1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

globalroot\systemroot\assembly\temp\U.....

Discussion in 'Virus & Other Malware Removal' started by cinderblock, May 9, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    The internet is working very well on infected computer, but after downloading ComboFix, and disabling Norton, I thought it best to turn it off.

    Stage 4 must be doing some heavy lifting :0 -- still there :(

    May have to depart in about a half hour. Gotta let the kiddie's take me to dinner :)
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Yep it late for me too, 23:30 local time. If CF is definitely frozen shut it down, then do the following:

    Download aswMBR from Here
    If it asks to update during the process please allow this to happen.

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below

      [​IMG]

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review


    You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Kevin
     
  3. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Then you best be getting off to bed, Kevin!

    I followed your suggestion regarding ComboFix. Sorry to have messed that process up....

    I'm sorry to say I'm not smart enough to figure out how to attach the MBR log :(

    Asw Log follows:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-13 18:54:01
    -----------------------------
    18:54:01.920 OS Version: Windows x64 6.1.7600
    18:54:01.920 Number of processors: 1 586 0x603
    18:54:01.920 ComputerName: BRANDON-HP UserName: brandon
    18:54:02.762 Initialize success
    18:54:20.220 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
    18:54:20.220 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 11
    18:54:20.235 Disk 0 MBR read successfully
    18:54:20.251 Disk 0 MBR scan
    18:54:20.251 Disk 0 unknown MBR code
    18:54:20.267 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    18:54:20.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220533 MB offset 409600
    18:54:20.313 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17638 MB offset 452061184
    18:54:20.329 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    18:54:20.376 Disk 0 scanning C:\Windows\system32\drivers
    18:54:31.561 Service scanning
    18:54:55.694 Modules scanning
    18:54:55.710 Disk 0 trace - called modules:
    18:54:55.788 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    18:54:56.303 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002598060]
    18:54:56.318 3 CLASSPNP.SYS[fffff88001b2d43f] -> nt!IofCallDriver -> [0xfffffa800254f8f0]
    18:54:56.318 5 amdxata.sys[fffff880010f37a8] -> nt!IofCallDriver -> \Device\00000061[0xfffffa80023fa130]
    18:54:56.334 Scan finished successfully
    18:55:39.530 Disk 0 MBR has been saved successfully to "C:\Users\brandon\Desktop\MBR.dat"
    18:55:39.530 The log file has been saved successfully to "C:\Users\brandon\Desktop\051312_aswMBR.txt"



    *possibly* the MBR log will follow...not sure if I can get it to
     

    Attached Files:

    • MBR.zip
      File size:
      531 bytes
      Views:
      1
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    That log and your MBR are clean, OK lets try a different scanner, this is purely diagnostic and will make no changes to your system....

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      activex
      netsvcs
      /md5start
      afd.sys
      i8042prt.sys
      ipsec.sys
      netbt.sys
      svchost.exe
      tcpip.sys
      /md5stop
      %windir%\$ntuninstallkb*. /30
      %windir%\system32\drivers\*.sys /lockedfiles
      %windir%\*.* /mp
      %windir%\*.* /rp
      %windir%\*.* /sl
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Its very late for me now, i`ll have to pick this thread up later, sleepy time me thinks...

    Let me see the two logs, also give me an update on current issues/concerns....

    Kevin
     
  5. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Oh, how I wanted to have a couple of logs for you to view first thing in the morning, ha!....(and certainly hope you got a well deserved good-night's rest) but, alas - I'm a weenie....

    When I clicked Link 1, and downloaded to desktop, Norton wasn't happy. I received a Warning Window - titled "Download Insight" that cited three different reason for me to not run the application. Here's the reasons:

    1) Very few users - Fewer than 5 users in the Norton community have used this file
    2) Very new - This file was released less than 1 week ago (not sure how accurate this opinion is, as the oldtimer site shows reviews for this version - 3.2.43.0 - dated Oct 2010)
    3) Unproven - There is not enough information about this file to recommend it.

    Sooooo, I tried Link 2. Norton liked it even less! Told me that a virus (Backdoor.Graybird?) was found?

    As I have very little confidence in my computer skills, I am running to you Kevin for your thoughts before I go ahead and hit "Run as Administrator"

    sorry to be dragging this out....



    About issues/concerns:

    One of the on-going concerns I have is the inability to set up a wireless connection with the HP Deskjet 3051k J611 series printer. Serial printing (with the USB cord attachment) IS allowed, but no matter the number of times I've tried it make it happen it continually hangs up.....even though when I print a "HP Network Configration page" everything looks good (Connected and Enabled) and all the other laptops CAN print wirelessly.

    I don't know if this is still happening, but did (regularly) before any of these clean-up efforts were undertaken: Sometimes when a link was typed into the address bar, and ENTER pressed - the page that was typed into the address bar would launch and appear, but then another miscalleneous random page would launch on top of the desired page. Most often the second page was an advertisement of some sort.

    I'm gonna stop....it's about as late here as when you last wrote, and I'm heading to bed.

    I can't thank you enough Kevin!!!!!!!!!!
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    OK, OTL is a very trustworthy application, if Norton alerts to it just accept the alert and let it run. Before you do that run the following first.

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on [​IMG] to run the application.
    • The "Ready to scan" window will open, Click on "Change parameters"


      [​IMG]

    • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.



      [​IMG]

    • Select "Start Scan"


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    When TDSSKiller finishes run OTL, so in your reply i`d like the following:

    • Log from TDSSKiller
    • OTL.txt
    • Extras.txt

    Kevin...
     
  7. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Abundant thanks for your patient leading Kevin!

    Kapersky didn't find Malicious or Suspicious objects/files - But detected a threat. I chose "Skip" and that log follows:


    10:03:20.0708 4492 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    10:03:21.0785 4492 ============================================================
    10:03:21.0785 4492 Current date / time: 2012/05/14 10:03:21.0785
    10:03:21.0785 4492 SystemInfo:
    10:03:21.0785 4492
    10:03:21.0785 4492 OS Version: 6.1.7600 ServicePack: 0.0
    10:03:21.0785 4492 Product type: Workstation
    10:03:21.0785 4492 ComputerName: BRANDON-HP
    10:03:21.0785 4492 UserName: brandon
    10:03:21.0785 4492 Windows directory: C:\Windows
    10:03:21.0785 4492 System windows directory: C:\Windows
    10:03:21.0785 4492 Running under WOW64
    10:03:21.0785 4492 Processor architecture: Intel x64
    10:03:21.0785 4492 Number of processors: 1
    10:03:21.0785 4492 Page size: 0x1000
    10:03:21.0785 4492 Boot type: Normal boot
    10:03:21.0785 4492 ============================================================
    10:03:23.0704 4492 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:03:23.0704 4492 ============================================================
    10:03:23.0704 4492 \Device\Harddisk0\DR0:
    10:03:23.0704 4492 MBR partitions:
    10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AEBA800
    10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1E800, BlocksNum 0x2273000
    10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
    10:03:23.0704 4492 ============================================================
    10:03:23.0750 4492 C: <-> \Device\Harddisk0\DR0\Partition1
    10:03:23.0797 4492 D: <-> \Device\Harddisk0\DR0\Partition2
    10:03:23.0797 4492 ============================================================
    10:03:23.0797 4492 Initialize success
    10:03:23.0797 4492 ============================================================
    10:04:01.0939 4720 ============================================================
    10:04:01.0939 4720 Scan started
    10:04:01.0939 4720 Mode: Manual; SigCheck; TDLFS;
    10:04:01.0939 4720 ============================================================
    10:04:03.0655 4720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    10:04:03.0843 4720 1394ohci - ok
    10:04:03.0921 4720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    10:04:03.0952 4720 ACPI - ok
    10:04:03.0999 4720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    10:04:04.0279 4720 AcpiPmi - ok
    10:04:04.0482 4720 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    10:04:04.0623 4720 AdobeFlashPlayerUpdateSvc - ok
    10:04:04.0732 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    10:04:04.0794 4720 adp94xx - ok
    10:04:04.0872 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    10:04:04.0903 4720 adpahci - ok
    10:04:04.0950 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    10:04:04.0981 4720 adpu320 - ok
    10:04:05.0013 4720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    10:04:05.0371 4720 AeLookupSvc - ok
    10:04:05.0481 4720 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    10:04:05.0496 4720 AERTFilters - ok
    10:04:05.0621 4720 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    10:04:05.0746 4720 AFD - ok
    10:04:05.0808 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    10:04:05.0839 4720 agp440 - ok
    10:04:05.0917 4720 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    10:04:06.0011 4720 ALG - ok
    10:04:06.0058 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    10:04:06.0089 4720 aliide - ok
    10:04:06.0136 4720 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe
    10:04:06.0245 4720 AMD External Events Utility - ok
    10:04:06.0307 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    10:04:06.0354 4720 amdide - ok
    10:04:06.0401 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    10:04:06.0463 4720 AmdK8 - ok
    10:04:06.0978 4720 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
    10:04:07.0228 4720 amdkmdag - ok
    10:04:07.0431 4720 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
    10:04:07.0509 4720 amdkmdap - ok
    10:04:07.0571 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    10:04:07.0618 4720 AmdPPM - ok
    10:04:07.0665 4720 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
    10:04:07.0711 4720 amdsata - ok
    10:04:07.0805 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    10:04:07.0852 4720 amdsbs - ok
    10:04:07.0883 4720 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
    10:04:07.0914 4720 amdxata - ok
    10:04:07.0977 4720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    10:04:08.0148 4720 AppID - ok
    10:04:08.0179 4720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    10:04:08.0273 4720 AppIDSvc - ok
    10:04:08.0335 4720 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    10:04:08.0476 4720 Appinfo - ok
    10:04:08.0569 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    10:04:08.0601 4720 arc - ok
    10:04:08.0632 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    10:04:08.0663 4720 arcsas - ok
    10:04:08.0725 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    10:04:08.0803 4720 AsyncMac - ok
    10:04:08.0866 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    10:04:08.0897 4720 atapi - ok
    10:04:09.0147 4720 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
    10:04:09.0427 4720 athr - ok
    10:04:09.0630 4720 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
    10:04:09.0677 4720 AtiPcie - ok
    10:04:09.0771 4720 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    10:04:09.0880 4720 AudioEndpointBuilder - ok
    10:04:09.0895 4720 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    10:04:09.0942 4720 AudioSrv - ok
    10:04:10.0005 4720 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    10:04:10.0176 4720 AxInstSV - ok
    10:04:10.0254 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    10:04:10.0395 4720 b06bdrv - ok
    10:04:10.0473 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    10:04:10.0535 4720 b57nd60a - ok
    10:04:10.0629 4720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    10:04:10.0847 4720 BDESVC - ok
    10:04:10.0909 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    10:04:11.0003 4720 Beep - ok
    10:04:11.0159 4720 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    10:04:11.0268 4720 BFE - ok
    10:04:11.0767 4720 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
    10:04:11.0923 4720 BHDrvx64 - ok
    10:04:12.0126 4720 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    10:04:12.0235 4720 BITS - ok
    10:04:12.0298 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    10:04:12.0376 4720 blbdrive - ok
    10:04:12.0407 4720 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    10:04:12.0610 4720 bowser - ok
    10:04:12.0641 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    10:04:12.0688 4720 BrFiltLo - ok
    10:04:12.0703 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    10:04:12.0735 4720 BrFiltUp - ok
    10:04:12.0797 4720 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    10:04:12.0859 4720 BridgeMP - ok
    10:04:12.0922 4720 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    10:04:12.0984 4720 Browser - ok
    10:04:13.0015 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    10:04:13.0093 4720 Brserid - ok
    10:04:13.0109 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    10:04:13.0156 4720 BrSerWdm - ok
    10:04:13.0187 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:04:13.0234 4720 BrUsbMdm - ok
    10:04:13.0265 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    10:04:13.0327 4720 BrUsbSer - ok
    10:04:13.0359 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    10:04:13.0405 4720 BTHMODEM - ok
    10:04:13.0483 4720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    10:04:13.0624 4720 bthserv - ok
    10:04:13.0671 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    10:04:13.0780 4720 cdfs - ok
    10:04:13.0842 4720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    10:04:13.0889 4720 cdrom - ok
    10:04:13.0951 4720 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    10:04:14.0029 4720 CertPropSvc - ok
    10:04:14.0154 4720 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    10:04:14.0185 4720 CinemaNow Service - ok
    10:04:14.0263 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    10:04:14.0310 4720 circlass - ok
    10:04:14.0373 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    10:04:14.0419 4720 CLFS - ok
    10:04:14.0513 4720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:04:14.0560 4720 clr_optimization_v2.0.50727_32 - ok
    10:04:14.0607 4720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    10:04:14.0653 4720 clr_optimization_v2.0.50727_64 - ok
    10:04:14.0731 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    10:04:14.0763 4720 CmBatt - ok
    10:04:14.0794 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    10:04:14.0809 4720 cmdide - ok
    10:04:14.0872 4720 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    10:04:14.0997 4720 CNG - ok
    10:04:15.0059 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    10:04:15.0090 4720 Compbatt - ok
    10:04:15.0137 4720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    10:04:15.0184 4720 CompositeBus - ok
    10:04:15.0215 4720 COMSysApp - ok
    10:04:15.0246 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    10:04:15.0277 4720 crcdisk - ok
    10:04:15.0324 4720 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    10:04:15.0387 4720 CryptSvc - ok
    10:04:15.0465 4720 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    10:04:15.0558 4720 DcomLaunch - ok
    10:04:15.0605 4720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    10:04:15.0730 4720 defragsvc - ok
    10:04:15.0792 4720 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    10:04:15.0855 4720 DfsC - ok
    10:04:15.0948 4720 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    10:04:16.0104 4720 Dhcp - ok
    10:04:16.0151 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    10:04:16.0229 4720 discache - ok
    10:04:16.0276 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    10:04:16.0338 4720 Disk - ok
    10:04:16.0416 4720 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    10:04:16.0510 4720 Dnscache - ok
    10:04:16.0557 4720 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    10:04:16.0681 4720 dot3svc - ok
    10:04:16.0728 4720 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    10:04:16.0791 4720 DPS - ok
    10:04:16.0837 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    10:04:16.0869 4720 drmkaud - ok
    10:04:16.0962 4720 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    10:04:17.0040 4720 DXGKrnl - ok
    10:04:17.0071 4720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    10:04:17.0165 4720 EapHost - ok
    10:04:17.0415 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    10:04:17.0649 4720 ebdrv - ok
    10:04:17.0836 4720 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    10:04:17.0914 4720 eeCtrl - ok
    10:04:18.0054 4720 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    10:04:18.0132 4720 EFS - ok
    10:04:18.0335 4720 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    10:04:18.0507 4720 ehRecvr - ok
    10:04:18.0585 4720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    10:04:18.0709 4720 ehSched - ok
    10:04:18.0803 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    10:04:18.0850 4720 elxstor - ok
    10:04:18.0975 4720 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    10:04:19.0053 4720 EraserUtilRebootDrv - ok
    10:04:19.0099 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    10:04:19.0131 4720 ErrDev - ok
    10:04:19.0209 4720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    10:04:19.0302 4720 EventSystem - ok
    10:04:19.0349 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    10:04:19.0427 4720 exfat - ok
    10:04:19.0474 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    10:04:19.0536 4720 fastfat - ok
    10:04:19.0645 4720 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    10:04:19.0817 4720 Fax - ok
