TechSpot

Windows has encountered a critical error will restart in one minute

Solved
By nerdyandrew
Nov 20, 2012
Topic Status:
Not open for further replies.
  1. Hi, I found this thread when trying to solve the problem of "Windows has encountered a critical error will restart in one minute". I've tried virus scans and other things and nothing seems to work. A lot of other folks seem to have ran into the same issue, so hopefully I can find some help here. Thank you in advance and attached are the logs.

    Attached Files:

  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  3. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    I followed the instructions and attached is the Fixlog.txt output.

    I restarted the computer and immediately I got the problem "Windows has encountered a critical error will restart in one minute". It then restarted my computer in one minute.

    Attached Files:

  4. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    Sorry, just realized that the forum rules stated that I need to paste logs instead of attach, here is the pasted log, hope someone can help soon:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2012
    Ran by SYSTEM at 2012-11-20 10:12:05 Run:1
    Running from I:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Does the computer stay booted in Normal Mode? Safe Mode?
  6. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    Actually..it works now!!! Really weird that it didn't after the initial fix. Thanks for all your help DragonMaster Jay, enjoy your Thanksgiving!
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry for delay. I just came back from my short vacation. :) Hope if you celebrated Thanksgiving, that it was wonderful. :D

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    ComboFix 12-11-23.02 - Andrew 11/24/2012 13:28:23.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4581 [GMT -6:00]
    Running from: c:\users\Andrew\Downloads\ComboFix.exe
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\xml345D.tmp
    c:\programdata\xml3921.tmp
    c:\programdata\xml3A7A.tmp
    c:\users\Andrew\g2mdlhlpx.exe
    c:\windows\security\Database\tmp.edb
    H:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2020-01-23 05:32 . 2020-01-23 05:32 -------- d-----w- c:\windows\SysWow64\spool
    2012-11-24 19:32 . 2012-11-24 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-22 03:01 . 2012-11-22 03:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-11-22 02:24 . 2012-11-22 02:24 -------- d-----w- c:\users\Andrew\AppData\Local\ESN
    2012-11-21 17:31 . 2012-11-21 17:31 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-21 17:23 . 2012-11-21 17:23 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-21 16:29 . 2012-11-21 16:29 -------- d-----w- c:\users\Andrew\AppData\Roaming\TeamViewer
    2012-11-20 08:43 . 2012-11-20 08:43 -------- d-----w- C:\FRST
    2012-11-20 05:18 . 2012-11-20 05:18 -------- d-----w- c:\program files (x86)\ESET
    2012-11-19 03:11 . 2012-11-19 03:11 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
    2012-11-15 16:23 . 2012-11-15 16:23 -------- d-----w- C:\found.004
    2012-11-15 00:08 . 2012-11-15 01:23 -------- d-----w- c:\users\Andrew\AppData\Roaming\Download Manager
    2012-11-14 05:53 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-11-14 05:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-11-14 05:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-24 08:50 . 2011-10-25 18:11 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-11-24 08:50 . 2009-10-29 03:33 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-11-24 08:49 . 2009-10-29 01:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-11-21 19:15 . 2009-07-13 23:49 123904 ----a-w- c:\windows\system32\bcrypt.dll
    2012-11-10 02:39 . 2012-06-15 23:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-10 02:39 . 2011-05-13 13:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-30 03:04 . 2009-10-29 00:15 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-09-24 20:32 . 2012-09-04 16:54 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-24 20:32 . 2010-05-03 21:06 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-24 01:06 . 2010-12-05 20:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-09-24 01:06 . 2010-12-05 20:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-09-21 00:03 . 2011-04-13 00:52 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-09-21 00:03 . 2011-04-13 00:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-09-14 19:19 . 2012-10-10 18:54 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 18:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-08-30 18:03 . 2012-10-10 18:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 18:54 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 18:54 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-07 39408]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
    "Akamai NetSession Interface"="c:\users\Andrew\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
    "F.lux"="c:\users\Andrew\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="e:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "LogitechQuickCamRibbon"="e:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
    "LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "DNS7reminder"="e:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
    "Hobbyist Software On-Off Helper"="e:\program files (x86)\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe" [2011-07-19 550448]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="h:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "Logitech H800"="h:\program files (x86)\Logitech\H800\H800.exe" [2011-07-29 273432]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech blank Product Registration.lnk - h:\program files (x86)\Logitech\H800\eReg.exe [N/A]
    Logitech H800 Product Registration.lnk - h:\program files (x86)\Logitech\H800\eReg.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - h:\program files (x86)\Audible\Audible\Bin\AudibleDownloadHelper.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
    R2 SkypeUpdate;Skype Updater;h:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
    R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-30 1038088]
    R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
    R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [2007-02-06 1013024]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
    R3 RivaTuner64;RivaTuner64;e:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-01-10 19952]
    R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;e:\program files (x86)\RealTemp\WinRing0x64.sys [2008-07-27 14544]
    R4 Ntapnapwav;Ntapnapwav;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-02-23 1455648]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-02-23 2326920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
    S2 HDHomeRun Service;HDHomeRun Service;e:\program files\Silicondust\HDHomeRun\hdhomerun_service.exe [2012-04-05 16384]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
    S2 Off-Helper;Off-Helper;e:\program files (x86)\Hobbyist Software\Off-Helper\Off-Helper Service.exe [2011-07-19 6656]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-02-23 250400]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-04-30 76056]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-04-30 15128]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 02:27]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 02:27]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1572758858-3082492539-167362897-1001Core.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-29 00:53]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1572758858-3082492539-167362897-1001UA.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-29 00:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - e:\progra~3\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{d1bf4285-e49f-447e-8249-976311c07344} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-AppCallBurner - (no file)
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    SafeBoot-60923127.sys
    WebBrowser-{D1BF4285-E49F-447E-8249-976311C07344} - (no file)
    AddRemove-Driver Cleaner PE - e:\program files (x86)\Driver Cleaner PE\Uninst.exe
