
12:21:56.0878 6504 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:21:56.0878 6504 Sym_hi - ok
12:21:56.0893 6504 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:21:56.0893 6504 Sym_u3 - ok
12:21:56.0971 6504 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:21:57.0018 6504 SysMain - ok
12:21:57.0049 6504 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:21:57.0049 6504 TabletInputService - ok
12:21:57.0096 6504 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:21:57.0112 6504 TapiSrv - ok
12:21:57.0159 6504 [ 04E1C782CF14B7282EBC633B0FD3ED16 ] TBPanel C:\Windows\system32\drivers\TBPanel.sys
12:21:57.0159 6504 TBPanel - ok
12:21:57.0190 6504 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:21:57.0190 6504 TBS - ok
12:21:57.0252 6504 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:21:57.0268 6504 Tcpip - ok
12:21:57.0315 6504 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:21:57.0315 6504 Tcpip6 - ok
12:21:57.0361 6504 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:21:57.0361 6504 tcpipreg - ok
12:21:57.0393 6504 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:21:57.0393 6504 TDPIPE - ok
12:21:57.0424 6504 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:21:57.0424 6504 TDTCP - ok
12:21:57.0455 6504 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:21:57.0471 6504 tdx - ok
12:21:57.0502 6504 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:21:57.0502 6504 TermDD - ok
12:21:57.0549 6504 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:21:57.0564 6504 TermService - ok
12:21:57.0580 6504 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:21:57.0595 6504 Themes - ok
12:21:57.0595 6504 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:21:57.0595 6504 THREADORDER - ok
12:21:57.0642 6504 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:21:57.0642 6504 TrkWks - ok
12:21:57.0689 6504 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:21:57.0689 6504 TrustedInstaller - ok
12:21:57.0736 6504 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:21:57.0751 6504 tssecsrv - ok
12:21:57.0767 6504 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:21:57.0767 6504 tunmp - ok
12:21:57.0814 6504 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:21:57.0814 6504 tunnel - ok
12:21:57.0845 6504 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:21:57.0845 6504 uagp35 - ok
12:21:57.0892 6504 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:21:57.0892 6504 udfs - ok
12:21:57.0939 6504 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:21:57.0939 6504 UI0Detect - ok
12:21:57.0970 6504 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:21:57.0970 6504 uliagpkx - ok
12:21:57.0985 6504 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:21:58.0001 6504 uliahci - ok
12:21:58.0017 6504 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:21:58.0017 6504 UlSata - ok
12:21:58.0032 6504 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:21:58.0032 6504 ulsata2 - ok
12:21:58.0063 6504 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:21:58.0063 6504 umbus - ok
12:21:58.0110 6504 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:21:58.0110 6504 upnphost - ok
12:21:58.0157 6504 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:21:58.0157 6504 usbccgp - ok
12:21:58.0173 6504 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:21:58.0173 6504 usbcir - ok
12:21:58.0204 6504 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:21:58.0219 6504 usbehci - ok
12:21:58.0266 6504 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:21:58.0266 6504 usbhub - ok
12:21:58.0297 6504 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:21:58.0297 6504 usbohci - ok
12:21:58.0313 6504 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:21:58.0313 6504 usbprint - ok
12:21:58.0360 6504 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:21:58.0360 6504 usbscan - ok
12:21:58.0375 6504 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:21:58.0375 6504 USBSTOR - ok
12:21:58.0407 6504 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:21:58.0407 6504 usbuhci - ok
12:21:58.0453 6504 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:21:58.0453 6504 usb_rndisx - ok
12:21:58.0485 6504 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:21:58.0485 6504 UxSms - ok
12:21:58.0531 6504 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:21:58.0563 6504 vds - ok
12:21:58.0594 6504 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:21:58.0594 6504 vga - ok
12:21:58.0625 6504 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:21:58.0625 6504 VgaSave - ok
12:21:58.0641 6504 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:21:58.0641 6504 viaagp - ok
12:21:58.0672 6504 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:21:58.0672 6504 ViaC7 - ok
12:21:58.0703 6504 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:21:58.0703 6504 viaide - ok
12:21:58.0750 6504 [ 144C61A38DFD5CBDF6D7DC828EA46FCD ] vodafone_K380x-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys
12:21:58.0765 6504 vodafone_K380x-z_dc_enum - ok
12:21:58.0781 6504 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:21:58.0781 6504 volmgr - ok
12:21:58.0828 6504 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:21:58.0828 6504 volmgrx - ok
12:21:58.0859 6504 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:21:58.0875 6504 volsnap - ok
