Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getanswersfast redirect & smitfraud-c.generic


  • This topic is locked This topic is locked
23 replies to this topic

#1 joshuals

joshuals

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 19 April 2012 - 12:57 PM

Dell Inspiron Laptop
Windows7 Home Premium 64bit
Running Norton 360 - definitions current

Here's the gist of what happened in chronological order between 4-15-12 & 4-19-12

(1) Google search redirected to wwww.getanswersfast.com
repeated attempts with different search strings resulted in same redirect
did not click on any links on getanswersfast.com
(2) Ran Spybot S&D Scan
found instance of smitfraud-c.generic
attempted fix
fix reported as successful
(3) Ran Spybot S&D Scan
again found instance of smitfraud-c.generic
did not attempt further fix
(4) Ran Norton360 full system scan
no malware found
(5) Elected option to run Norton Power Eraser
found instance of kmzkybj.dll
selected fix w/ system restore snapshot
(6) Computer Reboot
instance of BSOD but screen disappeared too quickly to read
Startup Repair ran; when done clicked finish
(7) Computer Reboot
instance of BSOD but screen disappeared too quickly to read
Startup Repair ran but reported failure
(8) Computer Reboot
numerous attempts to run Startup Repair failed
(9) Computer Reboot attempted to start in Safe Mode
Startup Repair ran but reported failure
Startup Repair log (hand copied)
Prob Signature 01: 6.1.7600.16385
Prob Signature 02: 6.1.7600.16385
Prob Signature 03: Unknown
Prob Signature 04: 21200554
Prob Signautre 05: Auto Failover
Prob Signature 06: 3
Prob Signature 07: No Root Cause
OS: 6.1.7600.2.0.0.2561
ID: 1033
(10) Ran Dell System Restore Disk (restore system to image when laptop was purchased)
Message: Partition Formatted
Message: Content Reinstall
Message: Restart Required
(11) Computer reboot
Windows loaded normally
Message: Preparing Computer for Frist Use
Followed Standard Windows Setup Procedure
(12) Installed pay version of MBAM
Full Scan: No problems detected
(13) Reinstalled Spybot S&D
Scan: No problems found
(14) Installed TDSSkiller.exe
Scan with all parameters checked
4 instances UnsignedFile.Multi.Generic
1 instance \Device\Harddisl0\DR0 (TDSS File System)
Default action was "skip" in all cases; accepted default
(15) Resotred data files from external backup source: no problems encountered
(16) Computer appears to act normally for the past 48 hours; have been re-installing software: no problems
(17) I have run Windows Update numerous times since re-imaging the HDD; at this time there are no further updates found to be installed
(18) Google now operating normally

Please help me determine if the computer is clean and what else I need to do to ensure that it is clean. Also tell me what action to take with TDSSkiller scan (skip or ?)


I believe I have followed all applicable steps in your Guide; below is DDS results

Thank you for your help

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ben at 10:36:12 on 2012-04-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5453 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Sidebar\Sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://idm.west.cox.net/coxlogin/ui/webmail?TARGET=-SM-http%3a%2f%2fwebmail.west.cox.net%2fdo%2fhome
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9384C5D0-1C31-4AA4-8AD5-6E4F394A9E99} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120418.001\IDSviA64.sys [2012-4-18 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/01/08 03:28:56];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-1-8 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-8 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-28 606720]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-8 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-17 654408]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-4-17 138232]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-17 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-8 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-8 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-28 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-17 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-19 16:23:50 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2012-04-18 19:56:30 -------- d-----w- C:\Program Files (x86)\BibleCD
2012-04-18 19:54:50 306688 ----a-w- C:\Windows\IsUninst.exe
2012-04-18 19:33:38 -------- d-----w- C:\Program Files (x86)\Microsoft Streets & Trips 2011
2012-04-18 19:31:55 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-18 17:34:09 -------- d-----w- C:\Program Files (x86)\Garmin
2012-04-18 17:23:48 -------- d-----w- C:\ProgramData\GARMIN
2012-04-18 16:26:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-18 16:26:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-18 15:56:21 -------- d-----w- C:\Windows\System32\SPReview
2012-04-18 15:55:53 -------- d-----w- C:\Windows\System32\EventProviders
2012-04-18 15:30:36 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-04-18 13:33:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-04-18 13:10:10 -------- d-----w- C:\Users\Ben\AppData\Local\Akamai
2012-04-18 12:36:59 582656 ----a-w- C:\Windows\System32\sxs.dll
2012-04-18 12:35:59 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-04-18 12:35:59 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-04-18 12:35:59 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-04-18 12:35:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-04-18 12:35:00 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-04-18 12:34:57 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-04-18 05:24:35 -------- d-----w- C:\Users\Ben\AppData\Roaming\Macrovision
2012-04-18 04:43:34 345448 ----a-w- C:\Windows\System32\hpinksts9311LM.dll
2012-04-18 04:43:34 274792 ----a-w- C:\Windows\System32\hpinkcoi9311.dll
2012-04-18 03:34:18 -------- d-----w- C:\malware_detection
2012-04-17 22:38:36 -------- d-----w- C:\temp_norton_restored_files
2012-04-17 20:40:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-17 20:40:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-17 19:54:21 -------- d-----w- C:\Users\Ben\AppData\Roaming\Malwarebytes
2012-04-17 19:54:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 19:54:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-17 19:54:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 19:12:38 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-04-17 19:12:38 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-04-17 19:12:38 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-17 18:52:17 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-17 18:52:17 -------- d-----w- C:\Windows\System32\Wat
2012-04-17 18:33:44 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-17 18:29:49 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-17 18:29:49 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-17 18:29:49 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-17 18:27:28 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 18:27:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 18:27:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 18:27:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 18:27:28 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-17 18:27:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 18:27:28 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-17 18:24:52 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-17 18:23:54 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-04-17 18:23:54 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-04-17 18:23:54 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-04-17 18:23:53 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-04-17 18:23:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-17 18:23:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-04-17 18:23:52 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-17 18:23:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-17 18:20:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-17 18:20:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-17 18:20:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-17 18:20:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-17 18:20:00 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-17 18:20:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-17 18:19:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-17 18:18:19 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-17 18:18:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-17 18:18:19 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-17 18:18:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-17 18:05:26 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys
2012-04-17 18:05:26 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\SymDS64.sys
2012-04-17 18:05:26 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys
2012-04-17 18:05:26 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys
2012-04-17 18:05:26 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\Ironx64.sys
2012-04-17 18:05:26 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccSetx64.sys
2012-04-17 18:05:26 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\SymEFA64.sys
2012-04-17 18:05:21 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A
2012-04-17 18:00:33 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D83665F-EDDB-4D37-96B0-C1D70BE76DB9}\mpengine.dll
2012-04-16 22:47:04 573440 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll
2012-04-16 22:47:04 155648 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdapml.dll
2012-04-16 22:46:57 -------- d-----w- C:\Program Files (x86)\Common Files\Bentley Shared
2012-04-16 22:46:57 -------- d-----w- C:\Program Files (x86)\Bentley
2012-04-16 22:46:10 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-16 22:46:09 77824 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-16 22:46:09 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-16 22:46:09 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-16 22:46:08 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-16 21:58:22 -------- d-----w- C:\projects
2012-04-16 21:05:57 -------- d-----w- C:\temp_quarantine
2012-04-16 20:12:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-16 20:11:55 -------- d-----w- C:\Users\Ben\AppData\Local\Microsoft Help
2012-04-16 19:38:57 -------- d-----w- C:\xfer
2012-04-16 19:33:43 -------- d-----w- C:\Users\Ben\AppData\Local\Adobe
2012-04-16 18:25:57 -------- d-----w- C:\Users\Ben\AppData\Local\WinZip
2012-04-16 18:00:23 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2012-04-16 18:00:07 4199768 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2012-04-16 17:59:47 -------- d-----w- C:\Program Files (x86)\Quicken
2012-04-16 17:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-04-16 17:55:46 -------- d-----w- C:\ProgramData\Intuit
2012-04-16 17:15:02 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-16 16:26:13 -------- d-----w- C:\Users\Ben\AppData\Roaming\Smith Micro
2012-04-16 16:22:05 -------- d-----w- C:\Program Files\Verizon Wireless
2012-04-16 16:22:03 -------- d-----w- C:\Program Files (x86)\Verizon Wireless
2012-04-16 16:19:48 -------- d-----w- C:\Program Files (x86)\Novatel Wireless
2012-04-16 16:19:33 -------- d-----w- C:\Windows\Downloaded Installations
2012-04-16 15:51:49 -------- d-----w- C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2012-04-16 15:51:46 -------- d-----w- C:\Users\Ben\AppData\Local\Downloaded Installations
2012-04-16 15:51:33 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-16 15:51:33 -------- d-----w- C:\Program Files\Symantec
2012-04-16 15:51:33 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-04-16 15:51:10 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-04-16 15:51:09 -------- d-----w- C:\ProgramData\Symantec
2012-04-16 15:51:09 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-04-16 15:51:08 -------- d-----w- C:\ProgramData\Norton
2012-04-16 15:48:09 -------- d-----w- C:\ProgramData\NortonInstaller
2012-04-16 15:48:09 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-04-16 14:11:28 -------- d-----w- C:\westbrook_plats
2012-04-16 14:11:27 -------- d-----w- C:\westbrook_ccrs
2012-04-16 14:11:27 -------- d-----w- C:\westbrook_blank_docs
2012-04-16 14:11:27 -------- d-----w- C:\warrensburg
2012-04-16 14:11:27 -------- d-----w- C:\vf_hoa
2012-04-16 14:11:27 -------- d-----w- C:\trips
2012-04-16 14:11:26 -------- d-----w- C:\star_choice
2012-04-16 14:11:26 -------- d-----w- C:\social_security
2012-04-16 14:11:04 -------- d-----w- C:\sdsk
2012-04-16 14:11:04 -------- d-----w- C:\route_20
2012-04-16 14:10:57 -------- d-----w- C:\roof_estimates
2012-04-16 14:10:55 -------- d-----w- C:\roof_documents
2012-04-16 14:10:54 -------- d-----w- C:\rest_areas
2012-04-16 14:10:45 -------- d-----w- C:\quikdata
2012-04-16 14:10:45 -------- d-----w- C:\project_transfer
2012-04-16 14:09:21 -------- d-----w- C:\proj_pdf
2012-04-16 14:05:53 -------- d-----w- C:\Users\Ben\AppData\Roaming\Verizon Wireless
2012-04-16 14:05:52 -------- d-----w- C:\Users\Ben\AppData\Roaming\LingvoSoft
2012-04-16 14:05:52 -------- d-----w- C:\Users\Ben\AppData\Roaming\Intuit
2012-04-16 14:05:52 -------- d-----w- C:\Users\Ben\AppData\Roaming\GARMIN
2012-04-16 14:05:52 -------- d-----w- C:\Users\Ben\AppData\Roaming\Autodesk
2012-04-16 14:05:52 -------- d-----w- C:\Users\Ben\AppData\Local\Symantec
2012-04-16 14:05:42 -------- d-----w- C:\Users\Ben\AppData\Local\Autodesk
2012-04-16 14:05:41 -------- d-----w- C:\BentleyDownloads
2012-04-16 14:05:04 -------- d-----w- C:\ADOT_V8
2012-04-16 13:55:43 -------- d-----w- C:\Users\Ben\My Backup Files
2012-04-16 13:53:43 -------- d-----w- C:\Users\Ben\AppData\Local\Best Buy pc app
2012-04-16 13:48:31 -------- d-----w- C:\Windows\SMINST
2012-04-16 07:07:22 -------- d-----w- C:\Users\Ben\AppData\Roaming\Dell
2012-04-16 07:07:20 -------- d-----w- C:\Users\Ben\AppData\Roaming\Intel
2012-04-16 07:07:17 -------- d-----w- C:\Users\Ben\AppData\Local\Apps
2012-04-16 07:07:16 -------- d-----w- C:\Users\Ben\AppData\Local\Deployment
2012-04-16 07:07:15 -------- d-----w- C:\Users\Ben\AppData\Roaming\Intel Corporation
2012-04-16 07:06:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-16 07:06:46 -------- d-----w- C:\Users\Ben\AppData\Local\VirtualStore
2012-04-16 07:06:41 -------- d-----w- C:\Users\Ben\AppData\Local\SoftThinks
2012-04-16 07:06:40 -------- d-----w- C:\Users\Ben\AppData\Local\Stardock_Corporation
2012-04-04 05:53:58 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-04-04 05:53:56 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2012-04-18 16:03:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-18 16:03:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 10:37:15.34 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 23 April 2012 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