    AddRemove-HD Tune Pro_is1 - g:\program files (x86)\HD Tune Pro\unins000.exe
    AddRemove-Slawdog Smart Shutdown - e:\program files (x86)\Slawdog\Smart Shutdown\uninstall.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Andrew\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-24 13:34:05
    ComboFix-quarantined-files.txt 2012-11-24 19:34
    .
    Pre-Run: 8,073,760,768 bytes free
    Post-Run: 7,878,881,280 bytes free
    .
    - - End Of File - - 06490329340043B7510D58555954988B
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job. Next step:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  10. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    23:18:29.0425 6228 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    23:18:30.0035 6228 ============================================================
    23:18:30.0035 6228 Current date / time: 2012/11/25 23:18:30.0035
    23:18:30.0035 6228 SystemInfo:
    23:18:30.0035 6228
    23:18:30.0035 6228 OS Version: 6.1.7601 ServicePack: 1.0
    23:18:30.0035 6228 Product type: Workstation
    23:18:30.0035 6228 ComputerName: COW-PC
    23:18:30.0035 6228 UserName: Andrew
    23:18:30.0035 6228 Windows directory: C:\Windows
    23:18:30.0035 6228 System windows directory: C:\Windows
    23:18:30.0035 6228 Running under WOW64
    23:18:30.0035 6228 Processor architecture: Intel x64
    23:18:30.0035 6228 Number of processors: 8
    23:18:30.0035 6228 Page size: 0x1000
    23:18:30.0035 6228 Boot type: Normal boot
    23:18:30.0035 6228 ============================================================
    23:18:30.0503 6228 Drive \Device\Harddisk2\DR2 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    23:18:30.0503 6228 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:18:30.0519 6228 Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:18:30.0519 6228 ============================================================
    23:18:30.0519 6228 \Device\Harddisk2\DR2:
    23:18:30.0519 6228 MBR partitions:
    23:18:30.0519 6228 \Device\Harddisk0\DR0:
    23:18:30.0519 6228 MBR partitions:
    23:18:30.0519 6228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x773DD68
    23:18:30.0519 6228 \Device\Harddisk1\DR1:
    23:18:30.0519 6228 MBR partitions:
    23:18:30.0519 6228 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
    23:18:30.0519 6228 ============================================================
    23:18:30.0519 6228 C: <-> \Device\Harddisk0\DR0\Partition1
    23:18:30.0519 6228 H: <-> \Device\Harddisk1\DR1\Partition1
    23:18:30.0519 6228 ============================================================
    23:18:30.0519 6228 Initialize success
    23:18:30.0519 6228 ============================================================
    23:19:38.0829 7048 ============================================================
    23:19:38.0829 7048 Scan started
    23:19:38.0829 7048 Mode: Manual; SigCheck; TDLFS;
    23:19:38.0829 7048 ============================================================
    23:19:39.0094 7048 ================ Scan system memory ========================
    23:19:39.0094 7048 System memory - ok
    23:19:39.0094 7048 ================ Scan services =============================
    23:19:39.0110 7048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    23:19:39.0157 7048 1394ohci - ok
    23:19:39.0172 7048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    23:19:39.0188 7048 ACPI - ok
    23:19:39.0188 7048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    23:19:39.0204 7048 AcpiPmi - ok
    23:19:39.0219 7048 [ 2582060D70153B4AB12FF226B6ED7146 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    23:19:39.0250 7048 AcrSch2Svc - ok
    23:19:39.0250 7048 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
    23:19:39.0266 7048 adfs - ok
    23:19:39.0266 7048 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:19:39.0266 7048 AdobeARMservice - ok
    23:19:39.0282 7048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    23:19:39.0297 7048 adp94xx - ok
    23:19:39.0297 7048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    23:19:39.0313 7048 adpahci - ok
    23:19:39.0329 7048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    23:19:39.0329 7048 adpu320 - ok
    23:19:39.0344 7048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:19:39.0391 7048 AeLookupSvc - ok
    23:19:39.0391 7048 [ 3426A6EAA09077F3AB946FB9CEB85D8E ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
    23:19:39.0407 7048 afcdp - ok
    23:19:39.0438 7048 [ 986A134B1A1770599B7AF9354CBB066F ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    23:19:39.0532 7048 afcdpsrv - ok
    23:19:39.0547 7048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    23:19:39.0563 7048 AFD - ok
    23:19:39.0563 7048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:19:39.0563 7048 agp440 - ok
    23:19:39.0579 7048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    23:19:39.0579 7048 ALG - ok
    23:19:39.0594 7048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:19:39.0594 7048 aliide - ok
    23:19:39.0594 7048 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    23:19:39.0643 7048 AMD External Events Utility - ok
    23:19:39.0643 7048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    23:19:39.0659 7048 amdide - ok
    23:19:39.0659 7048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    23:19:39.0674 7048 AmdK8 - ok
    23:19:39.0784 7048 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    23:19:39.0924 7048 amdkmdag - ok
    23:19:39.0940 7048 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    23:19:39.0956 7048 amdkmdap - ok
    23:19:39.0956 7048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    23:19:39.0971 7048 AmdPPM - ok
    23:19:39.0971 7048 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
    23:19:39.0987 7048 amdsata - ok
    23:19:39.0987 7048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    23:19:40.0002 7048 amdsbs - ok
    23:19:40.0002 7048 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    23:19:40.0002 7048 amdxata - ok
    23:19:40.0002 7048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    23:19:40.0081 7048 AppID - ok
    23:19:40.0096 7048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    23:19:40.0112 7048 AppIDSvc - ok
    23:19:40.0112 7048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    23:19:40.0143 7048 Appinfo - ok
    23:19:40.0143 7048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:19:40.0159 7048 Apple Mobile Device - ok
    23:19:40.0159 7048 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    23:19:40.0174 7048 AppMgmt - ok
    23:19:40.0174 7048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    23:19:40.0190 7048 arc - ok
    23:19:40.0190 7048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    23:19:40.0190 7048 arcsas - ok
    23:19:40.0206 7048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    23:19:40.0221 7048 aspnet_state - ok
    23:19:40.0221 7048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:19:40.0252 7048 AsyncMac - ok
    23:19:40.0252 7048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    23:19:40.0252 7048 atapi - ok
    23:19:40.0268 7048 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    23:19:40.0268 7048 AtiHDAudioService - ok
    23:19:40.0268 7048 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    23:19:40.0284 7048 AtiHdmiService - ok
    23:19:40.0299 7048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:19:40.0331 7048 AudioEndpointBuilder - ok
    23:19:40.0346 7048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    23:19:40.0362 7048 AudioSrv - ok
    23:19:40.0377 7048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    23:19:40.0393 7048 AxInstSV - ok
    23:19:40.0409 7048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    23:19:40.0424 7048 b06bdrv - ok
    23:19:40.0424 7048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    23:19:40.0440 7048 b57nd60a - ok
    23:19:40.0440 7048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    23:19:40.0456 7048 BDESVC - ok
    23:19:40.0456 7048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:19:40.0487 7048 Beep - ok
    23:19:40.0502 7048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    23:19:40.0534 7048 BFE - ok