12:21:58.0906 6504 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:21:58.0906 6504 vsmraid - ok
12:21:58.0968 6504 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:21:58.0984 6504 VSS - ok
12:21:59.0031 6504 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:21:59.0031 6504 W32Time - ok
12:21:59.0062 6504 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:21:59.0062 6504 WacomPen - ok
12:21:59.0093 6504 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:21:59.0093 6504 Wanarp - ok
12:21:59.0093 6504 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:21:59.0093 6504 Wanarpv6 - ok
12:21:59.0140 6504 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:21:59.0155 6504 wcncsvc - ok
12:21:59.0187 6504 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:21:59.0187 6504 WcsPlugInService - ok
12:21:59.0218 6504 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
12:21:59.0218 6504 Wd - ok
12:21:59.0265 6504 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:21:59.0280 6504 Wdf01000 - ok
12:21:59.0311 6504 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:21:59.0311 6504 WdiServiceHost - ok
12:21:59.0311 6504 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:21:59.0327 6504 WdiSystemHost - ok
12:21:59.0358 6504 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:21:59.0374 6504 WebClient - ok
12:21:59.0405 6504 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:21:59.0421 6504 Wecsvc - ok
12:21:59.0452 6504 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:21:59.0452 6504 wercplsupport - ok
12:21:59.0499 6504 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:21:59.0499 6504 WerSvc - ok
12:21:59.0545 6504 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:21:59.0561 6504 WinDefend - ok
12:21:59.0561 6504 WinHttpAutoProxySvc - ok
12:21:59.0639 6504 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:21:59.0639 6504 Winmgmt - ok
12:21:59.0701 6504 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:21:59.0748 6504 WinRM - ok
12:21:59.0795 6504 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:21:59.0811 6504 Wlansvc - ok
12:21:59.0842 6504 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:21:59.0842 6504 WmiAcpi - ok
12:21:59.0889 6504 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:21:59.0889 6504 wmiApSrv - ok
12:21:59.0951 6504 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:21:59.0982 6504 WMPNetworkSvc - ok
12:22:00.0029 6504 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:22:00.0029 6504 WPCSvc - ok
12:22:00.0076 6504 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:22:00.0091 6504 WPDBusEnum - ok
12:22:00.0123 6504 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:22:00.0123 6504 ws2ifsl - ok
12:22:00.0154 6504 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
12:22:00.0169 6504 wscsvc - ok
12:22:00.0169 6504 WSearch - ok
12:22:00.0325 6504 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:22:00.0403 6504 wuauserv - ok
12:22:00.0435 6504 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:22:00.0450 6504 WUDFRd - ok
12:22:00.0481 6504 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:22:00.0481 6504 wudfsvc - ok
12:22:00.0559 6504 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
12:22:00.0559 6504 Yontoo Desktop Updater - ok
12:22:00.0606 6504 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:22:00.0606 6504 ZTEusbmdm6k - ok
12:22:00.0622 6504 [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
12:22:00.0637 6504 ZTEusbnet - ok
12:22:00.0669 6504 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:22:00.0669 6504 ZTEusbnmea - ok
12:22:00.0715 6504 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:22:00.0715 6504 ZTEusbser6k - ok
12:22:00.0762 6504 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
12:22:00.0762 6504 ZTEusbvoice - ok
12:22:00.0778 6504 ================ Scan global ===============================
12:22:00.0825 6504 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:22:00.0871 6504 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:22:00.0903 6504 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:22:00.0965 6504 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:22:00.0965 6504 [Global] - ok
12:22:00.0965 6504 ================ Scan MBR ==================================
12:22:01.0012 6504 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:22:01.0417 6504 \Device\Harddisk0\DR0 - ok
12:22:01.0417 6504 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
12:22:01.0433 6504 \Device\Harddisk1\DR1 - ok
12:22:01.0433 6504 ================ Scan VBR ==================================
12:22:01.0433 6504 [ C393A99FF47B742F69541788E31131B1 ] \Device\Harddisk0\DR0\Partition1
12:22:01.0433 6504 \Device\Harddisk0\DR0\Partition1 - ok
12:22:01.0433 6504 [ AD22EB355DF71AA5B5F00490EA2B3D72 ] \Device\Harddisk1\DR1\Partition1
12:22:01.0449 6504 \Device\Harddisk1\DR1\Partition1 - ok
12:22:01.0449 6504 ============================================================
12:22:01.0449 6504 Scan finished
12:22:01.0449 6504 ============================================================
12:22:01.0449 6888 Detected object count: 1
12:22:01.0449 6888 Actual detected object count: 1
12:22:25.0533 6888 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:22:25.0533 6888 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:23:51.0380 4464 Deinitialize success