If the Computer is running correctly I only need to see the results of the following scans.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 23 April 2012 - 11:18 AM

Bonjour nasdaq

Thank you for taking my case.

The computer has been running normally since the operating system was installed before my first post. I have had Norton360 & Malwarebytes running in the background since that time.

I followed your instructions. There was slight glitch as follows

(1) Disabled Malwarebytes per instructions
(2) Disabled Norton360 per instructions
(3) Attempted to run Combofix but got message that Norton Scanner was still running but that Combofix would proceed "at my own risk"
(4) Opened Norton from taskbar and disabled all checked functions
(5) When I clicked "X" in the Combofix box it continued to run rather than exiting and letting me restart the app
(6) Everything seemed to proceed normally from there

Here are the logs

ComboFix 12-04-23.01 - Admin 04/23/2012 8:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.6071 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 15:59 . 2012-04-23 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 03:48 . 2012-04-23 03:49 -------- d-----w- c:\programdata\Apple
2012-04-22 14:13 . 2012-04-22 14:13 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-04-22 14:13 . 2012-04-22 14:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-22 14:11 . 2012-04-22 14:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-04-22 03:19 . 2012-04-22 03:19 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-22 03:19 . 2012-04-22 03:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-21 17:32 . 2012-04-21 17:33 -------- d-----w- c:\program files (x86)\LingvoSoft
2012-04-21 05:15 . 2012-04-23 15:32 -------- d-----w- c:\users\Admin
2012-04-20 12:23 . 2012-04-20 12:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-20 12:21 . 2012-04-20 12:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-20 12:20 . 2012-04-20 12:20 -------- d-----w- c:\program files (x86)\Java
2012-04-19 16:23 . 2012-04-19 16:23 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-04-18 19:56 . 2012-04-18 19:59 -------- d-----w- c:\program files (x86)\BibleCD
2012-04-18 19:54 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-04-18 19:33 . 2012-04-18 19:33 -------- d-----w- c:\program files (x86)\Microsoft Streets & Trips 2011
2012-04-18 19:31 . 2012-04-18 19:31 -------- d-----w- c:\program files (x86)\MSECache
2012-04-18 17:34 . 2012-04-18 18:42 -------- d-----w- c:\program files (x86)\Garmin
2012-04-18 17:23 . 2012-04-18 17:23 -------- d-----w- c:\programdata\GARMIN
2012-04-18 16:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-18 16:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-18 15:56 . 2012-04-18 15:56 -------- d-----w- c:\windows\system32\SPReview
2012-04-18 15:55 . 2012-04-18 15:55 -------- d-----w- c:\windows\system32\EventProviders
2012-04-18 15:30 . 2012-04-18 15:30 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-04-18 13:33 . 2012-04-18 13:58 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-18 12:36 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2012-04-18 12:35 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-04-18 12:35 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-04-18 12:35 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-04-18 12:35 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-04-18 12:35 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-04-18 12:34 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-04-18 04:43 . 2010-06-14 20:43 345448 ----a-w- c:\windows\system32\hpinksts9311LM.dll
2012-04-18 04:43 . 2010-06-14 20:43 274792 ----a-w- c:\windows\system32\hpinkcoi9311.dll
2012-04-18 03:34 . 2012-04-23 14:45 -------- d-----w- C:\malware_detection
2012-04-17 20:40 . 2012-04-17 21:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-17 20:40 . 2012-04-17 20:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-17 19:54 . 2012-04-17 19:54 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 19:54 . 2012-04-17 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-17 19:54 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-17 19:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-17 19:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-17 19:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-17 18:52 . 2012-04-17 18:52 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-17 18:52 . 2012-04-17 18:52 -------- d-----w- c:\windows\system32\Wat
2012-04-17 18:33 . 2012-04-17 18:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-17 18:29 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-17 18:29 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-17 18:29 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-17 18:27 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 18:27 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 18:27 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 18:27 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 18:27 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 18:27 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 18:27 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-17 18:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-17 18:23 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-17 18:23 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-17 18:23 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-17 18:23 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-17 18:23 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-17 18:23 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-17 18:23 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-17 18:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-17 18:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-17 18:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-17 18:20 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-17 18:20 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-17 18:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-17 18:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-17 18:19 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-17 18:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-17 18:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-17 18:18 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-17 18:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-17 18:00 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D83665F-EDDB-4D37-96B0-C1D70BE76DB9}\mpengine.dll
2012-04-16 22:47 . 2001-08-15 17:51 573440 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaipp.dll
2012-04-16 22:47 . 2001-08-15 17:51 155648 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdapml.dll
2012-04-16 22:46 . 2012-04-16 22:49 -------- d-----w- c:\program files (x86)\Common Files\Bentley Shared
2012-04-16 22:46 . 2012-04-16 22:49 -------- d-----w- c:\program files (x86)\Bentley
2012-04-16 22:46 . 2001-09-05 12:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-16 22:46 . 2001-09-05 06:18 77824 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-16 22:46 . 2001-09-05 06:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-16 22:46 . 2001-09-05 06:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-16 22:46 . 2001-09-05 12:06 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-16 21:58 . 2012-04-16 21:58 -------- d-----w- C:\projects
2012-04-16 20:14 . 2012-04-17 19:04 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-16 20:12 . 2012-04-16 20:12 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-04-16 20:11 . 2012-04-22 14:18 -------- d-----w- c:\programdata\Microsoft Help
2012-04-16 20:11 . 2012-04-16 20:11 -------- d-----r- C:\MSOCache
2012-04-16 19:38 . 2012-04-23 14:59 -------- d-----w- C:\xfer
2012-04-16 18:25 . 2012-04-16 18:27 -------- d-----w- c:\programdata\WinZip
2012-04-16 18:00 . 2012-04-16 18:00 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2012-04-16 18:00 . 2011-03-11 00:00 4199768 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-04-16 17:59 . 2012-04-16 18:00 -------- d-----w- c:\program files (x86)\Quicken
2012-04-16 17:59 . 2012-04-16 17:59 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-16 17:55 . 2012-04-16 17:55 -------- d-----w- c:\programdata\Intuit
2012-04-16 17:15 . 2012-04-16 17:15 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-16 16:22 . 2012-04-16 16:22 -------- d-----w- c:\program files\Verizon Wireless
2012-04-16 16:22 . 2012-04-16 16:22 -------- d-----w- c:\program files (x86)\Verizon Wireless
2012-04-16 16:19 . 2012-04-16 16:19 -------- d-----w- c:\program files (x86)\Novatel Wireless
2012-04-16 16:19 . 2012-04-16 22:46 -------- d-----w- c:\windows\Downloaded Installations
2012-04-16 15:51 . 2012-04-23 03:50 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-16 15:51 . 2012-04-17 18:06 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2012-04-16 15:51 . 2012-04-17 18:05 -------- d-----w- c:\program files\Symantec
2012-04-16 15:51 . 2012-04-17 18:05 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-16 15:51 . 2012-04-16 15:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-16 15:51 . 2012-04-17 18:07 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-04-16 15:51 . 2012-04-16 23:13 -------- d-----w- c:\programdata\Symantec
2012-04-16 15:51 . 2012-04-16 15:51 -------- d-----w- c:\program files (x86)\Norton 360
2012-04-16 15:51 . 2012-04-17 18:12 -------- d-----w- c:\programdata\Norton
2012-04-16 15:48 . 2012-04-16 15:48 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-16 14:11 . 2012-04-16 14:11 -------- d-----w- C:\westbrook_plats
2012-04-16 14:11 . 2012-04-16 21:11 -------- d-----w- C:\westbrook_blank_docs
2012-04-16 14:11 . 2012-04-16 21:11 -------- d-----w- C:\trips
2012-04-16 14:11 . 2012-04-16 14:11 -------- d-----w- C:\westbrook_ccrs
2012-04-16 14:11 . 2012-04-16 14:11 -------- d-----w- C:\warrensburg
2012-04-16 14:11 . 2012-04-16 14:11 -------- d-----w- C:\vf_hoa
2012-04-16 14:11 . 2012-04-19 21:24 -------- d-----w- C:\social_security
2012-04-16 14:11 . 2012-04-16 21:11 -------- d-----w- C:\star_choice
2012-04-16 14:11 . 2012-04-16 21:11 -------- d-----w- C:\route_20
2012-04-16 14:11 . 2012-04-16 14:11 -------- d-----w- C:\sdsk
2012-04-16 14:10 . 2012-04-16 14:11 -------- d-----w- C:\roof_estimates
2012-04-16 14:10 . 2012-04-16 21:11 -------- d-----w- C:\roof_documents
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 16:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-18 16:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-17 18:10 . 2010-06-24 17:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\N360x64\0300000.087\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-03 1160824]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120420.001\IDSvia64.sys [2012-04-16 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/01/08 03:28];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 22:35 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-28 606720]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-28 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-17 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-10-03 1449984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 09:02:07
ComboFix-quarantined-files.txt 2012-04-23 16:02
.
Pre-Run: 652,168,986,624 bytes free
Post-Run: 664,237,211,648 bytes free
.
- - End Of File - - FB6DA057850079BE6A5F4F60C873E2ED


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````



Awaiting further instructions

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 23 April 2012 - 12:53 PM

The last two logs are also clean.

Any remaining issues?