    23:19:40.0549 7048 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121106.001\BHDrvx64.sys
    23:19:40.0565 7048 BHDrvx64 - ok
    23:19:40.0596 7048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    23:19:40.0645 7048 BITS - ok
    23:19:40.0645 7048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    23:19:40.0661 7048 blbdrive - ok
    23:19:40.0661 7048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:19:40.0676 7048 Bonjour Service - ok
    23:19:40.0676 7048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:19:40.0692 7048 bowser - ok
    23:19:40.0692 7048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:19:40.0708 7048 BrFiltLo - ok
    23:19:40.0708 7048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:19:40.0723 7048 BrFiltUp - ok
    23:19:40.0723 7048 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    23:19:40.0754 7048 BridgeMP - ok
    23:19:40.0754 7048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    23:19:40.0770 7048 Browser - ok
    23:19:40.0770 7048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    23:19:40.0786 7048 Brserid - ok
    23:19:40.0786 7048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    23:19:40.0801 7048 BrSerWdm - ok
    23:19:40.0801 7048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:19:40.0817 7048 BrUsbMdm - ok
    23:19:40.0817 7048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    23:19:40.0833 7048 BrUsbSer - ok
    23:19:40.0833 7048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    23:19:40.0833 7048 BTHMODEM - ok
    23:19:40.0848 7048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    23:19:40.0864 7048 bthserv - ok
    23:19:40.0879 7048 [ 6E1641724439E18CE55ADEE2D347AA19 ] CamDrL64 C:\Windows\system32\DRIVERS\CamDrL64.sys
    23:19:40.0911 7048 CamDrL64 - ok
    23:19:40.0911 7048 catchme - ok
    23:19:40.0911 7048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:19:40.0942 7048 cdfs - ok
    23:19:40.0942 7048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    23:19:40.0958 7048 cdrom - ok
    23:19:40.0958 7048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    23:19:40.0989 7048 CertPropSvc - ok
    23:19:40.0989 7048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    23:19:41.0004 7048 circlass - ok
    23:19:41.0004 7048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    23:19:41.0020 7048 CLFS - ok
    23:19:41.0020 7048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:19:41.0036 7048 clr_optimization_v2.0.50727_32 - ok
    23:19:41.0036 7048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:19:41.0051 7048 clr_optimization_v2.0.50727_64 - ok
    23:19:41.0051 7048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:19:41.0067 7048 clr_optimization_v4.0.30319_32 - ok
    23:19:41.0067 7048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:19:41.0083 7048 clr_optimization_v4.0.30319_64 - ok
    23:19:41.0083 7048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:19:41.0098 7048 CmBatt - ok
    23:19:41.0098 7048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:19:41.0098 7048 cmdide - ok
    23:19:41.0114 7048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    23:19:41.0129 7048 CNG - ok
    23:19:41.0129 7048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:19:41.0145 7048 Compbatt - ok
    23:19:41.0145 7048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    23:19:41.0161 7048 CompositeBus - ok
    23:19:41.0161 7048 COMSysApp - ok
    23:19:41.0161 7048 [ C9C25778EFE890BAA4087E32937016A0 ] cpuz132 C:\Windows\system32\drivers\cpuz132_x64.sys
    23:19:41.0176 7048 cpuz132 - ok
    23:19:41.0176 7048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    23:19:41.0176 7048 crcdisk - ok
    23:19:41.0192 7048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:19:41.0208 7048 CryptSvc - ok
    23:19:41.0208 7048 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    23:19:41.0223 7048 CSC - ok
    23:19:41.0239 7048 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    23:19:41.0254 7048 CscService - ok
    23:19:41.0270 7048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:19:41.0286 7048 DcomLaunch - ok
    23:19:41.0301 7048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    23:19:41.0333 7048 defragsvc - ok
    23:19:41.0333 7048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:19:41.0364 7048 DfsC - ok
    23:19:41.0364 7048 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
    23:19:41.0364 7048 DgiVecp - ok
    23:19:41.0379 7048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    23:19:41.0411 7048 Dhcp - ok
    23:19:41.0411 7048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    23:19:41.0426 7048 discache - ok
    23:19:41.0442 7048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    23:19:41.0442 7048 Disk - ok
    23:19:41.0442 7048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:19:41.0458 7048 Dnscache - ok
    23:19:41.0458 7048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:19:41.0489 7048 dot3svc - ok
    23:19:41.0504 7048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    23:19:41.0520 7048 DPS - ok
    23:19:41.0520 7048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:19:41.0536 7048 drmkaud - ok
    23:19:41.0551 7048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:19:41.0583 7048 DXGKrnl - ok
    23:19:41.0583 7048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    23:19:41.0614 7048 EapHost - ok
    23:19:41.0663 7048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    23:19:41.0709 7048 ebdrv - ok
    23:19:41.0725 7048 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    23:19:41.0741 7048 eeCtrl - ok
    23:19:41.0741 7048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    23:19:41.0741 7048 EFS - ok
    23:19:41.0756 7048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:19:41.0772 7048 ehRecvr - ok
    23:19:41.0788 7048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    23:19:41.0788 7048 ehSched - ok
    23:19:41.0803 7048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    23:19:41.0819 7048 elxstor - ok
    23:19:41.0819 7048 EraserUtilDrv11220 - ok
    23:19:41.0819 7048 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    23:19:41.0834 7048 EraserUtilRebootDrv - ok
    23:19:41.0834 7048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    23:19:41.0850 7048 ErrDev - ok
    23:19:41.0850 7048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    23:19:41.0881 7048 EventSystem - ok
    23:19:41.0881 7048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    23:19:41.0913 7048 exfat - ok
    23:19:41.0928 7048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:19:41.0944 7048 fastfat - ok
    23:19:41.0959 7048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    23:19:41.0975 7048 Fax - ok
    23:19:41.0975 7048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:19:41.0991 7048 fdc - ok
    23:19:41.0991 7048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    23:19:42.0022 7048 fdPHost - ok
    23:19:42.0038 7048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    23:19:42.0053 7048 FDResPub - ok
    23:19:42.0069 7048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:19:42.0069 7048 FileInfo - ok
    23:19:42.0069 7048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:19:42.0100 7048 Filetrace - ok
    23:19:42.0116 7048 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    23:19:42.0131 7048 FLEXnet Licensing Service - ok
    23:19:42.0147 7048 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    23:19:42.0163 7048 FLEXnet Licensing Service 64 - ok
    23:19:42.0178 7048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:19:42.0178 7048 flpydisk - ok
    23:19:42.0178 7048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:19:42.0194 7048 FltMgr - ok
    23:19:42.0209 7048 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
    23:19:42.0256 7048 FontCache - ok
    23:19:42.0256 7048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:19:42.0256 7048 FontCache3.0.0.0 - ok
    23:19:42.0272 7048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    23:19:42.0272 7048 FsDepends - ok
    23:19:42.0272 7048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:19:42.0288 7048 Fs_Rec - ok