Thanks
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Mar-2013, 08:55 AM #5
lease run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

then when it has rebooted
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
31-Mar-2013, 10:00 AM #6
Thanks. Have run the programs and below are the log files:-

1) AdwCleaner[R2].txt


# AdwCleaner v2.115 - Logfile created 03/31/2013 at 14:26:02
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : a - P-PC
# Boot Mode : Normal
# Running from : C:\Users\a\Desktop\security\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : BrowserProtect
Found : Yontoo Desktop Updater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\bprotector_extensions.sqlite
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\bprotector_prefs.js
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\searchplugins\delta.xml
File Found : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\searchplugins\safesearch.xml
Folder Found : C:\Program Files\Delta
Folder Found : C:\Program Files\NetNucleous
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\a\appData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\a\appData\LocalLow\boost_interprocess
Folder Found : C:\Users\a\appData\LocalLow\Delta
Folder Found : C:\Users\a\appData\Roaming\BabSolution
Folder Found : C:\Users\a\appData\Roaming\Babylon
Folder Found : C:\Users\a\appData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\a\appData\Roaming\Yontoo
Folder Found : C:\Users\a\appData\Roaming\yourfiledownloader

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5808c88e56abe45
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\NetNucleous
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\NetNucleous
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\5808c88e56abe45
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKU\S-1-5-21-2887509634-308989567-3342084679-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\prefs.js

Found : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119842&tt=190313_wo1&bab[...]
Found : user_pref("avg.install.userSPSettings", "Delta Search");
Found : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119842&tt=190313_wo1&babsrc=NT_s[...]
Found : user_pref("browser.search.selectedEngine", "Delta Search");
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.id", "36baafb4000000000000001c254fb278");
Found : user_pref("extensions.delta.instlDay", "15794");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Found : user_pref("extensions.delta.vrsnTs", "1.8.10.016:52:25");
Found : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Found : user_pref("extentions.y2layers.installId", "62281d57-6761-4500-a1db-9ac1121070c4");

*************************

AdwCleaner[R1].txt - [11330 octets] - [31/03/2013 12:20:10]
AdwCleaner[R2].txt - [11401 octets] - [31/03/2013 14:26:02]