    10:04:19.0848 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    10:04:19.0879 4720 fdc - ok
    10:04:19.0942 4720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    10:04:19.0989 4720 fdPHost - ok
    10:04:20.0020 4720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    10:04:20.0067 4720 FDResPub - ok
    10:04:20.0098 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    10:04:20.0113 4720 FileInfo - ok
    10:04:20.0145 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    10:04:20.0207 4720 Filetrace - ok
    10:04:20.0238 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    10:04:20.0269 4720 flpydisk - ok
    10:04:20.0316 4720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    10:04:20.0347 4720 FltMgr - ok
    10:04:20.0488 4720 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
    10:04:20.0613 4720 FontCache - ok
    10:04:20.0706 4720 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    10:04:20.0722 4720 FontCache3.0.0.0 - ok
    10:04:20.0784 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    10:04:20.0831 4720 FsDepends - ok
    10:04:20.0878 4720 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    10:04:20.0909 4720 Fs_Rec - ok
    10:04:20.0971 4720 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    10:04:21.0018 4720 fvevol - ok
    10:04:21.0049 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    10:04:21.0065 4720 gagp30kx - ok
    10:04:21.0205 4720 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    10:04:21.0283 4720 GamesAppService - ok
    10:04:21.0346 4720 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    10:04:21.0393 4720 GEARAspiWDM - ok
    10:04:21.0471 4720 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
    10:04:21.0517 4720 GIDv2 - ok
    10:04:21.0595 4720 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    10:04:21.0689 4720 gpsvc - ok
    10:04:21.0736 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    10:04:21.0845 4720 hcw85cir - ok
    10:04:21.0907 4720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    10:04:22.0001 4720 HdAudAddService - ok
    10:04:22.0048 4720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:04:22.0095 4720 HDAudBus - ok
    10:04:22.0126 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    10:04:22.0157 4720 HidBatt - ok
    10:04:22.0204 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    10:04:22.0235 4720 HidBth - ok
    10:04:22.0282 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    10:04:22.0313 4720 HidIr - ok
    10:04:22.0360 4720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    10:04:22.0438 4720 hidserv - ok
    10:04:22.0516 4720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    10:04:22.0578 4720 HidUsb - ok
    10:04:22.0641 4720 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    10:04:22.0719 4720 hkmsvc - ok
    10:04:22.0765 4720 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    10:04:22.0953 4720 HomeGroupListener - ok
    10:04:22.0999 4720 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    10:04:23.0046 4720 HomeGroupProvider - ok
    10:04:23.0171 4720 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    10:04:23.0202 4720 HP Support Assistant Service - ok
    10:04:23.0327 4720 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    10:04:23.0374 4720 HP Wireless Assistant Service - ok
    10:04:23.0421 4720 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    10:04:23.0421 4720 HPDrvMntSvc.exe - ok
    10:04:23.0530 4720 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    10:04:23.0561 4720 hpqwmiex - ok
    10:04:23.0655 4720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    10:04:23.0686 4720 HpSAMD - ok
    10:04:23.0764 4720 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    10:04:23.0795 4720 HPWMISVC - ok
    10:04:23.0873 4720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    10:04:23.0935 4720 HTTP - ok
    10:04:23.0951 4720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    10:04:23.0967 4720 hwpolicy - ok
    10:04:24.0029 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    10:04:24.0045 4720 i8042prt - ok
    10:04:24.0123 4720 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    10:04:24.0169 4720 iaStorV - ok
    10:04:24.0341 4720 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    10:04:24.0403 4720 idsvc - ok
    10:04:24.0715 4720 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSvia64.sys
    10:04:24.0747 4720 IDSVia64 - ok
    10:04:25.0308 4720 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    10:04:25.0573 4720 igfx - ok
    10:04:25.0729 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    10:04:25.0761 4720 iirsp - ok
    10:04:25.0854 4720 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    10:04:25.0948 4720 IKEEXT - ok
    10:04:26.0478 4720 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
    10:04:26.0603 4720 IntcAzAudAddService - ok
    10:04:26.0743 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    10:04:26.0775 4720 intelide - ok
    10:04:26.0837 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    10:04:26.0884 4720 intelppm - ok
    10:04:26.0946 4720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    10:04:27.0040 4720 IPBusEnum - ok
    10:04:27.0087 4720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:04:27.0165 4720 IpFilterDriver - ok
    10:04:27.0289 4720 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    10:04:27.0383 4720 iphlpsvc - ok
    10:04:27.0414 4720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    10:04:27.0461 4720 IPMIDRV - ok
    10:04:27.0508 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    10:04:27.0555 4720 IPNAT - ok
    10:04:27.0617 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    10:04:27.0633 4720 IRENUM - ok
    10:04:27.0664 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    10:04:27.0679 4720 isapnp - ok
    10:04:27.0726 4720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    10:04:27.0773 4720 iScsiPrt - ok
    10:04:27.0820 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    10:04:27.0851 4720 kbdclass - ok
    10:04:27.0898 4720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    10:04:27.0929 4720 kbdhid - ok
    10:04:27.0976 4720 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    10:04:27.0991 4720 KeyIso - ok
    10:04:28.0023 4720 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    10:04:28.0038 4720 KSecDD - ok
    10:04:28.0069 4720 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    10:04:28.0116 4720 KSecPkg - ok
    10:04:28.0179 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    10:04:28.0257 4720 ksthunk - ok
    10:04:28.0350 4720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    10:04:28.0459 4720 KtmRm - ok
    10:04:28.0584 4720 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    10:04:28.0693 4720 LanmanServer - ok
    10:04:28.0725 4720 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    10:04:28.0787 4720 LanmanWorkstation - ok
    10:04:28.0881 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    10:04:28.0959 4720 lltdio - ok
    10:04:29.0021 4720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    10:04:29.0115 4720 lltdsvc - ok
    10:04:29.0161 4720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    10:04:29.0193 4720 lmhosts - ok
    10:04:29.0255 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    10:04:29.0286 4720 LSI_FC - ok
    10:04:29.0317 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    10:04:29.0349 4720 LSI_SAS - ok
    10:04:29.0380 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    10:04:29.0395 4720 LSI_SAS2 - ok
    10:04:29.0427 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    10:04:29.0442 4720 LSI_SCSI - ok
    10:04:29.0473 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    10:04:29.0536 4720 luafv - ok
    10:04:29.0770 4720 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
    10:04:29.0848 4720 LVRS64 - ok
    10:04:29.0926 4720 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    10:04:30.0019 4720 Mcx2Svc - ok
    10:04:30.0082 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    10:04:30.0144 4720 megasas - ok
    10:04:30.0222 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    10:04:30.0253 4720 MegaSR - ok
    10:04:30.0300 4720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    10:04:30.0394 4720 MMCSS - ok
    10:04:30.0472 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    10:04:30.0597 4720 Modem - ok
    10:04:30.0643 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    10:04:30.0690 4720 monitor - ok
    10:04:30.0753 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    10:04:30.0768 4720 mouclass - ok
    10:04:30.0831 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    10:04:30.0846 4720 mouhid - ok
    10:04:30.0877 4720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    10:04:30.0909 4720 mountmgr - ok
    10:04:30.0924 4720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    10:04:30.0955 4720 mpio - ok
    10:04:30.0971 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    10:04:31.0018 4720 mpsdrv - ok
    10:04:31.0049 4720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    10:04:31.0096 4720 MRxDAV - ok
    10:04:31.0143 4720 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:04:31.0221 4720 mrxsmb - ok
    10:04:31.0470 4720 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:04:31.0533 4720 mrxsmb10 - ok
    10:04:31.0579 4720 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:04:31.0611 4720 mrxsmb20 - ok
    10:04:31.0642 4720 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
    10:04:31.0689 4720 msahci - ok
    10:04:31.0751 4720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    10:04:31.0767 4720 msdsm - ok
    10:04:31.0813 4720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    10:04:31.0845 4720 MSDTC - ok
    10:04:31.0907 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    10:04:31.0938 4720 Msfs - ok
    10:04:31.0985 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    10:04:32.0047 4720 mshidkmdf - ok
    10:04:32.0079 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    10:04:32.0094 4720 msisadrv - ok
    10:04:32.0125 4720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    10:04:32.0266 4720 MSiSCSI - ok
    10:04:32.0281 4720 msiserver - ok
    10:04:32.0344 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    10:04:32.0437 4720 MSKSSRV - ok
    10:04:32.0469 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    10:04:32.0515 4720 MSPCLOCK - ok
    10:04:32.0531 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    10:04:32.0593 4720 MSPQM - ok
    10:04:32.0640 4720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    10:04:32.0671 4720 MsRPC - ok
    10:04:32.0703 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    10:04:32.0718 4720 mssmbios - ok
    10:04:32.0749 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    10:04:32.0796 4720 MSTEE - ok
    10:04:32.0827 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    10:04:32.0874 4720 MTConfig - ok
    10:04:32.0905 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    10:04:32.0921 4720 Mup - ok
    10:04:33.0217 4720 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    10:04:33.0233 4720 N360 - ok
    10:04:33.0311 4720 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    10:04:33.0389 4720 napagent - ok
    10:04:33.0483 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    10:04:33.0592 4720 NativeWifiP - ok
    10:04:33.0841 4720 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\ENG64.SYS
    10:04:33.0873 4720 NAVENG - ok
    10:04:34.0044 4720 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\EX64.SYS
    10:04:34.0091 4720 NAVEX15 - ok
    10:04:34.0325 4720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    10:04:34.0372 4720 NDIS - ok
    10:04:34.0419 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    10:04:34.0481 4720 NdisCap - ok
    10:04:34.0512 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    10:04:34.0575 4720 NdisTapi - ok
    10:04:34.0621 4720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    10:04:34.0731 4720 Ndisuio - ok