    23:19:42.0288 7048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    23:19:42.0303 7048 fvevol - ok
    23:19:42.0303 7048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:19:42.0319 7048 gagp30kx - ok
    23:19:42.0319 7048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\drivers\gearaspiwdm.sys
    23:19:42.0319 7048 GEARAspiWDM - ok
    23:19:42.0334 7048 [ 022807B149127B8FAA3DBEB13A7D9B41 ] GenericMount C:\Windows\system32\DRIVERS\GenericMount.sys
    23:19:42.0334 7048 GenericMount - ok
    23:19:42.0350 7048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    23:19:42.0381 7048 gpsvc - ok
    23:19:42.0381 7048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:19:42.0397 7048 gupdate - ok
    23:19:42.0397 7048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:19:42.0413 7048 gupdatem - ok
    23:19:42.0413 7048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:19:42.0428 7048 gusvc - ok
    23:19:42.0428 7048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    23:19:42.0444 7048 hcw85cir - ok
    23:19:42.0444 7048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    23:19:42.0459 7048 HdAudAddService - ok
    23:19:42.0459 7048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    23:19:42.0475 7048 HDAudBus - ok
    23:19:42.0475 7048 HDHomeRun Service - ok
    23:19:42.0475 7048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    23:19:42.0491 7048 HidBatt - ok
    23:19:42.0491 7048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    23:19:42.0506 7048 HidBth - ok
    23:19:42.0506 7048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    23:19:42.0522 7048 HidIr - ok
    23:19:42.0522 7048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    23:19:42.0538 7048 hidserv - ok
    23:19:42.0553 7048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:19:42.0553 7048 HidUsb - ok
    23:19:42.0553 7048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:19:42.0584 7048 hkmsvc - ok
    23:19:42.0584 7048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    23:19:42.0600 7048 HomeGroupListener - ok
    23:19:42.0600 7048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    23:19:42.0616 7048 HomeGroupProvider - ok
    23:19:42.0616 7048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    23:19:42.0631 7048 HpSAMD - ok
    23:19:42.0647 7048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:19:42.0696 7048 HTTP - ok
    23:19:42.0711 7048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    23:19:42.0711 7048 hwpolicy - ok
    23:19:42.0711 7048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    23:19:42.0727 7048 i8042prt - ok
    23:19:42.0727 7048 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    23:19:42.0743 7048 iaStorV - ok
    23:19:42.0743 7048 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    23:19:42.0758 7048 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    23:19:42.0758 7048 IDriverT - detected UnsignedFile.Multi.Generic (1)
    23:19:42.0774 7048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:19:42.0790 7048 idsvc - ok
    23:19:42.0790 7048 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121123.001\IDSvia64.sys
    23:19:42.0805 7048 IDSVia64 - ok
    23:19:42.0821 7048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    23:19:42.0821 7048 iirsp - ok
    23:19:42.0836 7048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    23:19:42.0868 7048 IKEEXT - ok
    23:19:42.0915 7048 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    23:19:42.0961 7048 IntcAzAudAddService - ok
    23:19:42.0961 7048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    23:19:42.0977 7048 intelide - ok
    23:19:42.0977 7048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:19:42.0993 7048 intelppm - ok
    23:19:42.0993 7048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:19:43.0008 7048 IPBusEnum - ok
    23:19:43.0024 7048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:19:43.0040 7048 IpFilterDriver - ok
    23:19:43.0055 7048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:19:43.0086 7048 iphlpsvc - ok
    23:19:43.0086 7048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    23:19:43.0102 7048 IPMIDRV - ok
    23:19:43.0102 7048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    23:19:43.0133 7048 IPNAT - ok
    23:19:43.0133 7048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:19:43.0165 7048 iPod Service - ok
    23:19:43.0165 7048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:19:43.0196 7048 IRENUM - ok
    23:19:43.0196 7048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:19:43.0196 7048 isapnp - ok
    23:19:43.0211 7048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    23:19:43.0211 7048 iScsiPrt - ok
    23:19:43.0227 7048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    23:19:43.0227 7048 kbdclass - ok
    23:19:43.0227 7048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    23:19:43.0243 7048 kbdhid - ok
    23:19:43.0243 7048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    23:19:43.0243 7048 KeyIso - ok
    23:19:43.0258 7048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:19:43.0258 7048 KSecDD - ok
    23:19:43.0258 7048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    23:19:43.0274 7048 KSecPkg - ok
    23:19:43.0274 7048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    23:19:43.0305 7048 ksthunk - ok
    23:19:43.0305 7048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:19:43.0336 7048 KtmRm - ok
    23:19:43.0352 7048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    23:19:43.0368 7048 LanmanServer - ok
    23:19:43.0383 7048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:19:43.0399 7048 LanmanWorkstation - ok
    23:19:43.0415 7048 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    23:19:43.0430 7048 LBTServ - ok
    23:19:43.0430 7048 [ ABFD2B5726F4CCE49297AE48806CC594 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
    23:19:43.0430 7048 LEqdUsb - ok
    23:19:43.0446 7048 [ 933F69CF9ACD2498693BFCD7ED68E8D4 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
    23:19:43.0446 7048 LHidEqd - ok
    23:19:43.0446 7048 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    23:19:43.0461 7048 LHidFilt - ok
    23:19:43.0493 7048 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    23:19:43.0555 7048 LiveUpdate - ok
    23:19:43.0555 7048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:19:43.0586 7048 lltdio - ok
    23:19:43.0586 7048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:19:43.0618 7048 lltdsvc - ok
    23:19:43.0618 7048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:19:43.0649 7048 lmhosts - ok
    23:19:43.0649 7048 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    23:19:43.0649 7048 LMouFilt - ok
    23:19:43.0665 7048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:19:43.0665 7048 LSI_FC - ok
    23:19:43.0665 7048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:19:43.0698 7048 LSI_SAS - ok
    23:19:43.0698 7048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:19:43.0713 7048 LSI_SAS2 - ok
    23:19:43.0713 7048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:19:43.0729 7048 LSI_SCSI - ok
    23:19:43.0729 7048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    23:19:43.0760 7048 luafv - ok
    23:19:43.0760 7048 [ 3C7A54AE999841F30E4648E0DE9E4B46 ] LVcKap64 C:\Windows\system32\DRIVERS\LVcKap64.sys
    23:19:43.0791 7048 LVcKap64 - ok
    23:19:43.0823 7048 [ D621D1C9650A5ADD39C64047FCF860A5 ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
    23:19:43.0854 7048 LVMVDrv - ok
    23:19:43.0854 7048 LVPr2M64 - ok
    23:19:43.0870 7048 [ E379CB87BF2DC0787D825D4CB91C27A8 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    23:19:43.0870 7048 LVPr2Mon - ok
    23:19:43.0870 7048 [ DF8B20BBEC546D94CECF75C48A596AEC ] LVPrcS64 c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    23:19:43.0885 7048 LVPrcS64 - ok
    23:19:43.0885 7048 [ 65E0EC0338C9ADE32D044A8CC18C147B ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    23:19:43.0901 7048 LVSrvLauncher - ok
    23:19:43.0901 7048 [ 9761370FFB533CF6E4A7176F4BAA3BA9 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
    23:19:43.0916 7048 LVUSBS64 - ok
    23:19:43.0916 7048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:19:43.0916 7048 Mcx2Svc - ok