########## EOF - C:\AdwCleaner[R2].txt - [11462 octets] ##########



2) AdwCleaner[S1].txt


# AdwCleaner v2.115 - Logfile created 03/31/2013 at 14:26:33
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : a - P-PC
# Boot Mode : Normal
# Running from : C:\Users\a\Desktop\security\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\NetNucleous
Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\bprotector_extensions.sqlite
File Deleted : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\bprotector_prefs.js
File Deleted : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\searchplugins\delta.xml
File Deleted : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\searchplugins\safesearch.xml
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\a\appData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\a\appData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\a\appData\LocalLow\Delta
Folder Deleted : C:\Users\a\appData\Roaming\BabSolution
Folder Deleted : C:\Users\a\appData\Roaming\Babylon
Folder Deleted : C:\Users\a\appData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\a\appData\Roaming\Yontoo
Folder Deleted : C:\Users\a\appData\Roaming\yourfiledownloader

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\5808c88e56abe45
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\NetNucleous
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\NetNucleous
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\5808c88e56abe45
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKU\S-1-5-21-2887509634-308989567-3342084679-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\prefs.js

C:\Users\a\appData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119842&tt=190313_wo1&bab[...]
Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119842&tt=190313_wo1&babsrc=NT_s[...]
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.id", "36baafb4000000000000001c254fb278");
Deleted : user_pref("extensions.delta.instlDay", "15794");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.016:52:25");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "62281d57-6761-4500-a1db-9ac1121070c4");

*************************

AdwCleaner[R1].txt - [11330 octets] - [31/03/2013 12:20:10]
AdwCleaner[R2].txt - [11532 octets] - [31/03/2013 14:26:02]
AdwCleaner[S1].txt - [11784 octets] - [31/03/2013 14:26:33]

########## EOF - C:\AdwCleaner[S1].txt - [11845 octets] ##########



3) JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by a on 31/03/2013 at 14:32:41.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\netnucleous
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\netnucleous