    10:04:34.0762 4720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    10:04:34.0824 4720 NdisWan - ok
    10:04:34.0840 4720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    10:04:34.0887 4720 NDProxy - ok
    10:04:34.0933 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    10:04:34.0980 4720 NetBIOS - ok
    10:04:35.0027 4720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    10:04:35.0089 4720 NetBT - ok
    10:04:35.0152 4720 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    10:04:35.0183 4720 Netlogon - ok
    10:04:35.0245 4720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    10:04:35.0323 4720 Netman - ok
    10:04:35.0386 4720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    10:04:35.0479 4720 netprofm - ok
    10:04:35.0589 4720 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:04:35.0651 4720 NetTcpPortSharing - ok
    10:04:36.0057 4720 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    10:04:36.0322 4720 netw5v64 - ok
    10:04:36.0525 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    10:04:36.0556 4720 nfrd960 - ok
    10:04:36.0618 4720 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    10:04:36.0696 4720 NlaSvc - ok
    10:04:36.0727 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    10:04:36.0790 4720 Npfs - ok
    10:04:36.0837 4720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    10:04:36.0868 4720 nsi - ok
    10:04:36.0899 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    10:04:36.0930 4720 nsiproxy - ok
    10:04:37.0086 4720 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    10:04:37.0180 4720 Ntfs - ok
    10:04:37.0273 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    10:04:37.0336 4720 Null - ok
    10:04:37.0383 4720 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    10:04:37.0429 4720 nvraid - ok
    10:04:37.0476 4720 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    10:04:37.0492 4720 nvstor - ok
    10:04:37.0539 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    10:04:37.0554 4720 nv_agp - ok
    10:04:37.0585 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    10:04:37.0617 4720 ohci1394 - ok
    10:04:37.0663 4720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    10:04:37.0804 4720 p2pimsvc - ok
    10:04:37.0866 4720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    10:04:37.0897 4720 p2psvc - ok
    10:04:37.0944 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    10:04:37.0960 4720 Parport - ok
    10:04:38.0007 4720 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    10:04:38.0053 4720 partmgr - ok
    10:04:38.0116 4720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    10:04:38.0163 4720 PcaSvc - ok
    10:04:38.0225 4720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    10:04:38.0241 4720 pci - ok
    10:04:38.0272 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    10:04:38.0287 4720 pciide - ok
    10:04:38.0334 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    10:04:38.0365 4720 pcmcia - ok
    10:04:38.0397 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    10:04:38.0412 4720 pcw - ok
    10:04:38.0475 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    10:04:38.0553 4720 PEAUTH - ok
    10:04:38.0662 4720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    10:04:38.0693 4720 PerfHost - ok
    10:04:38.0880 4720 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    10:04:39.0021 4720 pla - ok
    10:04:39.0114 4720 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    10:04:39.0223 4720 PlugPlay - ok
    10:04:39.0255 4720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    10:04:39.0301 4720 PNRPAutoReg - ok
    10:04:39.0348 4720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    10:04:39.0364 4720 PNRPsvc - ok
    10:04:39.0426 4720 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    10:04:39.0520 4720 PolicyAgent - ok
    10:04:39.0582 4720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    10:04:39.0629 4720 Power - ok
    10:04:39.0754 4720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    10:04:39.0863 4720 PptpMiniport - ok
    10:04:39.0894 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    10:04:39.0972 4720 Processor - ok
    10:04:40.0019 4720 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    10:04:40.0066 4720 ProfSvc - ok
    10:04:40.0128 4720 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    10:04:40.0144 4720 ProtectedStorage - ok
    10:04:40.0191 4720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    10:04:40.0237 4720 Psched - ok
    10:04:40.0362 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    10:04:40.0425 4720 ql2300 - ok
    10:04:40.0549 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    10:04:40.0565 4720 ql40xx - ok
    10:04:40.0612 4720 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    10:04:40.0659 4720 QWAVE - ok
    10:04:40.0674 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    10:04:40.0721 4720 QWAVEdrv - ok
    10:04:40.0752 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    10:04:40.0815 4720 RasAcd - ok
    10:04:40.0861 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:04:40.0924 4720 RasAgileVpn - ok
    10:04:40.0971 4720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    10:04:41.0080 4720 RasAuto - ok
    10:04:41.0142 4720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:04:41.0205 4720 Rasl2tp - ok
    10:04:41.0298 4720 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    10:04:41.0361 4720 RasMan - ok
    10:04:41.0407 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    10:04:41.0470 4720 RasPppoe - ok
    10:04:41.0517 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    10:04:41.0579 4720 RasSstp - ok
    10:04:41.0641 4720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    10:04:41.0719 4720 rdbss - ok
    10:04:41.0782 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    10:04:41.0829 4720 rdpbus - ok
    10:04:41.0860 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:04:41.0938 4720 RDPCDD - ok
    10:04:41.0985 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    10:04:42.0031 4720 RDPENCDD - ok
    10:04:42.0063 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    10:04:42.0109 4720 RDPREFMP - ok
    10:04:42.0172 4720 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
    10:04:42.0328 4720 RDPWD - ok
    10:04:42.0390 4720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    10:04:42.0406 4720 rdyboost - ok
    10:04:42.0484 4720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    10:04:42.0577 4720 RemoteAccess - ok
    10:04:42.0640 4720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    10:04:42.0749 4720 RemoteRegistry - ok
    10:04:42.0843 4720 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
    10:04:42.0952 4720 Revoflt - ok
    10:04:42.0983 4720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    10:04:43.0045 4720 RpcEptMapper - ok
    10:04:43.0092 4720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    10:04:43.0139 4720 RpcLocator - ok
    10:04:43.0217 4720 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    10:04:43.0248 4720 RpcSs - ok
    10:04:43.0311 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    10:04:43.0373 4720 rspndr - ok
    10:04:43.0467 4720 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
    10:04:43.0498 4720 RTL8167 - ok
    10:04:43.0623 4720 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    10:04:43.0669 4720 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
    10:04:43.0669 4720 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
    10:04:43.0716 4720 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    10:04:43.0732 4720 SamSs - ok
    10:04:43.0779 4720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    10:04:43.0794 4720 sbp2port - ok
    10:04:43.0857 4720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    10:04:44.0059 4720 SCardSvr - ok
    10:04:44.0106 4720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    10:04:44.0169 4720 scfilter - ok
    10:04:44.0262 4720 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    10:04:44.0371 4720 Schedule - ok
    10:04:44.0434 4720 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    10:04:44.0465 4720 SCPolicySvc - ok
    10:04:44.0512 4720 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
    10:04:44.0543 4720 sdbus - ok
    10:04:44.0605 4720 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    10:04:44.0746 4720 SDRSVC - ok
    10:04:44.0855 4720 SeaPort (3e0cff5f0a9d23e327703d72cea5253f) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    10:04:44.0902 4720 SeaPort - ok
    10:04:44.0949 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    10:04:45.0011 4720 secdrv - ok
    10:04:45.0058 4720 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    10:04:45.0105 4720 seclogon - ok
    10:04:45.0151 4720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    10:04:45.0214 4720 SENS - ok
    10:04:45.0229 4720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    10:04:45.0339 4720 SensrSvc - ok
    10:04:45.0370 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    10:04:45.0385 4720 Serenum - ok
    10:04:45.0432 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    10:04:45.0463 4720 Serial - ok
    10:04:45.0495 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    10:04:45.0541 4720 sermouse - ok
    10:04:45.0604 4720 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    10:04:45.0729 4720 SessionEnv - ok
    10:04:45.0775 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    10:04:45.0885 4720 sffdisk - ok
    10:04:45.0931 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    10:04:45.0963 4720 sffp_mmc - ok
    10:04:45.0994 4720 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    10:04:46.0025 4720 sffp_sd - ok
    10:04:46.0072 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    10:04:46.0103 4720 sfloppy - ok
    10:04:46.0181 4720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    10:04:46.0290 4720 SharedAccess - ok
    10:04:46.0353 4720 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    10:04:46.0415 4720 ShellHWDetection - ok
    10:04:46.0477 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    10:04:46.0509 4720 SiSRaid2 - ok
    10:04:46.0540 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    10:04:46.0571 4720 SiSRaid4 - ok
    10:04:46.0602 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    10:04:46.0665 4720 Smb - ok
    10:04:46.0711 4720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    10:04:46.0743 4720 SNMPTRAP - ok
    10:04:46.0774 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    10:04:46.0789 4720 spldr - ok
    10:04:46.0867 4720 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    10:04:46.0961 4720 Spooler - ok
    10:04:47.0211 4720 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    10:04:47.0382 4720 sppsvc - ok
    10:04:47.0507 4720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    10:04:47.0569 4720 sppuinotify - ok
    10:04:47.0741 4720 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
    10:04:47.0788 4720 SRTSP - ok
    10:04:47.0819 4720 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
    10:04:47.0819 4720 SRTSPX - ok
    10:04:47.0897 4720 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    10:04:48.0006 4720 srv - ok
    10:04:48.0053 4720 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    10:04:48.0115 4720 srv2 - ok
    10:04:48.0193 4720 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    10:04:48.0256 4720 SrvHsfHDA - ok
    10:04:48.0365 4720 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    10:04:48.0427 4720 SrvHsfV92 - ok
    10:04:48.0583 4720 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    10:04:48.0615 4720 SrvHsfWinac - ok
    10:04:48.0693 4720 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    10:04:48.0755 4720 srvnet - ok
    10:04:48.0833 4720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    10:04:48.0911 4720 SSDPSRV - ok
    10:04:48.0942 4720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    10:04:48.0989 4720 SstpSvc - ok