    23:19:43.0932 7048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    23:19:43.0932 7048 megasas - ok
    23:19:43.0948 7048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    23:19:43.0948 7048 MegaSR - ok
    23:19:43.0963 7048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    23:19:43.0979 7048 MMCSS - ok
    23:19:43.0979 7048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    23:19:44.0010 7048 Modem - ok
    23:19:44.0010 7048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:19:44.0026 7048 monitor - ok
    23:19:44.0026 7048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:19:44.0041 7048 mouclass - ok
    23:19:44.0041 7048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:19:44.0041 7048 mouhid - ok
    23:19:44.0057 7048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    23:19:44.0057 7048 mountmgr - ok
    23:19:44.0057 7048 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    23:19:44.0088 7048 MozillaMaintenance - ok
    23:19:44.0088 7048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:19:44.0104 7048 mpio - ok
    23:19:44.0104 7048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:19:44.0135 7048 mpsdrv - ok
    23:19:44.0135 7048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:19:44.0182 7048 MpsSvc - ok
    23:19:44.0182 7048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:19:44.0198 7048 MRxDAV - ok
    23:19:44.0198 7048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:19:44.0213 7048 mrxsmb - ok
    23:19:44.0213 7048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:19:44.0229 7048 mrxsmb10 - ok
    23:19:44.0229 7048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:19:44.0245 7048 mrxsmb20 - ok
    23:19:44.0245 7048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    23:19:44.0245 7048 msahci - ok
    23:19:44.0260 7048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:19:44.0260 7048 msdsm - ok
    23:19:44.0260 7048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    23:19:44.0276 7048 MSDTC - ok
    23:19:44.0276 7048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:19:44.0307 7048 Msfs - ok
    23:19:44.0307 7048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    23:19:44.0338 7048 mshidkmdf - ok
    23:19:44.0338 7048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:19:44.0354 7048 msisadrv - ok
    23:19:44.0354 7048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:19:44.0385 7048 MSiSCSI - ok
    23:19:44.0385 7048 msiserver - ok
    23:19:44.0385 7048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:19:44.0416 7048 MSKSSRV - ok
    23:19:44.0416 7048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:19:44.0448 7048 MSPCLOCK - ok
    23:19:44.0448 7048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:19:44.0479 7048 MSPQM - ok
    23:19:44.0479 7048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:19:44.0495 7048 MsRPC - ok
    23:19:44.0495 7048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    23:19:44.0510 7048 mssmbios - ok
    23:19:44.0510 7048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:19:44.0541 7048 MSTEE - ok
    23:19:44.0541 7048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    23:19:44.0541 7048 MTConfig - ok
    23:19:44.0557 7048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:19:44.0557 7048 Mup - ok
    23:19:44.0573 7048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    23:19:44.0604 7048 napagent - ok
    23:19:44.0604 7048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:19:44.0620 7048 NativeWifiP - ok
    23:19:44.0620 7048 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
    23:19:44.0635 7048 NAV - ok
    23:19:44.0635 7048 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121124.005\ENG64.SYS
    23:19:44.0651 7048 NAVENG - ok
    23:19:44.0666 7048 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121124.005\EX64.SYS
    23:19:44.0716 7048 NAVEX15 - ok
    23:19:44.0716 7048 NBService - ok
    23:19:44.0732 7048 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:19:44.0763 7048 NDIS - ok
    23:19:44.0763 7048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    23:19:44.0794 7048 NdisCap - ok
    23:19:44.0794 7048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:19:44.0826 7048 NdisTapi - ok
    23:19:44.0826 7048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:19:44.0857 7048 Ndisuio - ok
    23:19:44.0857 7048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:19:44.0888 7048 NdisWan - ok
    23:19:44.0888 7048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:19:44.0904 7048 NDProxy - ok
    23:19:44.0919 7048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:19:44.0935 7048 NetBIOS - ok
    23:19:44.0951 7048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    23:19:44.0966 7048 NetBT - ok
    23:19:44.0982 7048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    23:19:44.0982 7048 Netlogon - ok
    23:19:44.0982 7048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    23:19:45.0013 7048 Netman - ok
    23:19:45.0029 7048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  11. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    23:19:45.0029 7048 NetMsmqActivator - ok
    23:19:45.0029 7048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:19:45.0044 7048 NetPipeActivator - ok
    23:19:45.0044 7048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    23:19:45.0076 7048 netprofm - ok
    23:19:45.0091 7048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:19:45.0091 7048 NetTcpActivator - ok
    23:19:45.0091 7048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:19:45.0107 7048 NetTcpPortSharing - ok
    23:19:45.0107 7048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    23:19:45.0107 7048 nfrd960 - ok
    23:19:45.0123 7048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:19:45.0154 7048 NlaSvc - ok
    23:19:45.0154 7048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:19:45.0185 7048 Npfs - ok
    23:19:45.0185 7048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    23:19:45.0216 7048 nsi - ok
    23:19:45.0216 7048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:19:45.0232 7048 nsiproxy - ok
    23:19:45.0248 7048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] Ntapnapwav C:\Windows\system32\drivers\wimmount.sys
    23:19:45.0248 7048 Ntapnapwav - ok
    23:19:45.0279 7048 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:19:45.0310 7048 Ntfs - ok
    23:19:45.0310 7048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    23:19:45.0341 7048 Null - ok
    23:19:45.0341 7048 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:19:45.0357 7048 nvraid - ok
    23:19:45.0357 7048 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:19:45.0373 7048 nvstor - ok
    23:19:45.0373 7048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:19:45.0388 7048 nv_agp - ok
    23:19:45.0388 7048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:19:45.0404 7048 odserv - ok
    23:19:45.0404 7048 Off-Helper - ok
    23:19:45.0404 7048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:19:45.0419 7048 ohci1394 - ok
    23:19:45.0419 7048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:19:45.0435 7048 ose - ok
    23:19:45.0435 7048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    23:19:45.0451 7048 p2pimsvc - ok
    23:19:45.0466 7048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:19:45.0466 7048 p2psvc - ok
    23:19:45.0482 7048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    23:19:45.0482 7048 Parport - ok
    23:19:45.0482 7048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:19:45.0498 7048 partmgr - ok
    23:19:45.0498 7048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:19:45.0513 7048 PcaSvc - ok
    23:19:45.0513 7048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    23:19:45.0529 7048 pci - ok
    23:19:45.0529 7048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    23:19:45.0544 7048 pciide - ok
    23:19:45.0544 7048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    23:19:45.0560 7048 pcmcia - ok
    23:19:45.0560 7048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    23:19:45.0576 7048 pcw - ok
    23:19:45.0576 7048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:19:45.0607 7048 PEAUTH - ok