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Failed to delete: [Folder] "C:\Program Files\netnucleous"



~~~ FireFox

Emptied folder: C:\Users\a\AppData\Roaming\mozilla\firefox\profiles\7xl81y8m.default-1347468221851\minidumps [125 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/03/2013 at 14:37:14.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
31-Mar-2013, 10:07 AM #7
Hello. I just noticed that a piece of software is still installed (Gorilla Price.exe) despite the others being removed by the other software ran. Should I try removing this manually? Thanks
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Mar-2013, 10:18 AM #8
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
31-Mar-2013, 11:09 AM #9
Here is ComboFix.txt.

ComboFix 13-03-31.01 - a 31/03/2013 15:49:48.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1090 [GMT 1:00]
Running from: c:\users\a\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\NetNucleous
c:\program files\NetNucleous\GorillaPrice\GorillaPrice.exe
c:\program files\SmartInline\CoNTenthost.dll
c:\programdata\windows
c:\programdata\windows\dsdd.dat
c:\programdata\windows\nudr.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
.
.
2013-03-31 13:32 . 2013-03-31 13:32 -------- d-----w- c:\windows\ERUNT
2013-03-31 13:32 . 2013-03-31 13:32 -------- d-----w- C:\JRT
2013-03-31 13:26 . 2013-03-31 13:26 141 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-30 16:51 . 2013-03-30 16:53 -------- d-----w- c:\program files\OpenDownloaderManager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-31 12:24 . 2009-09-13 13:29 139936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-31 12:24 . 2009-09-13 13:34 281808 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-31 12:24 . 2009-09-13 13:29 281808 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-31 12:24 . 2009-09-13 13:29 266752 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-02-14 14:00 . 2012-04-07 10:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:00 . 2011-07-03 09:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-31 03:18 . 2013-02-27 12:53 350368 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symtdiv.sys
2013-01-31 03:18 . 2013-02-27 12:53 338592 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 12:53 934488 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 12:53 602712 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 12:53 32344 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 12:53 367704 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symds.sys
2013-03-09 14:22 . 2013-02-21 09:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2012-02-29 3670856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-9-11 575488]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-6-25 117344]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-6-25 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 16:37]
.
2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 16:37]
.
2009-09-04 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: microsoft.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-26 20:30; {a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}; c:\users\a\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{98068995-CA43-4c33-BE80-99E6694468A4} - c:\program files\NetNucleous\GorillaPrice\GorillaPriceBHO.dll
HKCU-Run-GorillaPrice - c:\program files\NetNucleous\GorillaPrice\GorillaPrice.exe
HKCU-Run-Yontoo Desktop - c:\users\a\AppData\Roaming\Yontoo\YontooDesktop.exe
HKLM-Run-GorillaPrice - c:\program files\NetNucleous\GorillaPrice\GorillaPrice.exe
AddRemove-Allway Sync 'n' Go_is1 - k:\allway sync 'n' go\unins000.exe
AddRemove-GorillaPrice - c:\program files\NetNucleous\GorillaPrice\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-31 16:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3360320AS rev.3.AAM -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2887509634-308989567-3342084679-1002\Software\SecuROM\License information*]
"datasecu"=hex:3e,56,4e,5b,e9,ee,c1,e0,fa,da,89,19,f5,37,1b,3e,72,dc,ad,32, 4c,
43,3c,d6,89,fa,60,25,75,d6,b9,c9,ed,b0,1a,85,30,96,11,38,21,58,4c,12,29,63, \
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-31 16:02:53
ComboFix-quarantined-files.txt 2013-03-31 15:02
ComboFix2.txt 2011-08-29 10:25
.
Pre-Run: 227,345,846,272 bytes free
Post-Run: 227,365,261,312 bytes free
.
- - End Of File - - 12B877A8B122D64F0CA881CBCB2F6442
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Mar-2013, 01:07 PM #10
I need to check a suspicious looking file that is loading in Firefox
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
02-Apr-2013, 02:03 PM #11
ComboFix.txt log file as requested:-

ComboFix 13-03-31.01 - a 02/04/2013 17:47:35.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1094 [GMT 1:00]
Running from: c:\users\a\Desktop\ComboFix.exe
Command switches used :: c:\users\a\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\a\AppData\Roaming\Mozilla\Firefox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
.
.
((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 16:58 . 2013-04-02 16:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-02 16:58 . 2013-04-02 16:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-02 16:58 . 2013-04-02 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 16:58 . 2013-04-02 16:58 -------- d-----w- c:\users\a\AppData\Local\temp
2013-03-31 13:32 . 2013-03-31 13:32 -------- d-----w- c:\windows\ERUNT
2013-03-31 13:32 . 2013-03-31 13:32 -------- d-----w- C:\JRT
2013-03-31 13:26 . 2013-03-31 13:26 141 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-30 16:51 . 2013-03-30 16:53 -------- d-----w- c:\program files\OpenDownloaderManager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 11:23 . 2009-09-13 13:29 139936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-02 11:23 . 2009-09-13 13:34 281808 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-02 11:23 . 2009-09-13 13:29 281808 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-02 11:22 . 2009-09-13 13:29 266752 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-02-14 14:00 . 2012-04-07 10:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:00 . 2011-07-03 09:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-31 03:18 . 2013-02-27 12:53 350368 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symtdiv.sys