#5 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 23 April 2012 - 01:43 PM

There are no remaining issues; however, I would like to restate a question:

The tdskiller log below indicates a suspicious issue (note this was run on April 21). Please refer the the next-to-the-last-two-lines in the log. Do you see a problem with what is shown in this log. Should I have selected "cure" instead of "skip"?

16:27:52.0278 3392 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
16:27:53.0417 3392 ============================================================
16:27:53.0417 3392 Current date / time: 2012/04/21 16:27:53.0417
16:27:53.0417 3392 SystemInfo:
16:27:53.0417 3392
16:27:53.0417 3392 OS Version: 6.1.7601 ServicePack: 1.0
16:27:53.0417 3392 Product type: Workstation
16:27:53.0417 3392 ComputerName: TRISTAR149
16:27:53.0417 3392 UserName: Admin
16:27:53.0417 3392 Windows directory: C:\Windows
16:27:53.0417 3392 System windows directory: C:\Windows
16:27:53.0417 3392 Running under WOW64
16:27:53.0417 3392 Processor architecture: Intel x64
16:27:53.0417 3392 Number of processors: 4
16:27:53.0417 3392 Page size: 0x1000
16:27:53.0417 3392 Boot type: Normal boot
16:27:53.0417 3392 ============================================================
16:27:53.0948 3392 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:53.0963 3392 Drive \Device\Harddisk1\DR1 - Size: 0x3D17C000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:27:53.0963 3392 \Device\Harddisk0\DR0:
16:27:53.0963 3392 MBR partitions:
16:27:53.0963 3392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
16:27:53.0963 3392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x557C76F0
16:27:53.0963 3392 \Device\Harddisk1\DR1:
16:27:53.0979 3392 MBR partitions:
16:27:53.0979 3392 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
16:27:54.0010 3392 C: <-> \Device\Harddisk0\DR0\Partition1
16:27:54.0010 3392 Initialize success
16:27:54.0010 3392 ============================================================
16:27:58.0160 5432 ============================================================
16:27:58.0160 5432 Scan started
16:27:58.0160 5432 Mode: Manual;
16:27:58.0160 5432 ============================================================
16:27:58.0940 5432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:27:58.0940 5432 1394ohci - ok
16:27:58.0971 5432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:27:58.0986 5432 ACPI - ok
16:27:59.0002 5432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:27:59.0002 5432 AcpiPmi - ok
16:27:59.0049 5432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:27:59.0064 5432 adp94xx - ok
16:27:59.0080 5432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:27:59.0080 5432 adpahci - ok
16:27:59.0127 5432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:27:59.0127 5432 adpu320 - ok
16:27:59.0158 5432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:27:59.0158 5432 AeLookupSvc - ok
16:27:59.0220 5432 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
16:27:59.0236 5432 AESTFilters - ok
16:27:59.0283 5432 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:27:59.0298 5432 AFD - ok
16:27:59.0345 5432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:27:59.0345 5432 agp440 - ok
16:27:59.0392 5432 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:27:59.0392 5432 ALG - ok
16:27:59.0408 5432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:27:59.0423 5432 aliide - ok
16:27:59.0454 5432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:27:59.0454 5432 amdide - ok
16:27:59.0501 5432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:27:59.0501 5432 AmdK8 - ok
16:27:59.0517 5432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:27:59.0517 5432 AmdPPM - ok
16:27:59.0564 5432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:27:59.0564 5432 amdsata - ok
16:27:59.0595 5432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:27:59.0595 5432 amdsbs - ok
16:27:59.0626 5432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:27:59.0626 5432 amdxata - ok
16:27:59.0657 5432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:27:59.0657 5432 AppID - ok
16:27:59.0688 5432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:27:59.0688 5432 AppIDSvc - ok
16:27:59.0720 5432 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:27:59.0720 5432 Appinfo - ok
16:27:59.0735 5432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:27:59.0735 5432 arc - ok
16:27:59.0766 5432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:27:59.0766 5432 arcsas - ok
16:27:59.0844 5432 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:27:59.0860 5432 aspnet_state - ok
16:27:59.0891 5432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:59.0891 5432 AsyncMac - ok
16:27:59.0922 5432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:27:59.0922 5432 atapi - ok
16:27:59.0969 5432 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:28:00.0000 5432 AudioEndpointBuilder - ok
16:28:00.0016 5432 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:28:00.0032 5432 AudioSrv - ok
16:28:00.0078 5432 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:28:00.0078 5432 AxInstSV - ok
16:28:00.0125 5432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:00.0125 5432 b06bdrv - ok
16:28:00.0172 5432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:00.0188 5432 b57nd60a - ok
16:28:00.0234 5432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:28:00.0234 5432 BDESVC - ok
16:28:00.0266 5432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:28:00.0266 5432 Beep - ok
16:28:00.0312 5432 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:28:00.0328 5432 BFE - ok
16:28:00.0484 5432 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
16:28:00.0500 5432 BHDrvx64 - ok
16:28:00.0546 5432 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:28:00.0562 5432 BITS - ok
16:28:00.0609 5432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:00.0624 5432 blbdrive - ok
16:28:00.0656 5432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:28:00.0656 5432 bowser - ok
16:28:00.0702 5432 bpenum (86a4289ee7663e0a51f1a523f8466ea2) C:\Windows\system32\DRIVERS\bpenum.sys
16:28:00.0702 5432 bpenum - ok
16:28:00.0734 5432 bpmp (cfaddb7733e91214f04641bca3cc1d06) C:\Windows\system32\DRIVERS\bpmp.sys
16:28:00.0734 5432 bpmp - ok
16:28:00.0765 5432 bpusb (24884464fce06814158752af782a0b18) C:\Windows\system32\Drivers\bpusb.sys
16:28:00.0765 5432 bpusb - ok
16:28:00.0796 5432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:00.0796 5432 BrFiltLo - ok
16:28:00.0812 5432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:00.0812 5432 BrFiltUp - ok
16:28:00.0858 5432 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:28:00.0858 5432 Browser - ok
16:28:00.0890 5432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:28:00.0905 5432 Brserid - ok
16:28:00.0921 5432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:00.0921 5432 BrSerWdm - ok
16:28:00.0936 5432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:00.0936 5432 BrUsbMdm - ok
16:28:00.0952 5432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:00.0952 5432 BrUsbSer - ok
16:28:01.0014 5432 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:28:01.0014 5432 BthEnum - ok
16:28:01.0030 5432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:01.0030 5432 BTHMODEM - ok
16:28:01.0077 5432 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:28:01.0077 5432 BthPan - ok
16:28:01.0124 5432 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:28:01.0139 5432 BTHPORT - ok
16:28:01.0186 5432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:28:01.0202 5432 bthserv - ok
16:28:01.0233 5432 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:28:01.0233 5432 BTHUSB - ok
16:28:01.0280 5432 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
16:28:01.0280 5432 btusbflt - ok
16:28:01.0311 5432 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
16:28:01.0326 5432 btwaudio - ok
16:28:01.0342 5432 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
16:28:01.0358 5432 btwavdt - ok
16:28:01.0404 5432 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:28:01.0436 5432 btwdins - ok
16:28:01.0451 5432 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:28:01.0451 5432 btwl2cap - ok
16:28:01.0467 5432 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
16:28:01.0482 5432 btwrchid - ok
16:28:01.0560 5432 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
16:28:01.0576 5432 ccSet_N360 - ok
16:28:01.0592 5432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:01.0592 5432 cdfs - ok
16:28:01.0638 5432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:28:01.0654 5432 cdrom - ok
16:28:01.0701 5432 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:28:01.0701 5432 CertPropSvc - ok
16:28:01.0716 5432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:28:01.0732 5432 circlass - ok
16:28:01.0763 5432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:28:01.0763 5432 CLFS - ok
16:28:01.0826 5432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:01.0826 5432 clr_optimization_v2.0.50727_32 - ok
16:28:01.0857 5432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:01.0857 5432 clr_optimization_v2.0.50727_64 - ok
16:28:02.0138 5432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:02.0169 5432 clr_optimization_v4.0.30319_32 - ok
16:28:02.0184 5432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:02.0200 5432 clr_optimization_v4.0.30319_64 - ok
16:28:02.0231 5432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:02.0247 5432 CmBatt - ok
16:28:02.0278 5432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:28:02.0278 5432 cmdide - ok
16:28:02.0325 5432 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:28:02.0340 5432 CNG - ok
16:28:02.0372 5432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:28:02.0372 5432 Compbatt - ok
16:28:02.0387 5432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:28:02.0403 5432 CompositeBus - ok
16:28:02.0418 5432 COMSysApp - ok
16:28:02.0450 5432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:02.0450 5432 crcdisk - ok
16:28:02.0496 5432 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:28:02.0496 5432 CryptSvc - ok
16:28:02.0559 5432 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:28:02.0559 5432 CtClsFlt - ok
16:28:02.0606 5432 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:28:02.0621 5432 DcomLaunch - ok
16:28:02.0637 5432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:28:02.0652 5432 defragsvc - ok
16:28:02.0684 5432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:28:02.0684 5432 DfsC - ok
16:28:02.0715 5432 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:28:02.0715 5432 Dhcp - ok
16:28:02.0746 5432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:28:02.0762 5432 discache - ok
16:28:02.0777 5432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:28:02.0777 5432 Disk - ok
16:28:02.0824 5432 DMAgent (982d487e4d2d1fcc48a97b102055ece0) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
16:28:02.0840 5432 DMAgent - ok
16:28:02.0871 5432 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:28:02.0871 5432 Dnscache - ok
16:28:02.0933 5432 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:28:02.0933 5432 DockLoginService - ok
16:28:02.0964 5432 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:28:02.0980 5432 dot3svc - ok
16:28:02.0996 5432 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:28:03.0011 5432 DPS - ok
16:28:03.0042 5432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:28:03.0058 5432 drmkaud - ok
16:28:03.0105 5432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:28:03.0105 5432 DXGKrnl - ok
16:28:03.0136 5432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:28:03.0136 5432 EapHost - ok
16:28:03.0214 5432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:28:03.0370 5432 ebdrv - ok
16:28:03.0464 5432 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:28:03.0464 5432 eeCtrl - ok
16:28:03.0526 5432 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:28:03.0526 5432 EFS - ok
16:28:03.0588 5432 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:28:03.0604 5432 ehRecvr - ok
16:28:03.0620 5432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:28:03.0620 5432 ehSched - ok
16:28:03.0682 5432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:28:03.0698 5432 elxstor - ok
16:28:03.0760 5432 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:28:03.0760 5432 EraserUtilRebootDrv - ok
16:28:03.0807 5432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:28:03.0807 5432 ErrDev - ok
16:28:03.0854 5432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:28:03.0869 5432 EventSystem - ok
16:28:03.0978 5432 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:28:03.0994 5432 EvtEng - ok
16:28:04.0072 5432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:28:04.0072 5432 exfat - ok
16:28:04.0103 5432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:28:04.0103 5432 fastfat - ok
16:28:04.0150 5432 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:28:04.0166 5432 Fax - ok
16:28:04.0181 5432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:28:04.0181 5432 fdc - ok
16:28:04.0228 5432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:28:04.0228 5432 fdPHost - ok
16:28:04.0244 5432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:28:04.0244 5432 FDResPub - ok
16:28:04.0259 5432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:28:04.0275 5432 FileInfo - ok