    23:19:45.0638 7048 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    23:19:45.0669 7048 PeerDistSvc - ok
    23:19:45.0685 7048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    23:19:45.0701 7048 PerfHost - ok
    23:19:45.0716 7048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    23:19:45.0763 7048 pla - ok
    23:19:45.0763 7048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:19:45.0794 7048 PlugPlay - ok
    23:19:45.0794 7048 PnkBstrA - ok
    23:19:45.0794 7048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    23:19:45.0810 7048 PNRPAutoReg - ok
    23:19:45.0810 7048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    23:19:45.0826 7048 PNRPsvc - ok
    23:19:45.0826 7048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:19:45.0857 7048 PolicyAgent - ok
    23:19:45.0873 7048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    23:19:45.0888 7048 Power - ok
    23:19:45.0904 7048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:19:45.0919 7048 PptpMiniport - ok
    23:19:45.0919 7048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    23:19:45.0935 7048 Processor - ok
    23:19:45.0935 7048 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    23:19:45.0966 7048 ProfSvc - ok
    23:19:45.0966 7048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:19:45.0982 7048 ProtectedStorage - ok
    23:19:45.0982 7048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    23:19:46.0013 7048 Psched - ok
    23:19:46.0013 7048 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    23:19:46.0029 7048 PxHlpa64 - ok
    23:19:46.0044 7048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    23:19:46.0076 7048 ql2300 - ok
    23:19:46.0076 7048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    23:19:46.0091 7048 ql40xx - ok
    23:19:46.0091 7048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    23:19:46.0107 7048 QWAVE - ok
    23:19:46.0107 7048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:19:46.0123 7048 QWAVEdrv - ok
    23:19:46.0123 7048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:19:46.0154 7048 RasAcd - ok
    23:19:46.0154 7048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:19:46.0185 7048 RasAgileVpn - ok
    23:19:46.0185 7048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    23:19:46.0216 7048 RasAuto - ok
    23:19:46.0216 7048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:19:46.0248 7048 Rasl2tp - ok
    23:19:46.0248 7048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    23:19:46.0279 7048 RasMan - ok
    23:19:46.0279 7048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:19:46.0310 7048 RasPppoe - ok
    23:19:46.0310 7048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:19:46.0341 7048 RasSstp - ok
    23:19:46.0341 7048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:19:46.0373 7048 rdbss - ok
    23:19:46.0373 7048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    23:19:46.0388 7048 rdpbus - ok
    23:19:46.0388 7048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:19:46.0419 7048 RDPCDD - ok
    23:19:46.0419 7048 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    23:19:46.0435 7048 RDPDR - ok
    23:19:46.0435 7048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:19:46.0451 7048 RDPENCDD - ok
    23:19:46.0466 7048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    23:19:46.0482 7048 RDPREFMP - ok
    23:19:46.0498 7048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:19:46.0498 7048 RDPWD - ok
    23:19:46.0513 7048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    23:19:46.0513 7048 rdyboost - ok
    23:19:46.0529 7048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:19:46.0544 7048 RemoteAccess - ok
    23:19:46.0544 7048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:19:46.0576 7048 RemoteRegistry - ok
    23:19:46.0576 7048 RivaTuner64 - ok
    23:19:46.0591 7048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    23:19:46.0607 7048 RpcEptMapper - ok
    23:19:46.0623 7048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    23:19:46.0623 7048 RpcLocator - ok
    23:19:46.0638 7048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    23:19:46.0669 7048 RpcSs - ok
    23:19:46.0669 7048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:19:46.0701 7048 rspndr - ok
    23:19:46.0701 7048 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    23:19:46.0716 7048 RTL8167 - ok
    23:19:46.0716 7048 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    23:19:46.0732 7048 s3cap - ok
    23:19:46.0732 7048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    23:19:46.0748 7048 SamSs - ok
    23:19:46.0748 7048 SANDRA - ok
    23:19:46.0748 7048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:19:46.0763 7048 sbp2port - ok
    23:19:46.0763 7048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:19:46.0794 7048 SCardSvr - ok
    23:19:46.0794 7048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    23:19:46.0826 7048 scfilter - ok
    23:19:46.0841 7048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    23:19:46.0873 7048 Schedule - ok
    23:19:46.0888 7048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:19:46.0904 7048 SCPolicySvc - ok
    23:19:46.0904 7048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:19:46.0919 7048 SDRSVC - ok
    23:19:46.0919 7048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:19:46.0951 7048 secdrv - ok
    23:19:46.0951 7048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    23:19:46.0982 7048 seclogon - ok
    23:19:46.0982 7048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    23:19:47.0013 7048 SENS - ok
    23:19:47.0013 7048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    23:19:47.0029 7048 SensrSvc - ok
    23:19:47.0029 7048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    23:19:47.0029 7048 Serenum - ok
    23:19:47.0029 7048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    23:19:47.0044 7048 Serial - ok
    23:19:47.0044 7048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    23:19:47.0060 7048 sermouse - ok
    23:19:47.0060 7048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:19:47.0091 7048 SessionEnv - ok
    23:19:47.0091 7048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    23:19:47.0107 7048 sffdisk - ok
    23:19:47.0107 7048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:19:47.0123 7048 sffp_mmc - ok
    23:19:47.0123 7048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    23:19:47.0123 7048 sffp_sd - ok
    23:19:47.0138 7048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    23:19:47.0138 7048 sfloppy - ok
    23:19:47.0138 7048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:19:47.0169 7048 SharedAccess - ok
    23:19:47.0185 7048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:19:47.0216 7048 ShellHWDetection - ok
    23:19:47.0216 7048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:19:47.0216 7048 SiSRaid2 - ok
    23:19:47.0232 7048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    23:19:47.0232 7048 SiSRaid4 - ok
    23:19:47.0232 7048 [ 01ACB9228C303DE1FFF82B807D28B2B0 ] skfiltv C:\Windows\system32\drivers\skfiltv.sys
    23:19:47.0248 7048 skfiltv - ok
    23:19:47.0248 7048 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate H:\Program Files (x86)\Skype\Updater\Updater.exe
    23:19:47.0263 7048 SkypeUpdate - ok
    23:19:47.0263 7048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:19:47.0294 7048 Smb - ok
    23:19:47.0294 7048 [ 446EB38CE4A6D040F548B2F547CA96FF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
    23:19:47.0310 7048 snapman - ok
    23:19:47.0326 7048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:19:47.0326 7048 SNMPTRAP - ok
    23:19:47.0326 7048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    23:19:47.0341 7048 spldr - ok
    23:19:47.0341 7048 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    23:19:47.0373 7048 Spooler - ok
    23:19:47.0419 7048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    23:19:47.0482 7048 sppsvc - ok
    23:19:47.0482 7048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    23:19:47.0513 7048 sppuinotify - ok
    23:19:47.0529 7048 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