    10:04:49.0020 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    10:04:49.0036 4720 stexstor - ok
    10:04:49.0098 4720 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    10:04:49.0129 4720 StillCam - ok
    10:04:49.0223 4720 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    10:04:49.0285 4720 stisvc - ok
    10:04:49.0332 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    10:04:49.0363 4720 swenum - ok
    10:04:49.0426 4720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    10:04:49.0519 4720 swprv - ok
    10:04:49.0629 4720 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
    10:04:49.0675 4720 SymDS - ok
    10:04:49.0753 4720 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
    10:04:49.0800 4720 SymEFA - ok
    10:04:49.0847 4720 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    10:04:49.0863 4720 SymEvent - ok
    10:04:49.0909 4720 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
    10:04:49.0941 4720 SymIRON - ok
    10:04:49.0987 4720 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
    10:04:50.0034 4720 SymNetS - ok
    10:04:50.0175 4720 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
    10:04:50.0237 4720 SynTP - ok
    10:04:50.0471 4720 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    10:04:50.0549 4720 SysMain - ok
    10:04:50.0627 4720 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    10:04:50.0674 4720 TabletInputService - ok
    10:04:50.0736 4720 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    10:04:50.0783 4720 TapiSrv - ok
    10:04:50.0814 4720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    10:04:50.0845 4720 TBS - ok
    10:04:51.0064 4720 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    10:04:51.0189 4720 Tcpip - ok
    10:04:51.0469 4720 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    10:04:51.0516 4720 TCPIP6 - ok
    10:04:51.0641 4720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    10:04:51.0719 4720 tcpipreg - ok
    10:04:51.0750 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    10:04:51.0828 4720 TDPIPE - ok
    10:04:51.0891 4720 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    10:04:51.0953 4720 TDTCP - ok
    10:04:52.0000 4720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    10:04:52.0078 4720 tdx - ok
    10:04:52.0125 4720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    10:04:52.0140 4720 TermDD - ok
    10:04:52.0218 4720 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    10:04:52.0312 4720 TermService - ok
    10:04:52.0327 4720 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    10:04:52.0359 4720 Themes - ok
    10:04:52.0405 4720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    10:04:52.0437 4720 THREADORDER - ok
    10:04:52.0468 4720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    10:04:52.0530 4720 TrkWks - ok
    10:04:52.0593 4720 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    10:04:52.0671 4720 TrustedInstaller - ok
    10:04:52.0702 4720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:04:52.0749 4720 tssecsrv - ok
    10:04:52.0811 4720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    10:04:52.0920 4720 tunnel - ok
    10:04:52.0983 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    10:04:53.0029 4720 uagp35 - ok
    10:04:53.0092 4720 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
    10:04:53.0201 4720 udfs - ok
    10:04:53.0263 4720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    10:04:53.0295 4720 UI0Detect - ok
    10:04:53.0326 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    10:04:53.0341 4720 uliagpkx - ok
    10:04:53.0404 4720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    10:04:53.0451 4720 umbus - ok
    10:04:53.0513 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    10:04:53.0560 4720 UmPass - ok
    10:04:53.0622 4720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    10:04:53.0669 4720 upnphost - ok
    10:04:53.0747 4720 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    10:04:53.0841 4720 usbaudio - ok
    10:04:53.0872 4720 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
    10:04:53.0965 4720 usbccgp - ok
    10:04:54.0012 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    10:04:54.0059 4720 usbcir - ok
    10:04:54.0090 4720 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
    10:04:54.0121 4720 usbehci - ok
    10:04:54.0184 4720 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
    10:04:54.0215 4720 usbfilter - ok
    10:04:54.0309 4720 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    10:04:54.0355 4720 usbhub - ok
    10:04:54.0387 4720 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
    10:04:54.0418 4720 usbohci - ok
    10:04:54.0496 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    10:04:54.0574 4720 usbprint - ok
    10:04:54.0605 4720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    10:04:54.0636 4720 usbscan - ok
    10:04:54.0683 4720 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    10:04:54.0792 4720 USBSTOR - ok
    10:04:54.0823 4720 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    10:04:54.0886 4720 usbuhci - ok
    10:04:54.0964 4720 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    10:04:55.0026 4720 usbvideo - ok
    10:04:55.0057 4720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    10:04:55.0104 4720 UxSms - ok
    10:04:55.0167 4720 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    10:04:55.0167 4720 VaultSvc - ok
    10:04:55.0229 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    10:04:55.0245 4720 vdrvroot - ok
    10:04:55.0307 4720 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    10:04:55.0369 4720 vds - ok
    10:04:55.0432 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    10:04:55.0463 4720 vga - ok
    10:04:55.0494 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    10:04:55.0557 4720 VgaSave - ok
    10:04:55.0619 4720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    10:04:55.0650 4720 vhdmp - ok
    10:04:55.0697 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    10:04:55.0713 4720 viaide - ok
    10:04:55.0728 4720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    10:04:55.0744 4720 volmgr - ok
    10:04:55.0806 4720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    10:04:55.0837 4720 volmgrx - ok
    10:04:55.0869 4720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    10:04:55.0931 4720 volsnap - ok
    10:04:55.0978 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    10:04:55.0993 4720 vsmraid - ok
    10:04:56.0134 4720 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    10:04:56.0290 4720 VSS - ok
    10:04:56.0430 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    10:04:56.0461 4720 vwifibus - ok
    10:04:56.0493 4720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    10:04:56.0524 4720 vwififlt - ok
    10:04:56.0571 4720 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    10:04:56.0586 4720 vwifimp - ok
    10:04:56.0649 4720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    10:04:56.0742 4720 W32Time - ok
    10:04:56.0789 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    10:04:56.0820 4720 WacomPen - ok
    10:04:56.0883 4720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    10:04:56.0945 4720 WANARP - ok
    10:04:56.0961 4720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    10:04:56.0992 4720 Wanarpv6 - ok
    10:04:57.0117 4720 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    10:04:57.0288 4720 wbengine - ok
    10:04:57.0397 4720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    10:04:57.0429 4720 WbioSrvc - ok
    10:04:57.0491 4720 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    10:04:57.0616 4720 wcncsvc - ok
    10:04:57.0631 4720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    10:04:57.0678 4720 WcsPlugInService - ok
    10:04:57.0756 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    10:04:57.0803 4720 Wd - ok
    10:04:57.0850 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    10:04:57.0912 4720 Wdf01000 - ok
    10:04:57.0943 4720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    10:04:57.0990 4720 WdiServiceHost - ok
    10:04:58.0006 4720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    10:04:58.0021 4720 WdiSystemHost - ok
    10:04:58.0068 4720 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    10:04:58.0162 4720 WebClient - ok
    10:04:58.0209 4720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    10:04:58.0271 4720 Wecsvc - ok
    10:04:58.0318 4720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    10:04:58.0380 4720 wercplsupport - ok
    10:04:58.0427 4720 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    10:04:58.0474 4720 WerSvc - ok
    10:04:58.0536 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    10:04:58.0583 4720 WfpLwf - ok
    10:04:58.0614 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    10:04:58.0630 4720 WIMMount - ok
    10:04:58.0692 4720 WinDefend - ok
    10:04:58.0723 4720 WinHttpAutoProxySvc - ok
    10:04:58.0786 4720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    10:04:58.0864 4720 Winmgmt - ok
    10:04:59.0035 4720 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    10:04:59.0207 4720 WinRM - ok
    10:04:59.0425 4720 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    10:04:59.0457 4720 WinUsb - ok
    10:04:59.0550 4720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    10:04:59.0613 4720 Wlansvc - ok
    10:04:59.0893 4720 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:04:59.0987 4720 wlidsvc - ok
    10:05:00.0159 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    10:05:00.0190 4720 WmiAcpi - ok
    10:05:00.0268 4720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    10:05:00.0315 4720 wmiApSrv - ok
    10:05:00.0393 4720 WMPNetworkSvc - ok
    10:05:00.0439 4720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    10:05:00.0502 4720 WPCSvc - ok
    10:05:00.0533 4720 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    10:05:00.0642 4720 WPDBusEnum - ok
    10:05:00.0673 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    10:05:00.0736 4720 ws2ifsl - ok
    10:05:00.0814 4720 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    10:05:00.0923 4720 wscsvc - ok
    10:05:00.0923 4720 WSearch - ok
    10:05:01.0126 4720 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    10:05:01.0219 4720 wuauserv - ok
    10:05:01.0360 4720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    10:05:01.0422 4720 WudfPf - ok
    10:05:01.0469 4720 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    10:05:01.0531 4720 wudfsvc - ok
    10:05:01.0578 4720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    10:05:01.0641 4720 WwanSvc - ok
    10:05:01.0719 4720 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    10:05:01.0765 4720 yukonw7 - ok
    10:05:01.0812 4720 MBR (0x1B8) (4287d1c7c777c7cdd9ab892338678e65) \Device\Harddisk0\DR0
    10:05:01.0937 4720 \Device\Harddisk0\DR0 - ok
    10:05:01.0984 4720 Boot (0x1200) (f8f93b2a992e9caf3fc590dcac339c5f) \Device\Harddisk0\DR0\Partition0
    10:05:01.0999 4720 \Device\Harddisk0\DR0\Partition0 - ok
    10:05:02.0015 4720 Boot (0x1200) (07ef4458efa0038db2a13c78e83a9055) \Device\Harddisk0\DR0\Partition1
    10:05:02.0015 4720 \Device\Harddisk0\DR0\Partition1 - ok
    10:05:02.0062 4720 Boot (0x1200) (c79f6b48554c10b995799d277225ffc6) \Device\Harddisk0\DR0\Partition2
    10:05:02.0062 4720 \Device\Harddisk0\DR0\Partition2 - ok
    10:05:02.0093 4720 Boot (0x1200) (fa5c85adaadbde681789ae090c4fbbd6) \Device\Harddisk0\DR0\Partition3
    10:05:02.0093 4720 \Device\Harddisk0\DR0\Partition3 - ok
    10:05:02.0093 4720 ============================================================
    10:05:02.0093 4720 Scan finished
    10:05:02.0093 4720 ============================================================
    10:05:02.0155 4712 Detected object count: 1
    10:05:02.0155 4712 Actual detected object count: 1
    10:10:56.0208 4712 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
    10:10:56.0208 4712 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:18:42.0882 4480 Deinitialize success