16:28:04.0275 5432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:28:04.0275 5432 Filetrace - ok
16:28:04.0306 5432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:04.0306 5432 flpydisk - ok
16:28:04.0337 5432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:28:04.0353 5432 FltMgr - ok
16:28:04.0384 5432 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:28:04.0400 5432 FontCache - ok
16:28:04.0478 5432 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:04.0478 5432 FontCache3.0.0.0 - ok
16:28:04.0509 5432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:28:04.0509 5432 FsDepends - ok
16:28:04.0556 5432 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:28:04.0556 5432 Fs_Rec - ok
16:28:04.0587 5432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:28:04.0587 5432 fvevol - ok
16:28:04.0618 5432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:04.0618 5432 gagp30kx - ok
16:28:04.0712 5432 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:28:04.0712 5432 GoToAssist - ok
16:28:04.0758 5432 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:28:04.0774 5432 gpsvc - ok
16:28:04.0821 5432 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
16:28:04.0821 5432 grmnusb - ok
16:28:04.0852 5432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:28:04.0852 5432 hcw85cir - ok
16:28:04.0914 5432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:28:04.0914 5432 HdAudAddService - ok
16:28:04.0946 5432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:28:04.0946 5432 HDAudBus - ok
16:28:04.0977 5432 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:28:04.0977 5432 HECIx64 - ok
16:28:04.0992 5432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:05.0008 5432 HidBatt - ok
16:28:05.0008 5432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:28:05.0008 5432 HidBth - ok
16:28:05.0039 5432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:28:05.0039 5432 HidIr - ok
16:28:05.0070 5432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:28:05.0070 5432 hidserv - ok
16:28:05.0117 5432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:28:05.0117 5432 HidUsb - ok
16:28:05.0148 5432 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:28:05.0148 5432 hkmsvc - ok
16:28:05.0195 5432 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:28:05.0195 5432 HomeGroupListener - ok
16:28:05.0226 5432 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:28:05.0226 5432 HomeGroupProvider - ok
16:28:05.0258 5432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:28:05.0258 5432 HpSAMD - ok
16:28:05.0289 5432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:28:05.0304 5432 HTTP - ok
16:28:05.0320 5432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:28:05.0320 5432 hwpolicy - ok
16:28:05.0351 5432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:28:05.0367 5432 i8042prt - ok
16:28:05.0414 5432 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
16:28:05.0414 5432 iaStor - ok
16:28:05.0492 5432 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:28:05.0492 5432 IAStorDataMgrSvc - ok
16:28:05.0554 5432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:28:05.0570 5432 iaStorV - ok
16:28:05.0648 5432 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:28:05.0648 5432 IDriverT - ok
16:28:05.0726 5432 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:05.0741 5432 idsvc - ok
16:28:05.0897 5432 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120420.001\IDSvia64.sys
16:28:05.0913 5432 IDSVia64 - ok
16:28:06.0131 5432 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:06.0303 5432 igfx - ok
16:28:06.0365 5432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:28:06.0365 5432 iirsp - ok
16:28:06.0412 5432 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:28:06.0428 5432 IKEEXT - ok
16:28:06.0443 5432 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
16:28:06.0459 5432 Impcd - ok
16:28:06.0490 5432 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:28:06.0490 5432 IntcDAud - ok
16:28:06.0521 5432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:28:06.0521 5432 intelide - ok
16:28:06.0552 5432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:28:06.0552 5432 intelppm - ok
16:28:06.0599 5432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:28:06.0599 5432 IPBusEnum - ok
16:28:06.0630 5432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:06.0630 5432 IpFilterDriver - ok
16:28:06.0662 5432 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:28:06.0677 5432 iphlpsvc - ok
16:28:06.0740 5432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:28:06.0740 5432 IPMIDRV - ok
16:28:06.0786 5432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:28:06.0786 5432 IPNAT - ok
16:28:06.0818 5432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:28:06.0833 5432 IRENUM - ok
16:28:06.0849 5432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:28:06.0864 5432 isapnp - ok
16:28:06.0896 5432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:28:06.0911 5432 iScsiPrt - ok
16:28:06.0927 5432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:28:06.0927 5432 kbdclass - ok
16:28:06.0958 5432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:28:06.0958 5432 kbdhid - ok
16:28:07.0005 5432 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:07.0005 5432 KeyIso - ok
16:28:07.0020 5432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:28:07.0020 5432 KSecDD - ok
16:28:07.0052 5432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:28:07.0052 5432 KSecPkg - ok
16:28:07.0067 5432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:28:07.0067 5432 ksthunk - ok
16:28:07.0098 5432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:28:07.0114 5432 KtmRm - ok
16:28:07.0161 5432 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:28:07.0176 5432 LanmanServer - ok
16:28:07.0208 5432 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:28:07.0208 5432 LanmanWorkstation - ok
16:28:07.0270 5432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:28:07.0270 5432 lltdio - ok
16:28:07.0301 5432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:28:07.0317 5432 lltdsvc - ok
16:28:07.0332 5432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:28:07.0332 5432 lmhosts - ok
16:28:07.0410 5432 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:28:07.0410 5432 LMS - ok
16:28:07.0473 5432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:07.0473 5432 LSI_FC - ok
16:28:07.0488 5432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:07.0488 5432 LSI_SAS - ok
16:28:07.0520 5432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:07.0520 5432 LSI_SAS2 - ok
16:28:07.0551 5432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:07.0551 5432 LSI_SCSI - ok
16:28:07.0582 5432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:28:07.0582 5432 luafv - ok
16:28:07.0629 5432 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:28:07.0629 5432 MBAMProtector - ok
16:28:07.0691 5432 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:28:07.0707 5432 MBAMService - ok
16:28:07.0769 5432 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:28:07.0769 5432 Mcx2Svc - ok
16:28:07.0816 5432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:28:07.0816 5432 megasas - ok
16:28:07.0832 5432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:07.0847 5432 MegaSR - ok
16:28:07.0878 5432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:28:07.0878 5432 MMCSS - ok
16:28:07.0894 5432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:28:07.0894 5432 Modem - ok
16:28:07.0910 5432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:28:07.0910 5432 monitor - ok
16:28:07.0956 5432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:28:07.0956 5432 mouclass - ok
16:28:07.0972 5432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:28:07.0972 5432 mouhid - ok
16:28:08.0019 5432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:28:08.0019 5432 mountmgr - ok
16:28:08.0050 5432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:28:08.0050 5432 mpio - ok
16:28:08.0066 5432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:28:08.0066 5432 mpsdrv - ok
16:28:08.0097 5432 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:28:08.0112 5432 MpsSvc - ok
16:28:08.0144 5432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:28:08.0144 5432 MRxDAV - ok
16:28:08.0175 5432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:08.0175 5432 mrxsmb - ok
16:28:08.0206 5432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:08.0206 5432 mrxsmb10 - ok
16:28:08.0237 5432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:08.0237 5432 mrxsmb20 - ok
16:28:08.0253 5432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:28:08.0253 5432 msahci - ok
16:28:08.0300 5432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:28:08.0300 5432 msdsm - ok
16:28:08.0346 5432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:28:08.0346 5432 MSDTC - ok
16:28:08.0378 5432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:28:08.0393 5432 Msfs - ok
16:28:08.0424 5432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:28:08.0424 5432 mshidkmdf - ok
16:28:08.0440 5432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:28:08.0440 5432 msisadrv - ok
16:28:08.0471 5432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:28:08.0487 5432 MSiSCSI - ok
16:28:08.0487 5432 msiserver - ok
16:28:08.0534 5432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:28:08.0534 5432 MSKSSRV - ok
16:28:08.0565 5432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:08.0565 5432 MSPCLOCK - ok
16:28:08.0580 5432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:28:08.0580 5432 MSPQM - ok
16:28:08.0627 5432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:28:08.0627 5432 MsRPC - ok
16:28:08.0674 5432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:28:08.0674 5432 mssmbios - ok
16:28:08.0690 5432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:28:08.0690 5432 MSTEE - ok
16:28:08.0705 5432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:08.0705 5432 MTConfig - ok
16:28:08.0736 5432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:28:08.0736 5432 Mup - ok
16:28:08.0814 5432 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:28:08.0830 5432 MyWiFiDHCPDNS - ok
16:28:08.0892 5432 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
16:28:08.0908 5432 N360 - ok
16:28:08.0939 5432 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:28:08.0955 5432 napagent - ok
16:28:09.0002 5432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:28:09.0002 5432 NativeWifiP - ok
16:28:09.0142 5432 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120420.032\ENG64.SYS
16:28:09.0142 5432 NAVENG - ok
16:28:09.0236 5432 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120420.032\EX64.SYS
16:28:09.0251 5432 NAVEX15 - ok
16:28:09.0345 5432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:28:09.0360 5432 NDIS - ok
16:28:09.0392 5432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:09.0392 5432 NdisCap - ok
16:28:09.0423 5432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:09.0423 5432 NdisTapi - ok
16:28:09.0470 5432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:09.0470 5432 Ndisuio - ok
16:28:09.0501 5432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:09.0501 5432 NdisWan - ok
16:28:09.0516 5432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:28:09.0516 5432 NDProxy - ok
16:28:09.0548 5432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:28:09.0548 5432 NetBIOS - ok
16:28:09.0579 5432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:28:09.0594 5432 NetBT - ok
16:28:09.0626 5432 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:09.0626 5432 Netlogon - ok
16:28:09.0657 5432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:28:09.0672 5432 Netman - ok
16:28:09.0750 5432 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:09.0750 5432 NetMsmqActivator - ok
16:28:09.0766 5432 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:09.0766 5432 NetPipeActivator - ok
16:28:09.0797 5432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:28:09.0813 5432 netprofm - ok
16:28:09.0813 5432 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:09.0828 5432 NetTcpActivator - ok
16:28:09.0828 5432 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:09.0828 5432 NetTcpPortSharing - ok
16:28:09.0984 5432 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:28:10.0109 5432 NETw5s64 - ok
16:28:10.0156 5432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:10.0156 5432 nfrd960 - ok
16:28:10.0203 5432 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:28:10.0218 5432 NlaSvc - ok
16:28:10.0234 5432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:28:10.0234 5432 Npfs - ok
16:28:10.0265 5432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:28:10.0265 5432 nsi - ok
16:28:10.0281 5432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:28:10.0281 5432 nsiproxy - ok
16:28:10.0328 5432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:28:10.0359 5432 Ntfs - ok
16:28:10.0390 5432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:28:10.0390 5432 Null - ok
16:28:10.0437 5432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:28:10.0437 5432 nvraid - ok
16:28:10.0468 5432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:28:10.0468 5432 nvstor - ok
16:28:10.0530 5432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:28:10.0530 5432 nv_agp - ok