2013-01-31 03:18 . 2013-02-27 12:53 338592 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 12:53 934488 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 12:53 602712 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 12:53 32344 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 12:53 367704 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symds.sys
2013-03-09 14:22 . 2013-02-21 09:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2012-02-29 3670856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-9-11 575488]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-6-25 117344]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-6-25 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 16:37]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 16:37]
.
2009-09-04 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: microsoft.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-26 20:30; {a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}; c:\users\a\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 17:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3360320AS rev.3.AAM -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2887509634-308989567-3342084679-1002\Software\SecuROM\License information*]
"datasecu"=hex:3e,56,4e,5b,e9,ee,c1,e0,fa,da,89,19,f5,37,1b,3e,72,dc,ad,32, 4c,
43,3c,d6,89,fa,60,25,75,d6,b9,c9,ed,b0,1a,85,30,96,11,38,21,58,4c,12,29,63, \
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-02 18:01:27
ComboFix-quarantined-files.txt 2013-04-02 17:01
ComboFix2.txt 2013-03-31 15:02
ComboFix3.txt 2011-08-29 10:25
.
Pre-Run: 227,073,523,712 bytes free
Post-Run: 227,037,159,424 bytes free
.
- - End Of File - - E6EAC75496778B64907C358FCFDDE1AA
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
02-Apr-2013, 02:04 PM #12
Zip file posted on thespykiller.co.uk as requested.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
02-Apr-2013, 02:46 PM #13
the suspicious file is a firefox addon for gorilla price so we will get rid of that as well now
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
clemnvto593's Avatar
clemnvto593 clemnvto593 is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Apr-2013, 07:41 AM #14
Here is ComboFix.txt as requested:-

ComboFix 13-03-31.01 - a 04/04/2013 11:35:06.5.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1010 [GMT 1:00]
Running from: c:\users\a\Desktop\ComboFix.exe
Command switches used :: c:\users\a\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\a\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi"
.
.
((((((((((((((((((((((((( Files Created from 2013-03-04 to 2013-04-04 )))))))))))))))))))))))))))))))
.
.
2013-04-04 10:47 . 2013-04-04 10:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-04 10:47 . 2013-04-04 10:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-04 10:47 . 2013-04-04 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-04 10:47 . 2013-04-04 10:47 -------- d-----w- c:\users\a\AppData\Local\temp
2013-03-31 13:32 . 2013-03-31 13:32 -------- d-----w- c:\windows\ERUNT
2013-03-31 13:32 . 2013-03-31 13:32 -------- d-----w- C:\JRT
2013-03-31 13:26 . 2013-03-31 13:26 141 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-30 16:51 . 2013-03-30 16:53 -------- d-----w- c:\program files\OpenDownloaderManager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-03 15:47 . 2009-09-13 13:29 139936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-03 15:47 . 2009-09-13 13:34 281808 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-03 15:47 . 2009-09-13 13:29 281808 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-03 15:45 . 2009-09-13 13:29 266752 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-02-14 14:00 . 2012-04-07 10:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-14 14:00 . 2011-07-03 09:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-31 03:18 . 2013-02-27 12:53 350368 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symtdiv.sys
2013-01-31 03:18 . 2013-02-27 12:53 338592 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 12:53 934488 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symefa.sys
2013-01-29 01:45 . 2013-02-27 12:53 602712 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtsp.sys
2013-01-29 01:45 . 2013-02-27 12:53 32344 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtspx.sys
2013-01-22 02:15 . 2013-02-27 12:53 367704 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symds.sys
2013-03-09 14:22 . 2013-02-21 09:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2012-02-29 3670856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-9-11 575488]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-6-25 117344]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-6-25 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 16:37]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-30 16:37]
.
2009-09-04 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: microsoft.com
TCP: DhcpNameServer = 192.168.42.129
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\7xl81y8m.default-1347468221851\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-26 20:30; {a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}; c:\users\a\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-04 11:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3360320AS rev.3.AAM -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2887509634-308989567-3342084679-1002\Software\SecuROM\License information*]
"datasecu"=hex:3e,56,4e,5b,e9,ee,c1,e0,fa,da,89,19,f5,37,1b,3e,72,dc,ad,32, 4c,
43,3c,d6,89,fa,60,25,75,d6,b9,c9,ed,b0,1a,85,30,96,11,38,21,58,4c,12,29,63, \
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-04 11:49:26
ComboFix-quarantined-files.txt 2013-04-04 10:49
ComboFix2.txt 2013-04-02 17:30
ComboFix3.txt 2013-03-31 15:02
ComboFix4.txt 2011-08-29 10:25
.
Pre-Run: 226,993,250,304 bytes free
Post-Run: 226,956,193,792 bytes free
.
- - End Of File - - 7B4F682CAD4F4D50832E7E39CB2304E9
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,749 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Apr-2013, 07:50 AM #15
are you still having any problems or have we managed to clear them all up for you
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