    23:19:47.0544 7048 SRTSP - ok
    23:19:47.0544 7048 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
    23:19:47.0544 7048 SRTSPX - ok
    23:19:47.0560 7048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:19:47.0576 7048 srv - ok
    23:19:47.0576 7048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:19:47.0591 7048 srv2 - ok
    23:19:47.0591 7048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:19:47.0607 7048 srvnet - ok
    23:19:47.0607 7048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:19:47.0638 7048 SSDPSRV - ok
    23:19:47.0638 7048 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
    23:19:47.0654 7048 SSPORT - ok
    23:19:47.0654 7048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:19:47.0685 7048 SstpSvc - ok
    23:19:47.0685 7048 Steam Client Service - ok
    23:19:47.0685 7048 [ 29662881A46DB66730C62A4F1BFA3DC2 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    23:19:47.0701 7048 Stereo Service - ok
    23:19:47.0701 7048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    23:19:47.0701 7048 stexstor - ok
    23:19:47.0716 7048 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    23:19:47.0716 7048 StillCam - ok
    23:19:47.0732 7048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    23:19:47.0748 7048 stisvc - ok
    23:19:47.0748 7048 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    23:19:47.0763 7048 storflt - ok
    23:19:47.0763 7048 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    23:19:47.0779 7048 StorSvc - ok
    23:19:47.0779 7048 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    23:19:47.0779 7048 storvsc - ok
    23:19:47.0794 7048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    23:19:47.0794 7048 swenum - ok
    23:19:47.0810 7048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    23:19:47.0841 7048 swprv - ok
    23:19:47.0841 7048 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
    23:19:47.0857 7048 SymDS - ok
    23:19:47.0873 7048 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
    23:19:47.0888 7048 SymEFA - ok
    23:19:47.0904 7048 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    23:19:47.0904 7048 SymEvent - ok
    23:19:47.0919 7048 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
    23:19:47.0919 7048 SymIRON - ok
    23:19:47.0935 7048 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
    23:19:47.0935 7048 SymNetS - ok
    23:19:47.0966 7048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    23:19:47.0998 7048 SysMain - ok
    23:19:48.0013 7048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:19:48.0029 7048 TabletInputService - ok
    23:19:48.0029 7048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:19:48.0060 7048 TapiSrv - ok
    23:19:48.0060 7048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    23:19:48.0091 7048 TBS - ok
    23:19:48.0107 7048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:19:48.0138 7048 Tcpip - ok
    23:19:48.0169 7048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:19:48.0185 7048 TCPIP6 - ok
    23:19:48.0201 7048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:19:48.0216 7048 tcpipreg - ok
    23:19:48.0232 7048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:19:48.0232 7048 TDPIPE - ok
    23:19:48.0248 7048 [ DF9179B7BDF0C5B71F9C3D93C016BAE5 ] tdrpman251 C:\Windows\system32\DRIVERS\tdrpm251.sys
    23:19:48.0279 7048 tdrpman251 - ok
    23:19:48.0294 7048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:19:48.0294 7048 TDTCP - ok
    23:19:48.0294 7048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:19:48.0326 7048 tdx - ok
    23:19:48.0326 7048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    23:19:48.0341 7048 TermDD - ok
    23:19:48.0357 7048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    23:19:48.0388 7048 TermService - ok
    23:19:48.0388 7048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    23:19:48.0404 7048 Themes - ok
    23:19:48.0404 7048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    23:19:48.0435 7048 THREADORDER - ok
    23:19:48.0435 7048 [ F7546EAD58CC3000AC02CF9529B9934E ] timounter C:\Windows\system32\DRIVERS\timntr.sys
    23:19:48.0466 7048 timounter - ok
    23:19:48.0466 7048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    23:19:48.0498 7048 TrkWks - ok
    23:19:48.0498 7048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:19:48.0529 7048 TrustedInstaller - ok
    23:19:48.0529 7048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:19:48.0560 7048 tssecsrv - ok
    23:19:48.0560 7048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    23:19:48.0576 7048 TsUsbFlt - ok
    23:19:48.0576 7048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:19:48.0607 7048 tunnel - ok
    23:19:48.0607 7048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    23:19:48.0607 7048 uagp35 - ok
    23:19:48.0623 7048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:19:48.0654 7048 udfs - ok
    23:19:48.0654 7048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:19:48.0669 7048 UI0Detect - ok
    23:19:48.0669 7048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:19:48.0669 7048 uliagpkx - ok
    23:19:48.0685 7048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    23:19:48.0685 7048 umbus - ok
    23:19:48.0685 7048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    23:19:48.0701 7048 UmPass - ok
    23:19:48.0701 7048 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    23:19:48.0716 7048 UmRdpService - ok
    23:19:48.0716 7048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    23:19:48.0748 7048 upnphost - ok
    23:19:48.0748 7048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    23:19:48.0763 7048 USBAAPL64 - ok
    23:19:48.0763 7048 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    23:19:48.0779 7048 usbaudio - ok
    23:19:48.0779 7048 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:19:48.0794 7048 usbccgp - ok
    23:19:48.0794 7048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:19:48.0810 7048 usbcir - ok
    23:19:48.0810 7048 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    23:19:48.0826 7048 usbehci - ok
    23:19:48.0826 7048 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
    23:19:48.0841 7048 usbhub - ok
    23:19:48.0841 7048 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    23:19:48.0857 7048 usbohci - ok
    23:19:48.0857 7048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    23:19:48.0857 7048 usbprint - ok
    23:19:48.0873 7048 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:19:48.0873 7048 USBSTOR - ok
    23:19:48.0888 7048 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    23:19:48.0888 7048 usbuhci - ok
    23:19:48.0888 7048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    23:19:48.0919 7048 UxSms - ok
    23:19:48.0919 7048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    23:19:48.0935 7048 VaultSvc - ok
    23:19:48.0935 7048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    23:19:48.0935 7048 vdrvroot - ok
    23:19:48.0951 7048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    23:19:48.0982 7048 vds - ok
    23:19:48.0982 7048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:19:48.0998 7048 vga - ok
    23:19:48.0998 7048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:19:49.0013 7048 VgaSave - ok
    23:19:49.0029 7048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    23:19:49.0029 7048 vhdmp - ok
    23:19:49.0044 7048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    23:19:49.0044 7048 viaide - ok
    23:19:49.0044 7048 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    23:19:49.0060 7048 vmbus - ok
    23:19:49.0060 7048 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    23:19:49.0076 7048 VMBusHID - ok
    23:19:49.0076 7048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:19:49.0091 7048 volmgr - ok
    23:19:49.0091 7048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:19:49.0107 7048 volmgrx - ok
    23:19:49.0123 7048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:19:49.0123 7048 volsnap - ok
    23:19:49.0138 7048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    23:19:49.0138 7048 vsmraid - ok
    23:19:49.0169 7048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    23:19:49.0216 7048 VSS - ok