16:28:10.0562 5432 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys
16:28:10.0562 5432 NWADI - ok
16:28:10.0624 5432 NWUSBCDFIL64 (de3abd010d9734cd4ad4e0ba81f50b63) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
16:28:10.0624 5432 NWUSBCDFIL64 - ok
16:28:10.0671 5432 NWUSBModem (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbmdm.sys
16:28:10.0671 5432 NWUSBModem - ok
16:28:10.0702 5432 NWUSBPort (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser.sys
16:28:10.0702 5432 NWUSBPort - ok
16:28:10.0718 5432 NWUSBPort2 (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser2.sys
16:28:10.0733 5432 NWUSBPort2 - ok
16:28:10.0749 5432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:28:10.0749 5432 ohci1394 - ok
16:28:10.0811 5432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:10.0827 5432 ose - ok
16:28:10.0983 5432 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:28:11.0014 5432 osppsvc - ok
16:28:11.0076 5432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:28:11.0076 5432 p2pimsvc - ok
16:28:11.0108 5432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:28:11.0108 5432 p2psvc - ok
16:28:11.0154 5432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:28:11.0154 5432 Parport - ok
16:28:11.0201 5432 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:28:11.0201 5432 partmgr - ok
16:28:11.0217 5432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:28:11.0217 5432 PcaSvc - ok
16:28:11.0248 5432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:28:11.0248 5432 pci - ok
16:28:11.0295 5432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:28:11.0295 5432 pciide - ok
16:28:11.0326 5432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:11.0326 5432 pcmcia - ok
16:28:11.0357 5432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:28:11.0357 5432 pcw - ok
16:28:11.0373 5432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:28:11.0388 5432 PEAUTH - ok
16:28:11.0451 5432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:28:11.0451 5432 PerfHost - ok
16:28:11.0498 5432 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:28:11.0529 5432 pla - ok
16:28:11.0591 5432 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:28:11.0591 5432 PlugPlay - ok
16:28:11.0622 5432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:28:11.0622 5432 PNRPAutoReg - ok
16:28:11.0654 5432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:28:11.0654 5432 PNRPsvc - ok
16:28:11.0685 5432 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:28:11.0700 5432 PolicyAgent - ok
16:28:11.0732 5432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:28:11.0747 5432 Power - ok
16:28:11.0794 5432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:28:11.0794 5432 PptpMiniport - ok
16:28:11.0825 5432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:28:11.0825 5432 Processor - ok
16:28:11.0856 5432 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:28:11.0856 5432 ProfSvc - ok
16:28:11.0888 5432 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:11.0888 5432 ProtectedStorage - ok
16:28:11.0919 5432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:28:11.0934 5432 Psched - ok
16:28:11.0950 5432 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:28:11.0966 5432 PxHlpa64 - ok
16:28:12.0028 5432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:28:12.0059 5432 ql2300 - ok
16:28:12.0090 5432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:12.0106 5432 ql40xx - ok
16:28:12.0137 5432 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:28:12.0153 5432 QWAVE - ok
16:28:12.0168 5432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:28:12.0168 5432 QWAVEdrv - ok
16:28:12.0184 5432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:28:12.0184 5432 RasAcd - ok
16:28:12.0200 5432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:12.0200 5432 RasAgileVpn - ok
16:28:12.0215 5432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:28:12.0231 5432 RasAuto - ok
16:28:12.0262 5432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:12.0262 5432 Rasl2tp - ok
16:28:12.0293 5432 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:28:12.0309 5432 RasMan - ok
16:28:12.0324 5432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:12.0324 5432 RasPppoe - ok
16:28:12.0340 5432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:28:12.0340 5432 RasSstp - ok
16:28:12.0387 5432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:28:12.0387 5432 rdbss - ok
16:28:12.0402 5432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:12.0402 5432 rdpbus - ok
16:28:12.0434 5432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:12.0434 5432 RDPCDD - ok
16:28:12.0465 5432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:28:12.0465 5432 RDPENCDD - ok
16:28:12.0480 5432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:28:12.0496 5432 RDPREFMP - ok
16:28:12.0512 5432 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:28:12.0527 5432 RDPWD - ok
16:28:12.0558 5432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:28:12.0574 5432 rdyboost - ok
16:28:12.0652 5432 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:28:12.0652 5432 RegSrvc - ok
16:28:12.0699 5432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:28:12.0699 5432 RemoteAccess - ok
16:28:12.0730 5432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:28:12.0746 5432 RemoteRegistry - ok
16:28:12.0792 5432 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:28:12.0808 5432 RFCOMM - ok
16:28:12.0824 5432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:28:12.0824 5432 RpcEptMapper - ok
16:28:12.0855 5432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:28:12.0870 5432 RpcLocator - ok
16:28:12.0902 5432 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:28:12.0902 5432 RpcSs - ok
16:28:12.0933 5432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:28:12.0933 5432 rspndr - ok
16:28:12.0980 5432 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
16:28:12.0980 5432 RSUSBSTOR - ok
16:28:13.0011 5432 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:28:13.0011 5432 RTL8167 - ok
16:28:13.0042 5432 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:13.0042 5432 SamSs - ok
16:28:13.0089 5432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:28:13.0089 5432 sbp2port - ok
16:28:13.0167 5432 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:28:13.0182 5432 SBSDWSCService - ok
16:28:13.0198 5432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:28:13.0214 5432 SCardSvr - ok
16:28:13.0245 5432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:28:13.0245 5432 scfilter - ok
16:28:13.0276 5432 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:28:13.0292 5432 Schedule - ok
16:28:13.0323 5432 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:28:13.0323 5432 SCPolicySvc - ok
16:28:13.0354 5432 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:28:13.0370 5432 SDRSVC - ok
16:28:13.0401 5432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:28:13.0401 5432 secdrv - ok
16:28:13.0432 5432 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:28:13.0432 5432 seclogon - ok
16:28:13.0463 5432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:28:13.0463 5432 SENS - ok
16:28:13.0479 5432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:28:13.0479 5432 SensrSvc - ok
16:28:13.0510 5432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:28:13.0510 5432 Serenum - ok
16:28:13.0526 5432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:28:13.0526 5432 Serial - ok
16:28:13.0588 5432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:28:13.0588 5432 sermouse - ok
16:28:13.0635 5432 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:28:13.0650 5432 SessionEnv - ok
16:28:13.0666 5432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:28:13.0682 5432 sffdisk - ok
16:28:13.0682 5432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:28:13.0682 5432 sffp_mmc - ok
16:28:13.0697 5432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:28:13.0697 5432 sffp_sd - ok
16:28:13.0713 5432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:13.0728 5432 sfloppy - ok
16:28:13.0806 5432 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:28:13.0806 5432 SftService - ok
16:28:13.0838 5432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:28:13.0853 5432 SharedAccess - ok
16:28:13.0884 5432 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:28:13.0884 5432 ShellHWDetection - ok
16:28:13.0947 5432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:13.0947 5432 SiSRaid2 - ok
16:28:13.0962 5432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:13.0962 5432 SiSRaid4 - ok
16:28:13.0978 5432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:28:13.0978 5432 Smb - ok
16:28:14.0040 5432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:28:14.0040 5432 SNMPTRAP - ok
16:28:14.0072 5432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:28:14.0072 5432 spldr - ok
16:28:14.0103 5432 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:28:14.0103 5432 Spooler - ok
16:28:14.0181 5432 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:28:14.0259 5432 sppsvc - ok
16:28:14.0274 5432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:28:14.0274 5432 sppuinotify - ok
16:28:14.0368 5432 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
16:28:14.0368 5432 SRTSP - ok
16:28:14.0384 5432 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
16:28:14.0384 5432 SRTSPX - ok
16:28:14.0446 5432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:28:14.0446 5432 srv - ok
16:28:14.0477 5432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:28:14.0477 5432 srv2 - ok
16:28:14.0493 5432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:28:14.0508 5432 srvnet - ok
16:28:14.0555 5432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:28:14.0555 5432 SSDPSRV - ok
16:28:14.0571 5432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:28:14.0571 5432 SstpSvc - ok
16:28:14.0618 5432 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
16:28:14.0633 5432 STacSV - ok
16:28:14.0649 5432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:28:14.0649 5432 stexstor - ok
16:28:14.0696 5432 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
16:28:14.0711 5432 STHDA - ok
16:28:14.0742 5432 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:28:14.0758 5432 stisvc - ok
16:28:14.0789 5432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:28:14.0789 5432 swenum - ok
16:28:14.0820 5432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:28:14.0836 5432 swprv - ok
16:28:14.0898 5432 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
16:28:14.0914 5432 SymDS - ok
16:28:14.0961 5432 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
16:28:14.0976 5432 SymEFA - ok
16:28:15.0008 5432 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:28:15.0008 5432 SymEvent - ok
16:28:15.0039 5432 SYMFW - ok
16:28:15.0070 5432 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
16:28:15.0070 5432 SymIRON - ok
16:28:15.0086 5432 SYMNDISV - ok
16:28:15.0132 5432 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS
16:28:15.0148 5432 SymNetS - ok
16:28:15.0179 5432 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
16:28:15.0195 5432 SynTP - ok
16:28:15.0257 5432 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:28:15.0288 5432 SysMain - ok
16:28:15.0320 5432 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:28:15.0320 5432 TabletInputService - ok
16:28:15.0335 5432 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:28:15.0351 5432 TapiSrv - ok
16:28:15.0382 5432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:28:15.0382 5432 TBS - ok
16:28:15.0444 5432 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:28:15.0476 5432 Tcpip - ok
16:28:15.0538 5432 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:28:15.0554 5432 TCPIP6 - ok
16:28:15.0600 5432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:28:15.0600 5432 tcpipreg - ok
16:28:15.0632 5432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:28:15.0632 5432 TDPIPE - ok
16:28:15.0678 5432 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:28:15.0678 5432 TDTCP - ok
16:28:15.0694 5432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:28:15.0710 5432 tdx - ok
16:28:15.0741 5432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:28:15.0741 5432 TermDD - ok
16:28:15.0772 5432 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:28:15.0788 5432 TermService - ok
16:28:15.0819 5432 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:28:15.0819 5432 Themes - ok
16:28:15.0850 5432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:28:15.0850 5432 THREADORDER - ok
16:28:15.0850 5432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:28:15.0866 5432 TrkWks - ok
16:28:15.0897 5432 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:28:15.0897 5432 TrustedInstaller - ok
16:28:15.0928 5432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:15.0944 5432 tssecsrv - ok
16:28:15.0975 5432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:28:15.0975 5432 TsUsbFlt - ok
16:28:16.0022 5432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:28:16.0037 5432 tunnel - ok
16:28:16.0053 5432 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:28:16.0068 5432 TurboB - ok
16:28:16.0100 5432 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:28:16.0100 5432 TurboBoost - ok
16:28:16.0146 5432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:28:16.0162 5432 uagp35 - ok