    About the OTL logs:

    I did as requested, and selected "Run anyway" when Norton prompted me to run....but, SONAR swooped in and removed the program :(

    I'm sorry - I'll try to reinstall and post, but thought I'd send what I had for now.
     
  8. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Got ComboFix to run :) In other words, I finally figured out how to fully disable Norton :p

    Log follows:


    ComboFix 12-05-13.03 - brandon 05/14/2012 10:50:29.4.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.743 [GMT -4:00]
    Running from: c:\users\brandon\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\brandon\AppData\Roaming\result.db
    c:\users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-14 15:03 . 2012-05-14 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
    2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-13 18:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-12 05:56 . 2011-06-08 22:35 778088 ---ha-w- c:\windows\system32\HPDiscoPMa011.dll
    2012-05-12 05:54 . 2012-05-12 05:54 -------- d-----w- c:\program files\HP
    2012-05-12 04:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2012-05-12 04:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2012-05-12 04:17 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2012-05-12 04:17 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2012-05-12 04:17 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2012-05-12 04:17 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2012-05-12 04:17 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2012-05-12 04:17 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2012-05-12 04:17 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2012-05-12 04:17 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
    2012-05-12 04:17 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2012-05-12 04:17 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2012-05-12 04:01 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
    2012-05-12 04:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2012-05-12 03:59 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
    2012-05-12 03:45 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2012-05-12 03:45 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2012-05-12 03:45 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2012-05-12 03:45 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2012-05-12 03:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-05-12 03:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2012-05-12 03:44 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-05-12 03:44 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-05-12 03:44 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-05-12 03:44 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2012-05-12 03:44 . 2012-05-12 03:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-05-12 03:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-05-12 03:40 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-05-12 03:40 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2012-05-12 03:40 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2012-05-12 03:40 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-05-12 03:40 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-05-12 03:40 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-05-12 03:35 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2012-05-12 03:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2012-05-12 03:33 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-05-12 03:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-05-12 03:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-05-12 03:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-05-12 03:32 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2012-05-12 03:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
    2012-05-12 03:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-05-12 03:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-05-12 03:32 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
    2012-05-12 03:32 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
    2012-05-12 03:32 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
    2012-05-12 03:29 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
    2012-05-12 03:29 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-05-12 03:29 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-05-12 03:29 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-05-12 03:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-05-12 03:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-05-12 03:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-05-12 03:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-05-12 03:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-05-12 03:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-05-12 03:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-05-12 03:15 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2012-05-12 03:15 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2012-05-12 03:15 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2012-05-12 03:15 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2012-05-12 03:14 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2012-05-12 03:14 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-05-12 03:14 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-05-12 03:14 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-05-12 03:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2012-05-12 03:12 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-05-12 03:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-05-12 03:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-05-12 03:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-05-12 03:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-05-12 03:11 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-05-12 03:11 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-05-12 03:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2012-05-12 03:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2012-05-12 03:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2012-05-12 03:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-05-12 03:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2012-05-12 03:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2012-05-12 03:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2012-05-12 03:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2012-05-12 03:02 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-12 03:02 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2012-05-12 03:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-05-12 02:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-05-12 02:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-05-12 02:58 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
    2012-05-12 02:58 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2012-05-12 02:57 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-05-12 02:57 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-05-12 02:55 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-05-12 02:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-05-12 02:55 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-05-12 02:55 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-05-10 00:57 . 2012-05-10 00:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-05-10 00:35 . 2012-05-10 00:41 -------- d-----w- c:\program files\Symantec
    2012-05-10 00:35 . 2012-05-10 00:41 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-05-10 00:35 . 2012-05-10 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-05-10 00:34 . 2012-05-12 02:37 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
    2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-05-10 00:29 . 2012-05-10 00:59 -------- d-----w- c:\users\brandon\AppData\Local\LogMeIn Rescue Applet
    2012-05-07 04:38 . 2012-05-07 04:38 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-05-07 00:51 . 2012-05-07 00:51 -------- d-----w- c:\users\brandon\AppData\Local\VS Revo Group
    2012-05-07 00:51 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-05-07 00:51 . 2012-05-07 00:51 -------- d-----w- c:\program files\VS Revo Group
    2012-05-06 23:08 . 2012-05-06 23:08 -------- d-----w- c:\programdata\GID
    2012-04-23 03:07 . 2012-05-09 00:00 -------- d-----w- c:\programdata\Recovery
    2012-04-23 02:08 . 2012-04-23 02:08 -------- d-----w- C:\N360_BACKUP
    2012-04-23 01:36 . 2012-05-12 00:46 -------- d-----w- c:\users\brandon\AppData\Local\NPE
    2012-04-22 21:19 . 2012-04-22 21:19 -------- d-----w- c:\users\brandon\AppData\Local\ElevatedDiagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-06 23:11 . 2012-03-31 14:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 23:11 . 2012-03-31 14:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 23:11 . 2012-04-13 23:47 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-03-26 04:03 . 2012-03-26 04:04 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2012-03-26 04:03 . 2012-03-26 04:04 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2012-03-26 04:03 . 2012-03-26 04:04 80488 ----a-w- c:\windows\system32\RCoInst64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 569960 ----a-w- c:\windows\system32\RtkApi64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 200800 ----a-w- c:\windows\system32\AERTAC64.dll
    2012-03-26 04:02 . 2011-04-09 08:45 1251944 ----a-w- c:\windows\RtlExUpd.dll
    2012-02-23 14:18 . 2011-08-19 04:05 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-04-09 21:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
    .
    c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]
    S1 GIDv2;GIDv2; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSvia64.sys [2012-05-09 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-10 138360]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:11]
    .
    2012-05-01 c:\windows\Tasks\HPCeeScheduleForbrandon.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    steamdvr
    proxyhostmirrordisplay
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-14 11:21:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-14 15:21



    .
    Pre-Run: 158,958,227,456 bytes free
    Post-Run: 158,376,873,984 bytes free
    .
    - - End Of File - - 4BCCC1164AF3EB405B81BB6C8BF3E16B
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    OK do the following, (No sign of za rootkit:p)

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    File::
    Folder:
    c:\program files (x86)\Ask.com
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
    [-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Norton must be off for this one to....

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see those two logs, also give an update on current issues/concerns....

    Kevin
     
  10. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Hey Kevin,

    Here's Log #1:

    ComboFix 12-05-13.03 - brandon 05/14/2012 22:54:18.5.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.1014 [GMT -4:00]
    Running from: c:\users\brandon\Desktop\ComboFix.exe
    Command switches used :: c:\users\brandon\Desktop\CFScript.txt
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-15 03:06 . 2012-05-15 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-14 17:36 . 2012-05-14 17:36 -------- d-----w- c:\windows\SysWow64\Wat
    2012-05-14 17:36 . 2012-05-14 17:36 -------- d-----w- c:\windows\system32\Wat
    2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
    2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-13 18:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-12 05:56 . 2011-06-08 22:35 778088 ---ha-w- c:\windows\system32\HPDiscoPMa011.dll
    2012-05-12 05:54 . 2012-05-12 05:54 -------- d-----w- c:\program files\HP
    2012-05-12 04:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2012-05-12 04:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2012-05-12 04:17 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2012-05-12 04:17 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2012-05-12 04:17 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2012-05-12 04:17 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2012-05-12 04:17 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2012-05-12 04:17 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2012-05-12 04:17 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2012-05-12 04:17 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
    2012-05-12 04:17 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2012-05-12 04:17 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2012-05-12 04:01 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
    2012-05-12 04:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2012-05-12 03:59 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
    2012-05-12 03:45 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2012-05-12 03:45 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2012-05-12 03:45 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2012-05-12 03:45 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2012-05-12 03:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-05-12 03:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2012-05-12 03:44 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-05-12 03:44 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-05-12 03:44 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-05-12 03:44 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2012-05-12 03:44 . 2012-05-12 03:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-05-12 03:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-05-12 03:40 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-05-12 03:40 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2012-05-12 03:40 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2012-05-12 03:40 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-05-12 03:40 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-05-12 03:40 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-05-12 03:35 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2012-05-12 03:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2012-05-12 03:33 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-05-12 03:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-05-12 03:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-05-12 03:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-05-12 03:32 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2012-05-12 03:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
    2012-05-12 03:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-05-12 03:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-05-12 03:32 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
    2012-05-12 03:32 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
    2012-05-12 03:32 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
    2012-05-12 03:29 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
    2012-05-12 03:29 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-05-12 03:29 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-05-12 03:29 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-05-12 03:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-05-12 03:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-05-12 03:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-05-12 03:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-05-12 03:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-05-12 03:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-05-12 03:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-05-12 03:16 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2012-05-12 03:16 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2012-05-12 03:16 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2012-05-12 03:16 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
    2012-05-12 03:16 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
    2012-05-12 03:16 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-12 03:16 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
    2012-05-12 03:16 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2012-05-12 03:16 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2012-05-12 03:16 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2012-05-12 03:16 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2012-05-12 03:15 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2012-05-12 03:15 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2012-05-12 03:15 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2012-05-12 03:15 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2012-05-12 03:14 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2012-05-12 03:14 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-05-12 03:14 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-05-12 03:14 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-05-12 03:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2012-05-12 03:12 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-05-12 03:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-05-12 03:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-05-12 03:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-05-12 03:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-05-12 03:11 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-05-12 03:11 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-05-12 03:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2012-05-12 03:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2012-05-12 03:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2012-05-12 03:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-05-12 03:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2012-05-12 03:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2012-05-12 03:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2012-05-12 03:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2012-05-12 03:02 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-12 03:02 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2012-05-12 03:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-05-12 02:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-05-12 02:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-05-12 02:58 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
    2012-05-12 02:58 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2012-05-12 02:57 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-05-12 02:57 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-05-12 02:55 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-05-12 02:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-05-12 02:55 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-05-12 02:55 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-05-10 00:57 . 2012-05-10 00:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-05-10 00:35 . 2012-05-10 00:41 -------- d-----w- c:\program files\Symantec
    2012-05-10 00:35 . 2012-05-10 00:41 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-05-10 00:35 . 2012-05-10 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-05-10 00:34 . 2012-05-12 02:37 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
    2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\NortonInstaller
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-06 23:11 . 2012-03-31 14:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 23:11 . 2012-03-31 14:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 23:11 . 2012-04-13 23:47 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-03-26 04:03 . 2012-03-26 04:04 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2012-03-26 04:03 . 2012-03-26 04:04 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2012-03-26 04:03 . 2012-03-26 04:04 80488 ----a-w- c:\windows\system32\RCoInst64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 569960 ----a-w- c:\windows\system32\RtkApi64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
    2012-03-26 04:03 . 2012-03-26 04:04 200800 ----a-w- c:\windows\system32\AERTAC64.dll
    2012-03-26 04:02 . 2011-04-09 08:45 1251944 ----a-w- c:\windows\RtlExUpd.dll
    2012-02-23 14:18 . 2011-08-19 04:05 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-14_15.07.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-05-15 02:16 . 2012-05-15 02:16 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 54272 c:\windows\SysWOW64\pngfilt.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\SysWOW64\mshtmler.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 72704 c:\windows\SysWOW64\mshtmled.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 11776 c:\windows\SysWOW64\mshta.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\SysWOW64\msfeedssync.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 41472 c:\windows\SysWOW64\msfeedsbs.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 23552 c:\windows\SysWOW64\licmgr10.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 78848 c:\windows\SysWOW64\inseng.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 35840 c:\windows\SysWOW64\imgutil.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\SysWOW64\iesysprep.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 74752 c:\windows\SysWOW64\iesetup.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 31744 c:\windows\SysWOW64\iernonce.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 74240 c:\windows\SysWOW64\ie4uinit.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 66048 c:\windows\SysWOW64\icardie.dll
    + 2010-07-11 01:39 . 2012-05-15 03:11 60148 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-15 03:12 51534 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-18 06:12 . 2012-05-15 03:12 20644 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-554974647-341856259-1591196108-1000_UserData.bin
    + 2012-05-15 02:16 . 2012-05-15 02:16 91648 c:\windows\system64\SetIEInstalledDate.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system64\RegisterIEPKEYs.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\system64\pngfilt.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\system64\mshtmler.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 96256 c:\windows\system64\mshtmled.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 12288 c:\windows\system64\mshta.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\system64\msfeedssync.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 55296 c:\windows\system64\msfeedsbs.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\system64\migration\WininetPlugin.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 30720 c:\windows\system64\licmgr10.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system64\jsproxy.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 49664 c:\windows\system64\imgutil.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system64\iesetup.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 39936 c:\windows\system64\iernonce.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system64\ie4uinit.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 82432 c:\windows\system64\icardie.dll
    - 2011-06-18 10:08 . 2012-05-13 18:08 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-06-18 10:08 . 2012-05-15 02:24 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-06-18 10:08 . 2012-05-15 02:24 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-06-18 10:08 . 2012-05-13 18:08 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-13 18:08 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-15 02:24 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-11 01:39 . 2012-05-15 02:23 59992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-15 02:23 51510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-18 06:12 . 2012-05-15 02:04 20470 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-554974647-341856259-1591196108-1000_UserData.bin
    + 2012-05-15 02:16 . 2012-05-15 02:16 91648 c:\windows\system32\SetIEInstalledDate.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system32\RegisterIEPKEYs.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\system32\pngfilt.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\system32\mshtmler.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 96256 c:\windows\system32\mshtmled.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 12288 c:\windows\system32\mshta.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\system32\msfeedssync.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 55296 c:\windows\system32\msfeedsbs.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 30720 c:\windows\system32\licmgr10.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system32\jsproxy.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 49664 c:\windows\system32\imgutil.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system32\iesetup.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 39936 c:\windows\system32\iernonce.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system32\ie4uinit.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 82432 c:\windows\system32\icardie.dll
    + 2011-06-18 10:08 . 2012-05-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-18 10:08 . 2012-05-13 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-18 10:08 . 2012-05-13 18:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-06-18 10:08 . 2012-05-15 02:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-13 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-06-18 17:24 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-18 17:24 . 2012-05-14 13:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2012-05-15 02:23 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-06-18 17:24 . 2012-05-14 13:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-06-18 17:24 . 2012-05-15 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-06-18 17:24 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-06-18 17:24 . 2012-05-14 13:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-06-18 06:13 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-18 06:13 . 2012-05-14 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-18 06:13 . 2012-05-14 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-06-18 06:13 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-05-14 15:05 . 2012-05-14 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-15 03:08 . 2012-05-15 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-15 03:08 . 2012-05-15 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-05-14 15:05 . 2012-05-14 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 152064 c:\windows\SysWOW64\wextract.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 203776 c:\windows\SysWOW64\webcheck.dll
    + 2012-05-14 17:36 . 2012-05-14 17:36 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
    + 2012-05-14 17:36 . 2012-05-14 17:36 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 420864 c:\windows\SysWOW64\vbscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 231936 c:\windows\SysWOW64\url.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 123392 c:\windows\SysWOW64\occache.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 162304 c:\windows\SysWOW64\msrating.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 161792 c:\windows\SysWOW64\msls31.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 580608 c:\windows\SysWOW64\msfeeds.dll
    - 2012-05-12 03:30 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 716800 c:\windows\SysWOW64\jscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 150528 c:\windows\SysWOW64\iexpress.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 176640 c:\windows\SysWOW64\ieui.dll
    - 2012-05-12 03:30 . 2012-02-28 05:37 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 118784 c:\windows\SysWOW64\iepeers.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 353584 c:\windows\SysWOW64\iedkcs32.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 434176 c:\windows\SysWOW64\ieapfltr.dll
    - 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\SysWOW64\ieakui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 227840 c:\windows\SysWOW64\ieaksie.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 130560 c:\windows\SysWOW64\ieakeng.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 110592 c:\windows\SysWOW64\IEAdvpack.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 223232 c:\windows\SysWOW64\dxtrans.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 353792 c:\windows\SysWOW64\dxtmsft.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 101888 c:\windows\SysWOW64\admparse.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system64\wextract.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 249344 c:\windows\system64\webcheck.dll
    + 2011-06-18 17:43 . 2012-05-14 17:31 264066 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2012-05-14 17:36 . 2012-05-14 17:36 152888 c:\windows\system64\Wat\WatWeb.dll
    + 2012-05-14 17:36 . 2012-05-14 17:36 249656 c:\windows\system64\Wat\WatUX.exe
    + 2012-05-14 17:36 . 2012-05-14 17:36 138664 c:\windows\system64\Wat\npWatWeb.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 603648 c:\windows\system64\vbscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 237056 c:\windows\system64\url.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 149504 c:\windows\system64\occache.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 197120 c:\windows\system64\msrating.dll
    - 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system64\msls31.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 222208 c:\windows\system64\msls31.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 697344 c:\windows\system64\msfeeds.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 818688 c:\windows\system64\jscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 103936 c:\windows\system64\inseng.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 165888 c:\windows\system64\iexpress.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 173056 c:\windows\system64\ieUnatt.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 248320 c:\windows\system64\ieui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 111616 c:\windows\system64\iesysprep.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 145920 c:\windows\system64\iepeers.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 403248 c:\windows\system64\iedkcs32.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 534528 c:\windows\system64\ieapfltr.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\system64\ieakui.dll
    - 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system64\ieakui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 267776 c:\windows\system64\ieaksie.dll
    - 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system64\ieaksie.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system64\ieakeng.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 135168 c:\windows\system64\IEAdvpack.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 282112 c:\windows\system64\dxtrans.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 452608 c:\windows\system64\dxtmsft.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 114176 c:\windows\system64\admparse.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system32\wextract.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 249344 c:\windows\system32\webcheck.dll
    + 2011-06-18 17:43 . 2012-05-14 17:31 264066 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2012-05-14 17:36 . 2012-05-14 17:36 152888 c:\windows\system32\Wat\WatWeb.dll
    + 2012-05-14 17:36 . 2012-05-14 17:36 249656 c:\windows\system32\Wat\WatUX.exe
    + 2012-05-14 17:36 . 2012-05-14 17:36 138664 c:\windows\system32\Wat\npWatWeb.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 603648 c:\windows\system32\vbscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 237056 c:\windows\system32\url.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 149504 c:\windows\system32\occache.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 197120 c:\windows\system32\msrating.dll
    - 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 222208 c:\windows\system32\msls31.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 697344 c:\windows\system32\msfeeds.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 818688 c:\windows\system32\jscript.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 103936 c:\windows\system32\inseng.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 165888 c:\windows\system32\iexpress.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 173056 c:\windows\system32\ieUnatt.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 248320 c:\windows\system32\ieui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 111616 c:\windows\system32\iesysprep.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 145920 c:\windows\system32\iepeers.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 403248 c:\windows\system32\iedkcs32.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 534528 c:\windows\system32\ieapfltr.dll
    - 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\system32\ieakui.dll
    - 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 267776 c:\windows\system32\ieaksie.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system32\ieakeng.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 135168 c:\windows\system32\IEAdvpack.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 282112 c:\windows\system32\dxtrans.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 452608 c:\windows\system32\dxtmsft.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 114176 c:\windows\system32\admparse.dll
    - 2009-07-14 05:01 . 2012-05-14 15:04 261972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-05-15 03:07 261972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-06-18 03:22 . 2012-05-15 03:07 262740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-554974647-341856259-1591196108-1000-8192.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 1127424 c:\windows\SysWOW64\wininet.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 1103360 c:\windows\SysWOW64\urlmon.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 1798656 c:\windows\SysWOW64\jscript9.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 1792000 c:\windows\SysWOW64\iertutil.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 9705472 c:\windows\SysWOW64\ieframe.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\SysWOW64\ieapfltr.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 1390080 c:\windows\system64\wininet.dll
    + 2012-05-14 17:36 . 2012-05-14 17:36 1255736 c:\windows\system64\Wat\WatAdminSvc.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 1345536 c:\windows\system64\urlmon.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 2308096 c:\windows\system64\jscript9.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 2144256 c:\windows\system64\iertutil.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\system64\ieapfltr.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 1390080 c:\windows\system32\wininet.dll
    + 2012-05-14 17:36 . 2012-05-14 17:36 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
    + 2012-05-15 02:16 . 2012-05-15 02:16 1345536 c:\windows\system32\urlmon.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 2308096 c:\windows\system32\jscript9.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 2144256 c:\windows\system32\iertutil.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\system32\ieapfltr.dat
    + 2009-07-14 04:45 . 2012-05-15 02:23 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-05-13 18:09 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-04-09 09:28 . 2012-05-15 03:07 1434328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-04-09 09:28 . 2012-05-14 15:04 1434328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 12282368 c:\windows\SysWOW64\mshtml.dll
    - 2009-07-14 02:34 . 2012-05-14 03:49 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-05-15 02:35 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 17790464 c:\windows\system64\mshtml.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 10887168 c:\windows\system64\ieframe.dll
    - 2009-07-14 02:34 . 2012-05-14 03:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-05-15 02:35 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-05-15 02:16 . 2012-05-15 02:16 17790464 c:\windows\system32\mshtml.dll
    + 2012-05-15 02:16 . 2012-05-15 02:16 10887168 c:\windows\system32\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
    .
    c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]
    S1 GIDv2;GIDv2; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120512.001\IDSvia64.sys [2012-05-09 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-10 138360]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:11]
    .
    2012-05-01 c:\windows\Tasks\HPCeeScheduleForbrandon.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    steamdvr
    proxyhostmirrordisplay
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-14 23:26:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-15 03:26
    ComboFix2.txt 2012-05-14 15:21
    .
    Pre-Run: 158,679,093,248 bytes free
    Post-Run: 158,323,388,416 bytes free
    .
    - - End Of File - - E956E4CEE45B9C6BEE23A575317E0E20