    23:19:49.0216 7048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    23:19:49.0216 7048 vwifibus - ok
    23:19:49.0232 7048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    23:19:49.0263 7048 W32Time - ok
    23:19:49.0263 7048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    23:19:49.0279 7048 WacomPen - ok
    23:19:49.0279 7048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    23:19:49.0294 7048 WANARP - ok
    23:19:49.0310 7048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:19:49.0326 7048 Wanarpv6 - ok
    23:19:49.0341 7048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    23:19:49.0373 7048 WatAdminSvc - ok
    23:19:49.0404 7048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    23:19:49.0435 7048 wbengine - ok
    23:19:49.0435 7048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    23:19:49.0451 7048 WbioSrvc - ok
    23:19:49.0451 7048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:19:49.0466 7048 wcncsvc - ok
    23:19:49.0482 7048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:19:49.0482 7048 WcsPlugInService - ok
    23:19:49.0498 7048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    23:19:49.0498 7048 Wd - ok
    23:19:49.0513 7048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:19:49.0529 7048 Wdf01000 - ok
    23:19:49.0529 7048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:19:49.0560 7048 WdiServiceHost - ok
    23:19:49.0560 7048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:19:49.0576 7048 WdiSystemHost - ok
    23:19:49.0576 7048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    23:19:49.0607 7048 WebClient - ok
    23:19:49.0607 7048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:19:49.0638 7048 Wecsvc - ok
    23:19:49.0638 7048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:19:49.0669 7048 wercplsupport - ok
    23:19:49.0669 7048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    23:19:49.0701 7048 WerSvc - ok
    23:19:49.0701 7048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    23:19:49.0716 7048 WfpLwf - ok
    23:19:49.0732 7048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    23:19:49.0732 7048 WIMMount - ok
    23:19:49.0732 7048 WinDefend - ok
    23:19:49.0748 7048 WinHttpAutoProxySvc - ok
    23:19:49.0748 7048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:19:49.0779 7048 Winmgmt - ok
    23:19:49.0779 7048 WinRing0_1_2_0 - ok
    23:19:49.0810 7048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    23:19:49.0857 7048 WinRM - ok
    23:19:49.0873 7048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    23:19:49.0873 7048 WinUsb - ok
    23:19:49.0888 7048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:19:49.0919 7048 Wlansvc - ok
    23:19:49.0919 7048 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
    23:19:49.0919 7048 WmBEnum - ok
    23:19:49.0935 7048 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
    23:19:49.0935 7048 WmFilter - ok
    23:19:49.0935 7048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    23:19:49.0951 7048 WmiAcpi - ok
    23:19:49.0951 7048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:19:49.0966 7048 wmiApSrv - ok
    23:19:49.0966 7048 WMPNetworkSvc - ok
    23:19:49.0966 7048 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
    23:19:49.0982 7048 WmVirHid - ok
    23:19:49.0982 7048 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
    23:19:49.0982 7048 WmXlCore - ok
    23:19:49.0998 7048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:19:49.0998 7048 WPCSvc - ok
    23:19:50.0013 7048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:19:50.0013 7048 WPDBusEnum - ok
    23:19:50.0013 7048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:19:50.0044 7048 ws2ifsl - ok
    23:19:50.0044 7048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    23:19:50.0060 7048 wscsvc - ok
    23:19:50.0060 7048 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    23:19:50.0076 7048 WSDPrintDevice - ok
    23:19:50.0076 7048 WSearch - ok
    23:19:50.0107 7048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    23:19:50.0154 7048 wuauserv - ok
    23:19:50.0154 7048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:19:50.0185 7048 WudfPf - ok
    23:19:50.0185 7048 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:19:50.0216 7048 WUDFRd - ok
    23:19:50.0232 7048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:19:50.0248 7048 wudfsvc - ok
    23:19:50.0263 7048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    23:19:50.0279 7048 WwanSvc - ok
    23:19:50.0279 7048 ================ Scan global ===============================
    23:19:50.0279 7048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    23:19:50.0279 7048 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:19:50.0294 7048 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:19:50.0294 7048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    23:19:50.0294 7048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    23:19:50.0310 7048 [Global] - ok
    23:19:50.0310 7048 ================ Scan MBR ==================================
    23:19:50.0310 7048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
    23:19:50.0607 7048 \Device\Harddisk2\DR2 - ok
    23:19:50.0607 7048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    23:19:50.0669 7048 \Device\Harddisk0\DR0 - ok
    23:19:50.0669 7048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    23:19:50.0685 7048 \Device\Harddisk1\DR1 - ok
    23:19:50.0685 7048 ================ Scan VBR ==================================
    23:19:50.0685 7048 [ D8AD2BEAE7615AFCC08CC2F725E05253 ] \Device\Harddisk0\DR0\Partition1
    23:19:50.0685 7048 \Device\Harddisk0\DR0\Partition1 - ok
    23:19:50.0685 7048 [ FC6E3EA2792380803E52DCD9093E9222 ] \Device\Harddisk1\DR1\Partition1
    23:19:50.0685 7048 \Device\Harddisk1\DR1\Partition1 - ok
    23:19:50.0685 7048 ============================================================
    23:19:50.0685 7048 Scan finished
    23:19:50.0685 7048 ============================================================
    23:19:50.0701 6408 Detected object count: 1
    23:19:50.0701 6408 Actual detected object count: 1
    23:20:34.0859 6408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    23:20:34.0859 6408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  13. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    Haven't had any bad computer symptoms, computer has been running fine, no error messages anymore. Here are the results from the ESET scan:

    D:\Androoo's ****\Cow Networks\topspywareremovers.net\topspywareremovers.net\wp-content\themes\emporium\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    D:\Androoo's ****\Cow Networks\topspywareremovers.net\topspywareremovers.net\wp-content\themes\Stripey\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    E:\BHW Media\resources\Autoblogs\2 - Plugins\Plugins\exclude-pages\Stripey\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    F:\Users\Andrew\AppData\Local\Temp\ldm1.exe Win32/Adware.Primawega.AE application cleaned by deleting - quarantined
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  15. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    Sorry for delayed response, here is the log file you were looking for:

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton AntiVirus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    DH Driver Cleaner Platinum Edition
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 11.5.502.110
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox (17.0)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Norton AntiVirus Engine 18.7.1.3 ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Remove these old versions of Google Chrome:

    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91


    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems



    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  17. nerdyandrew

    nerdyandrew TS Rookie Topic Starter

    Awesome, I have updated all my software. Thank you so much for your help DragonMasterJay!!
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Have a good one!

    Topic solved. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.