16:28:16.0193 5432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:28:16.0193 5432 udfs - ok
16:28:16.0224 5432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:28:16.0240 5432 UI0Detect - ok
16:28:16.0271 5432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:28:16.0287 5432 uliagpkx - ok
16:28:16.0302 5432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:28:16.0318 5432 umbus - ok
16:28:16.0349 5432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:28:16.0349 5432 UmPass - ok
16:28:16.0474 5432 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:28:16.0505 5432 UNS - ok
16:28:16.0568 5432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:28:16.0583 5432 upnphost - ok
16:28:16.0614 5432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:16.0614 5432 usbccgp - ok
16:28:16.0646 5432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:28:16.0646 5432 usbcir - ok
16:28:16.0677 5432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:28:16.0692 5432 usbehci - ok
16:28:16.0724 5432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:28:16.0724 5432 usbhub - ok
16:28:16.0770 5432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:28:16.0770 5432 usbohci - ok
16:28:16.0802 5432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:28:16.0817 5432 usbprint - ok
16:28:16.0833 5432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:16.0848 5432 USBSTOR - ok
16:28:16.0848 5432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:28:16.0864 5432 usbuhci - ok
16:28:16.0895 5432 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:28:16.0895 5432 usbvideo - ok
16:28:16.0926 5432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:28:16.0926 5432 UxSms - ok
16:28:16.0958 5432 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:16.0958 5432 VaultSvc - ok
16:28:16.0989 5432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:28:16.0989 5432 vdrvroot - ok
16:28:17.0020 5432 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:28:17.0036 5432 vds - ok
16:28:17.0067 5432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:17.0067 5432 vga - ok
16:28:17.0082 5432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:28:17.0082 5432 VgaSave - ok
16:28:17.0129 5432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:28:17.0129 5432 vhdmp - ok
16:28:17.0160 5432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:28:17.0160 5432 viaide - ok
16:28:17.0223 5432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:28:17.0223 5432 volmgr - ok
16:28:17.0270 5432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:28:17.0270 5432 volmgrx - ok
16:28:17.0301 5432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:28:17.0301 5432 volsnap - ok
16:28:17.0348 5432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:17.0363 5432 vsmraid - ok
16:28:17.0410 5432 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:28:17.0441 5432 VSS - ok
16:28:17.0488 5432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:28:17.0488 5432 vwifibus - ok
16:28:17.0504 5432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:17.0504 5432 vwififlt - ok
16:28:17.0519 5432 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:17.0519 5432 vwifimp - ok
16:28:17.0566 5432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:28:17.0582 5432 W32Time - ok
16:28:17.0613 5432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:28:17.0613 5432 WacomPen - ok
16:28:17.0644 5432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:17.0660 5432 WANARP - ok
16:28:17.0660 5432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:28:17.0660 5432 Wanarpv6 - ok
16:28:17.0738 5432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:28:17.0769 5432 WatAdminSvc - ok
16:28:17.0831 5432 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:28:17.0878 5432 wbengine - ok
16:28:17.0909 5432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:28:17.0909 5432 WbioSrvc - ok
16:28:17.0940 5432 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:28:17.0940 5432 wcncsvc - ok
16:28:17.0956 5432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:28:17.0972 5432 WcsPlugInService - ok
16:28:18.0018 5432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:28:18.0018 5432 Wd - ok
16:28:18.0050 5432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:28:18.0065 5432 Wdf01000 - ok
16:28:18.0081 5432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:28:18.0081 5432 WdiServiceHost - ok
16:28:18.0096 5432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:28:18.0096 5432 WdiSystemHost - ok
16:28:18.0128 5432 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:28:18.0143 5432 WebClient - ok
16:28:18.0159 5432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:28:18.0174 5432 Wecsvc - ok
16:28:18.0174 5432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:28:18.0174 5432 wercplsupport - ok
16:28:18.0206 5432 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:28:18.0206 5432 WerSvc - ok
16:28:18.0268 5432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:18.0268 5432 WfpLwf - ok
16:28:18.0346 5432 WiMAXAppSrv (221780b6c152fb24881638defeff4305) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
16:28:18.0346 5432 WiMAXAppSrv - ok
16:28:18.0393 5432 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:28:18.0408 5432 WimFltr - ok
16:28:18.0424 5432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:28:18.0424 5432 WIMMount - ok
16:28:18.0471 5432 WinDefend - ok
16:28:18.0471 5432 WinHttpAutoProxySvc - ok
16:28:18.0518 5432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:28:18.0533 5432 Winmgmt - ok
16:28:18.0596 5432 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:28:18.0627 5432 WinRM - ok
16:28:18.0689 5432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:28:18.0705 5432 Wlansvc - ok
16:28:18.0767 5432 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:28:18.0783 5432 wlcrasvc - ok
16:28:18.0861 5432 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:28:18.0892 5432 wlidsvc - ok
16:28:18.0954 5432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:28:18.0954 5432 WmiAcpi - ok
16:28:19.0001 5432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:28:19.0001 5432 wmiApSrv - ok
16:28:19.0048 5432 WMPNetworkSvc - ok
16:28:19.0079 5432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:28:19.0095 5432 WPCSvc - ok
16:28:19.0126 5432 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:28:19.0126 5432 WPDBusEnum - ok
16:28:19.0157 5432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:28:19.0173 5432 ws2ifsl - ok
16:28:19.0188 5432 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:28:19.0188 5432 wscsvc - ok
16:28:19.0204 5432 WSearch - ok
16:28:19.0282 5432 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:28:19.0313 5432 wuauserv - ok
16:28:19.0344 5432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:28:19.0360 5432 WudfPf - ok
16:28:19.0391 5432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:19.0391 5432 WUDFRd - ok
16:28:19.0407 5432 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:28:19.0407 5432 wudfsvc - ok
16:28:19.0438 5432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:28:19.0454 5432 WwanSvc - ok
16:28:19.0500 5432 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:28:19.0516 5432 yukonw7 - ok
16:28:19.0563 5432 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
16:28:19.0563 5432 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
16:28:19.0625 5432 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
16:28:19.0688 5432 \Device\Harddisk0\DR0 - ok
16:28:19.0703 5432 MBR (0x1B8) (9b4f3db6e31857f19ff5a6b6e45a620e) \Device\Harddisk1\DR1
16:28:19.0703 5432 \Device\Harddisk1\DR1 - ok
16:28:19.0719 5432 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
16:28:19.0719 5432 \Device\Harddisk0\DR0\Partition0 - ok
16:28:19.0734 5432 Boot (0x1200) (02d3c531ac736f85f2d45f0e1fd3f66f) \Device\Harddisk0\DR0\Partition1
16:28:19.0734 5432 \Device\Harddisk0\DR0\Partition1 - ok
16:28:19.0734 5432 Boot (0x1200) (982f93dd7b3fddd13e2a35540f87dfba) \Device\Harddisk1\DR1\Partition0
16:28:19.0750 5432 \Device\Harddisk1\DR1\Partition0 - ok
16:28:19.0750 5432 ============================================================
16:28:19.0750 5432 Scan finished
16:28:19.0750 5432 ============================================================
16:28:19.0750 4860 Detected object count: 0
16:28:19.0750 4860 Actual detected object count: 0
16:28:30.0436 3656 ============================================================
16:28:30.0436 3656 Scan started
16:28:30.0436 3656 Mode: Manual; SigCheck; TDLFS;
16:28:30.0436 3656 ============================================================
16:28:30.0670 3656 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:28:30.0795 3656 1394ohci - ok
16:28:30.0842 3656 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:28:30.0888 3656 ACPI - ok
16:28:30.0920 3656 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:28:31.0013 3656 AcpiPmi - ok
16:28:31.0044 3656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:31.0060 3656 adp94xx - ok
16:28:31.0076 3656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:28:31.0091 3656 adpahci - ok
16:28:31.0107 3656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:28:31.0122 3656 adpu320 - ok
16:28:31.0138 3656 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:28:31.0263 3656 AeLookupSvc - ok
16:28:31.0294 3656 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
16:28:31.0356 3656 AESTFilters - ok
16:28:31.0419 3656 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:28:31.0466 3656 AFD - ok
16:28:31.0512 3656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:28:31.0528 3656 agp440 - ok
16:28:31.0575 3656 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:28:31.0622 3656 ALG - ok
16:28:31.0653 3656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:28:31.0668 3656 aliide - ok
16:28:31.0684 3656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:28:31.0715 3656 amdide - ok
16:28:31.0746 3656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:28:31.0809 3656 AmdK8 - ok
16:28:31.0824 3656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:28:31.0871 3656 AmdPPM - ok
16:28:31.0918 3656 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:28:31.0934 3656 amdsata - ok
16:28:31.0949 3656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:31.0965 3656 amdsbs - ok
16:28:31.0980 3656 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:28:31.0996 3656 amdxata - ok
16:28:32.0027 3656 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:28:32.0168 3656 AppID - ok
16:28:32.0199 3656 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:28:32.0277 3656 AppIDSvc - ok
16:28:32.0308 3656 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:28:32.0370 3656 Appinfo - ok
16:28:32.0417 3656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:28:32.0433 3656 arc - ok
16:28:32.0448 3656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:28:32.0464 3656 arcsas - ok
16:28:32.0526 3656 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:28:32.0558 3656 aspnet_state - ok
16:28:32.0573 3656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:32.0651 3656 AsyncMac - ok
16:28:32.0682 3656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:28:32.0682 3656 atapi - ok
16:28:32.0714 3656 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:28:32.0807 3656 AudioEndpointBuilder - ok
16:28:32.0854 3656 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:28:32.0885 3656 AudioSrv - ok
16:28:32.0916 3656 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:28:33.0026 3656 AxInstSV - ok
16:28:33.0088 3656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:33.0135 3656 b06bdrv - ok
16:28:33.0166 3656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:33.0213 3656 b57nd60a - ok
16:28:33.0244 3656 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:28:33.0275 3656 BDESVC - ok
16:28:33.0322 3656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:28:33.0400 3656 Beep - ok
16:28:33.0447 3656 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:28:33.0525 3656 BFE - ok
16:28:33.0665 3656 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
16:28:33.0712 3656 BHDrvx64 - ok
16:28:33.0774 3656 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:28:33.0837 3656 BITS - ok
16:28:33.0884 3656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:33.0915 3656 blbdrive - ok
16:28:33.0946 3656 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:28:33.0993 3656 bowser - ok
16:28:34.0024 3656 bpenum (86a4289ee7663e0a51f1a523f8466ea2) C:\Windows\system32\DRIVERS\bpenum.sys
16:28:34.0071 3656 bpenum - ok
16:28:34.0102 3656 bpmp (cfaddb7733e91214f04641bca3cc1d06) C:\Windows\system32\DRIVERS\bpmp.sys
16:28:34.0133 3656 bpmp - ok
16:28:34.0149 3656 bpusb (24884464fce06814158752af782a0b18) C:\Windows\system32\Drivers\bpusb.sys
16:28:34.0196 3656 bpusb - ok
16:28:34.0227 3656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:34.0305 3656 BrFiltLo - ok
16:28:34.0305 3656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:34.0336 3656 BrFiltUp - ok
16:28:34.0367 3656 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:28:34.0445 3656 Browser - ok
16:28:34.0461 3656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:28:34.0523 3656 Brserid - ok
16:28:34.0539 3656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:34.0554 3656 BrSerWdm - ok
16:28:34.0570 3656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:34.0586 3656 BrUsbMdm - ok