    Log #2 to follow.....
     
  11. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Windows\assembly\temp\U\80000000.@ Win64/Sirefef.W trojan
    C:\Windows\system64\SE2Dmdm.dll Win64/Sirefef.W trojan

    did you want this one too?

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
     
  12. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    :) Only took a couple hours :)

    I did notice when the computer was first turned on (after running ComboFix earlier today) There were a ridiculous number of Windows updates loaded (like 30K ... or maybe only 3K ++). Also, spell check no longer works in Word :(. When the internet was launched, it took about 45 seconds to load, but seems to be pretty speedy now. Oh, and - it loaded with IE9 (had IE8, I think). I didn't know what to answer when it asked if I wanted to use the recommended security settings...

    It's going on 2am so I'm heading to bed. Talk soon - and, as always, THANK YOU !!!! (y) KEVIN (y)
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Not sure about word spell checker, we`ll have a look at that later. The reason for large amount of windows updates will be down to the infection stopping them previously.

    Regarding recommended security settings for IE 9, if offered accept them. If you do not like IE 9 you can UNinstall and it will roll back to the previous version...

    There a couple of baddies still on your system (identified by ESET) also a lot of dross/cookies and general build up of temporary files, we`ll get rid now.

    OK do the following:

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
      C:\ProgramData\Tarma Installer
      C:\Users\All Users\Tarma Installer
      C:\Windows\assembly\temp\U\80000000.@
      C:\Windows\system64\SE2Dmdm.dll
      
      :Commands
      [EmptyTemp]
      [RestHosts]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Let me see the log from OTM, give update on ANY remaining issues.... what version of "Word" are you using, is it part of MS Office; if so what version eg MS 2010

    Kevin
     
  14. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Kevin - Me thinks the first line is a good one :) You too?


    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\brandon\Desktop\cmd.bat deleted successfully.
    C:\Users\brandon\Desktop\cmd.txt deleted successfully.
    C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals) folder moved successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
    C:\ProgramData\Tarma Installer folder moved successfully.
    File/Folder C:\Users\All Users\Tarma Installer not found.
    C:\Windows\assembly\temp\U\80000000.@ moved successfully.
    LoadLibrary failed for C:\Windows\system64\SE2Dmdm.dll
    C:\Windows\system64\SE2Dmdm.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: brandon
    ->Temp folder emptied: 151 bytes
    ->Temporary Internet Files folder emptied: 52422956 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 27676 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9164 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 84.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 05152012_103703
    Files moved on Reboot...
    C:\Users\brandon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    Registry entries deleted on Reboot...



    I did notice a pop-up (or two) while on-line today....which I don't really get at all on the computer I usually use.

    Looks like Word is 2002 :eek: I now see Office Suite 2010 under All Programs, but it will require installation and I don't have much time right now....

    Quick question - I've noticed there are two Program files on C: - one titled "Program Files" and the other "Program Files (x86). I'm accustomed to working with XP and this computer is Win7, so maybe this is normal for Win7. Was just wondering why both folders are required...or are they?

    Also along the XP-Win7 lines, under Start "All programs" looks sooooo different. It's hard to find things (for me anyway). Is there anyway to make it look more like XP?

    I'll try to report later tonight. ENJOY YOUR DAY :D
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Is your Popup blocker actually turned on? for IE explorer select > tools > popup blocker, if it shows as turned OFF, turn it on.

    If it is already ON, select > popup blocker settings > what is the "Blocking Level" setting, should be either "Medium" or "High" depending on your personal preferences...

    Your version of windows is 64 bit. Most programs for your system will be 64 bit. Program Files is for 64 bit applications. Some programs are only available in 32 bit format, Your OS can still run those and will configure itself to do it.

    Program Files x86 is for 32 bit applications. Windows is smart enough to know which one they got into, so don`t worry about them...

    Let me know how your system is responding, apart from spell checker. that will probably right itself if you install the MS office 2010 suite.

    Not sure how to configure W7 to run like XP, you may have to take that up with the Technical guys over at the Operating System section when we`re done here...Okey dokey....

    Kevin
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1052576