16:28:34.0601 3656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:34.0617 3656 BrUsbSer - ok
16:28:34.0648 3656 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:28:34.0710 3656 BthEnum - ok
16:28:34.0742 3656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:34.0773 3656 BTHMODEM - ok
16:28:34.0788 3656 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:28:34.0804 3656 BthPan - ok
16:28:34.0851 3656 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:28:34.0866 3656 BTHPORT - ok
16:28:34.0913 3656 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:28:34.0960 3656 bthserv - ok
16:28:35.0007 3656 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:28:35.0038 3656 BTHUSB - ok
16:28:35.0069 3656 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
16:28:35.0085 3656 btusbflt - ok
16:28:35.0132 3656 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
16:28:35.0147 3656 btwaudio - ok
16:28:35.0163 3656 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
16:28:35.0178 3656 btwavdt - ok
16:28:35.0241 3656 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:28:35.0272 3656 btwdins - ok
16:28:35.0288 3656 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:28:35.0303 3656 btwl2cap - ok
16:28:35.0334 3656 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
16:28:35.0350 3656 btwrchid - ok
16:28:35.0412 3656 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
16:28:35.0444 3656 ccSet_N360 - ok
16:28:35.0459 3656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:35.0522 3656 cdfs - ok
16:28:35.0553 3656 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:28:35.0600 3656 cdrom - ok
16:28:35.0615 3656 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:28:35.0662 3656 CertPropSvc - ok
16:28:35.0693 3656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:28:35.0724 3656 circlass - ok
16:28:35.0756 3656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:28:35.0771 3656 CLFS - ok
16:28:35.0818 3656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:35.0834 3656 clr_optimization_v2.0.50727_32 - ok
16:28:35.0865 3656 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:35.0880 3656 clr_optimization_v2.0.50727_64 - ok
16:28:35.0927 3656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:35.0943 3656 clr_optimization_v4.0.30319_32 - ok
16:28:35.0974 3656 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:35.0974 3656 clr_optimization_v4.0.30319_64 - ok
16:28:36.0021 3656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:36.0052 3656 CmBatt - ok
16:28:36.0083 3656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:28:36.0099 3656 cmdide - ok
16:28:36.0130 3656 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:28:36.0161 3656 CNG - ok
16:28:36.0177 3656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:28:36.0192 3656 Compbatt - ok
16:28:36.0208 3656 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:28:36.0239 3656 CompositeBus - ok
16:28:36.0239 3656 COMSysApp - ok
16:28:36.0255 3656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:36.0270 3656 crcdisk - ok
16:28:36.0302 3656 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:28:36.0364 3656 CryptSvc - ok
16:28:36.0380 3656 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:28:36.0411 3656 CtClsFlt - ok
16:28:36.0442 3656 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:28:36.0520 3656 DcomLaunch - ok
16:28:36.0551 3656 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:28:36.0614 3656 defragsvc - ok
16:28:36.0660 3656 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:28:36.0723 3656 DfsC - ok
16:28:36.0754 3656 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:28:36.0816 3656 Dhcp - ok
16:28:36.0848 3656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:28:36.0910 3656 discache - ok
16:28:36.0926 3656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:28:36.0941 3656 Disk - ok
16:28:37.0004 3656 DMAgent (982d487e4d2d1fcc48a97b102055ece0) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
16:28:37.0019 3656 DMAgent ( UnsignedFile.Multi.Generic ) - warning
16:28:37.0019 3656 DMAgent - detected UnsignedFile.Multi.Generic (1)
16:28:37.0050 3656 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:28:37.0097 3656 Dnscache - ok
16:28:37.0128 3656 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:28:37.0191 3656 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
16:28:37.0191 3656 DockLoginService - detected UnsignedFile.Multi.Generic (1)
16:28:37.0238 3656 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:28:37.0316 3656 dot3svc - ok
16:28:37.0347 3656 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:28:37.0409 3656 DPS - ok
16:28:37.0440 3656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:28:37.0472 3656 drmkaud - ok
16:28:37.0518 3656 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:28:37.0550 3656 DXGKrnl - ok
16:28:37.0581 3656 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:28:37.0628 3656 EapHost - ok
16:28:37.0706 3656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:28:37.0768 3656 ebdrv - ok
16:28:37.0830 3656 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:28:37.0846 3656 eeCtrl - ok
16:28:37.0908 3656 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:28:37.0971 3656 EFS - ok
16:28:38.0033 3656 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:28:38.0080 3656 ehRecvr - ok
16:28:38.0096 3656 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:28:38.0142 3656 ehSched - ok
16:28:38.0205 3656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:28:38.0236 3656 elxstor - ok
16:28:38.0283 3656 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:28:38.0314 3656 EraserUtilRebootDrv - ok
16:28:38.0345 3656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:28:38.0392 3656 ErrDev - ok
16:28:38.0423 3656 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:28:38.0517 3656 EventSystem - ok
16:28:38.0610 3656 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:28:38.0657 3656 EvtEng - ok
16:28:38.0720 3656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:28:38.0766 3656 exfat - ok
16:28:38.0782 3656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:28:38.0829 3656 fastfat - ok
16:28:38.0876 3656 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:28:38.0907 3656 Fax - ok
16:28:38.0938 3656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:28:38.0969 3656 fdc - ok
16:28:39.0000 3656 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:28:39.0063 3656 fdPHost - ok
16:28:39.0078 3656 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:28:39.0110 3656 FDResPub - ok
16:28:39.0141 3656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:28:39.0141 3656 FileInfo - ok
16:28:39.0156 3656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:28:39.0219 3656 Filetrace - ok
16:28:39.0234 3656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:39.0266 3656 flpydisk - ok
16:28:39.0297 3656 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:28:39.0297 3656 FltMgr - ok
16:28:39.0344 3656 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:28:39.0422 3656 FontCache - ok
16:28:39.0484 3656 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:39.0515 3656 FontCache3.0.0.0 - ok
16:28:39.0562 3656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:28:39.0578 3656 FsDepends - ok
16:28:39.0609 3656 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:28:39.0624 3656 Fs_Rec - ok
16:28:39.0656 3656 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:28:39.0687 3656 fvevol - ok
16:28:39.0702 3656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:39.0718 3656 gagp30kx - ok
16:28:39.0765 3656 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:28:39.0780 3656 GoToAssist - ok
16:28:39.0827 3656 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:28:39.0874 3656 gpsvc - ok
16:28:39.0905 3656 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
16:28:39.0921 3656 grmnusb - ok
16:28:39.0952 3656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:28:39.0999 3656 hcw85cir - ok
16:28:40.0046 3656 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:28:40.0061 3656 HdAudAddService - ok
16:28:40.0092 3656 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:28:40.0124 3656 HDAudBus - ok
16:28:40.0155 3656 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:28:40.0170 3656 HECIx64 - ok
16:28:40.0202 3656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:40.0233 3656 HidBatt - ok
16:28:40.0248 3656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:28:40.0264 3656 HidBth - ok
16:28:40.0295 3656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:28:40.0326 3656 HidIr - ok
16:28:40.0358 3656 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:28:40.0420 3656 hidserv - ok
16:28:40.0451 3656 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:28:40.0482 3656 HidUsb - ok
16:28:40.0498 3656 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:28:40.0560 3656 hkmsvc - ok
16:28:40.0592 3656 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:28:40.0654 3656 HomeGroupListener - ok
16:28:40.0670 3656 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:28:40.0716 3656 HomeGroupProvider - ok
16:28:40.0748 3656 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:28:40.0763 3656 HpSAMD - ok
16:28:40.0794 3656 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:28:40.0872 3656 HTTP - ok
16:28:40.0904 3656 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:28:40.0919 3656 hwpolicy - ok
16:28:40.0950 3656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:28:40.0966 3656 i8042prt - ok
16:28:41.0013 3656 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
16:28:41.0044 3656 iaStor - ok
16:28:41.0106 3656 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:28:41.0122 3656 IAStorDataMgrSvc - ok
16:28:41.0200 3656 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:28:41.0231 3656 iaStorV - ok
16:28:41.0278 3656 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:28:41.0309 3656 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:28:41.0309 3656 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:28:41.0403 3656 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:41.0450 3656 idsvc - ok
16:28:41.0590 3656 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120420.001\IDSvia64.sys
16:28:41.0621 3656 IDSVia64 - ok
16:28:41.0855 3656 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:42.0042 3656 igfx - ok
16:28:42.0089 3656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:28:42.0105 3656 iirsp - ok
16:28:42.0152 3656 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:28:42.0230 3656 IKEEXT - ok
16:28:42.0261 3656 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
16:28:42.0292 3656 Impcd - ok
16:28:42.0308 3656 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:28:42.0339 3656 IntcDAud - ok
16:28:42.0370 3656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:28:42.0386 3656 intelide - ok
16:28:42.0401 3656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:28:42.0432 3656 intelppm - ok
16:28:42.0464 3656 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:28:42.0526 3656 IPBusEnum - ok
16:28:42.0557 3656 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:42.0620 3656 IpFilterDriver - ok
16:28:42.0651 3656 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:28:42.0698 3656 iphlpsvc - ok
16:28:42.0744 3656 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:28:42.0776 3656 IPMIDRV - ok
16:28:42.0807 3656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:28:42.0885 3656 IPNAT - ok
16:28:42.0916 3656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:28:42.0978 3656 IRENUM - ok
16:28:43.0025 3656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:28:43.0056 3656 isapnp - ok
16:28:43.0088 3656 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:28:43.0119 3656 iScsiPrt - ok
16:28:43.0134 3656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:28:43.0166 3656 kbdclass - ok
16:28:43.0181 3656 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:28:43.0197 3656 kbdhid - ok
16:28:43.0228 3656 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:43.0259 3656 KeyIso - ok
16:28:43.0275 3656 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:28:43.0290 3656 KSecDD - ok
16:28:43.0306 3656 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:28:43.0322 3656 KSecPkg - ok
16:28:43.0337 3656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:28:43.0384 3656 ksthunk - ok
16:28:43.0415 3656 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:28:43.0478 3656 KtmRm - ok
16:28:43.0509 3656 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:28:43.0571 3656 LanmanServer - ok
16:28:43.0602 3656 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:28:43.0634 3656 LanmanWorkstation - ok
16:28:43.0665 3656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:28:43.0743 3656 lltdio - ok
16:28:43.0774 3656 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:28:43.0836 3656 lltdsvc - ok
16:28:43.0852 3656 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:28:43.0930 3656 lmhosts - ok
16:28:44.0008 3656 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:28:44.0024 3656 LMS - ok
16:28:44.0070 3656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:44.0086 3656 LSI_FC - ok
16:28:44.0102 3656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:44.0117 3656 LSI_SAS - ok
16:28:44.0133 3656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:44.0148 3656 LSI_SAS2 - ok
16:28:44.0164 3656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:44.0180 3656 LSI_SCSI - ok
16:28:44.0195 3656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:28:44.0242 3656 luafv - ok
16:28:44.0273 3656 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:28:44.0273 3656 MBAMProtector - ok
16:28:44.0336 3656 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:28:44.0367 3656 MBAMService - ok
16:28:44.0382 3656 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:28:44.0398 3656 Mcx2Svc - ok
16:28:44.0445 3656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:28:44.0476 3656 megasas - ok
16:28:44.0476 3656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:44.0492 3656 MegaSR - ok
16:28:44.0523 3656 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:28:44.0601 3656 MMCSS - ok
16:28:44.0616 3656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:28:44.0663 3656 Modem - ok
16:28:44.0679 3656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:28:44.0710 3656 monitor - ok
16:28:44.0741 3656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:28:44.0757 3656 mouclass - ok
16:28:44.0772 3656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:28:44.0788 3656 mouhid - ok
16:28:44.0835 3656 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:28:44.0866 3656 mountmgr - ok
16:28:44.0882 3656 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:28:44.0897 3656 mpio - ok
16:28:44.0928 3656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:28:44.0991 3656 mpsdrv - ok
16:28:45.0022 3656 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:28:45.0084 3656 MpsSvc - ok
16:28:45.0116 3656 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:28:45.0162 3656 MRxDAV - ok
16:28:45.0178 3656 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:45.0225 3656 mrxsmb - ok
16:28:45.0256 3656 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:45.0287 3656 mrxsmb10 - ok
16:28:45.0318 3656 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:45.0350 3656 mrxsmb20 - ok
16:28:45.0381 3656 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:28:45.0396 3656 msahci - ok
16:28:45.0412 3656 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:28:45.0428 3656 msdsm - ok
16:28:45.0459 3656 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:28:45.0506 3656 MSDTC - ok
16:28:45.0537 3656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:28:45.0599 3656 Msfs - ok
16:28:45.0615 3656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:28:45.0662 3656 mshidkmdf - ok
16:28:45.0677 3656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:28:45.0693 3656 msisadrv - ok
16:28:45.0724 3656 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:28:45.0786 3656 MSiSCSI - ok
16:28:45.0802 3656 msiserver - ok
16:28:45.0818 3656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:28:45.0864 3656 MSKSSRV - ok
16:28:45.0880 3656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:45.0911 3656 MSPCLOCK - ok
16:28:45.0927 3656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:28:45.0958 3656 MSPQM - ok
16:28:45.0989 3656 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:28:46.0020 3656 MsRPC - ok
16:28:46.0052 3656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:28:46.0052 3656 mssmbios - ok
16:28:46.0067 3656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:28:46.0130 3656 MSTEE - ok
16:28:46.0145 3656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:46.0176 3656 MTConfig - ok
16:28:46.0208 3656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:28:46.0223 3656 Mup - ok
16:28:46.0286 3656 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:28:46.0301 3656 MyWiFiDHCPDNS - ok
16:28:46.0364 3656 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
16:28:46.0395 3656 N360 - ok
16:28:46.0442 3656 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:28:46.0488 3656 napagent - ok
16:28:46.0535 3656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:28:46.0566 3656 NativeWifiP - ok
16:28:46.0676 3656 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120420.032\ENG64.SYS
16:28:46.0707 3656 NAVENG - ok
16:28:46.0754 3656 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120420.032\EX64.SYS
16:28:46.0800 3656 NAVEX15 - ok
16:28:46.0878 3656 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:28:46.0910 3656 NDIS - ok
16:28:46.0941 3656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:47.0003 3656 NdisCap - ok
16:28:47.0019 3656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:47.0050 3656 NdisTapi - ok
16:28:47.0081 3656 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:47.0144 3656 Ndisuio - ok
16:28:47.0175 3656 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:47.0222 3656 NdisWan - ok
16:28:47.0237 3656 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:28:47.0268 3656 NDProxy - ok
16:28:47.0300 3656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:28:47.0331 3656 NetBIOS - ok
16:28:47.0362 3656 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:28:47.0440 3656 NetBT - ok
16:28:47.0456 3656 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:47.0471 3656 Netlogon - ok
16:28:47.0502 3656 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:28:47.0580 3656 Netman - ok
16:28:47.0643 3656 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:47.0674 3656 NetMsmqActivator - ok
16:28:47.0674 3656 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:47.0690 3656 NetPipeActivator - ok
16:28:47.0752 3656 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:28:47.0830 3656 netprofm - ok
16:28:47.0846 3656 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:47.0861 3656 NetTcpActivator - ok
16:28:47.0861 3656 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:47.0877 3656 NetTcpPortSharing - ok
16:28:48.0017 3656 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:28:48.0126 3656 NETw5s64 - ok
16:28:48.0173 3656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:48.0173 3656 nfrd960 - ok
16:28:48.0220 3656 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:28:48.0267 3656 NlaSvc - ok
16:28:48.0282 3656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:28:48.0314 3656 Npfs - ok
16:28:48.0345 3656 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:28:48.0376 3656 nsi - ok
16:28:48.0392 3656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:28:48.0438 3656 nsiproxy - ok
16:28:48.0485 3656 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:28:48.0516 3656 Ntfs - ok
16:28:48.0532 3656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:28:48.0610 3656 Null - ok
16:28:48.0657 3656 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:28:48.0672 3656 nvraid - ok
16:28:48.0704 3656 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:28:48.0719 3656 nvstor - ok
16:28:48.0766 3656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:28:48.0797 3656 nv_agp - ok
16:28:48.0828 3656 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys
16:28:48.0875 3656 NWADI - ok
16:28:48.0906 3656 NWUSBCDFIL64 (de3abd010d9734cd4ad4e0ba81f50b63) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
16:28:48.0984 3656 NWUSBCDFIL64 - ok
16:28:49.0000 3656 NWUSBModem (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbmdm.sys
16:28:49.0078 3656 NWUSBModem - ok
16:28:49.0125 3656 NWUSBPort (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser.sys
16:28:49.0156 3656 NWUSBPort - ok
16:28:49.0172 3656 NWUSBPort2 (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser2.sys
16:28:49.0187 3656 NWUSBPort2 - ok
16:28:49.0218 3656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:28:49.0265 3656 ohci1394 - ok
16:28:49.0343 3656 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:49.0359 3656 ose - ok
16:28:49.0484 3656 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:28:49.0562 3656 osppsvc - ok
16:28:49.0624 3656 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:28:49.0655 3656 p2pimsvc - ok
16:28:49.0686 3656 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:28:49.0733 3656 p2psvc - ok
16:28:49.0780 3656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:28:49.0811 3656 Parport - ok
16:28:49.0827 3656 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:28:49.0858 3656 partmgr - ok
16:28:49.0874 3656 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:28:49.0920 3656 PcaSvc - ok
16:28:49.0952 3656 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:28:49.0983 3656 pci - ok
16:28:50.0014 3656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:28:50.0030 3656 pciide - ok
16:28:50.0061 3656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:50.0076 3656 pcmcia - ok
16:28:50.0092 3656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:28:50.0108 3656 pcw - ok
16:28:50.0123 3656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:28:50.0170 3656 PEAUTH - ok
16:28:50.0217 3656 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:28:50.0232 3656 PerfHost - ok
16:28:50.0295 3656 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:28:50.0388 3656 pla - ok
16:28:50.0420 3656 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:28:50.0451 3656 PlugPlay - ok
16:28:50.0482 3656 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:28:50.0498 3656 PNRPAutoReg - ok
16:28:50.0529 3656 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:28:50.0544 3656 PNRPsvc - ok
16:28:50.0576 3656 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:28:50.0622 3656 PolicyAgent - ok
16:28:50.0654 3656 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:28:50.0700 3656 Power - ok
16:28:50.0747 3656 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:28:50.0810 3656 PptpMiniport - ok
16:28:50.0841 3656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:28:50.0872 3656 Processor - ok
16:28:50.0888 3656 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:28:50.0950 3656 ProfSvc - ok
16:28:50.0997 3656 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:50.0997 3656 ProtectedStorage - ok
16:28:51.0044 3656 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:28:51.0106 3656 Psched - ok
16:28:51.0137 3656 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:28:51.0153 3656 PxHlpa64 - ok
16:28:51.0215 3656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:28:51.0246 3656 ql2300 - ok
16:28:51.0262 3656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:51.0278 3656 ql40xx - ok
16:28:51.0309 3656 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:28:51.0340 3656 QWAVE - ok
16:28:51.0356 3656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:28:51.0387 3656 QWAVEdrv - ok
16:28:51.0402 3656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:28:51.0434 3656 RasAcd - ok
16:28:51.0465 3656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:51.0496 3656 RasAgileVpn - ok
16:28:51.0512 3656 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:28:51.0543 3656 RasAuto - ok
16:28:51.0574 3656 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:51.0636 3656 Rasl2tp - ok
16:28:51.0652 3656 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:28:51.0699 3656 RasMan - ok
16:28:51.0730 3656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:51.0777 3656 RasPppoe - ok
16:28:51.0792 3656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:28:51.0839 3656 RasSstp - ok
16:28:51.0870 3656 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:28:51.0933 3656 rdbss - ok
16:28:51.0948 3656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:51.0964 3656 rdpbus - ok
16:28:51.0995 3656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:52.0058 3656 RDPCDD - ok
16:28:52.0073 3656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:28:52.0120 3656 RDPENCDD - ok
16:28:52.0151 3656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:28:52.0182 3656 RDPREFMP - ok
16:28:52.0198 3656 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:28:52.0245 3656 RDPWD - ok
16:28:52.0276 3656 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:28:52.0307 3656 rdyboost - ok
16:28:52.0354 3656 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:28:52.0385 3656 RegSrvc - ok
16:28:52.0416 3656 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:28:52.0463 3656 RemoteAccess - ok
16:28:52.0494 3656 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:28:52.0557 3656 RemoteRegistry - ok
16:28:52.0588 3656 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:28:52.0635 3656 RFCOMM - ok
16:28:52.0635 3656 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:28:52.0697 3656 RpcEptMapper - ok
16:28:52.0728 3656 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:28:52.0760 3656 RpcLocator - ok
16:28:52.0791 3656 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:28:52.0838 3656 RpcSs - ok
16:28:52.0869 3656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:28:52.0931 3656 rspndr - ok
16:28:52.0962 3656 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
16:28:52.0978 3656 RSUSBSTOR - ok
16:28:52.0994 3656 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:28:53.0009 3656 RTL8167 - ok
16:28:53.0040 3656 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:53.0056 3656 SamSs - ok
16:28:53.0087 3656 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:28:53.0103 3656 sbp2port - ok
16:28:53.0165 3656 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:28:53.0196 3656 SBSDWSCService - ok
16:28:53.0228 3656 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:28:53.0274 3656 SCardSvr - ok
16:28:53.0306 3656 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:28:53.0368 3656 scfilter - ok
16:28:53.0399 3656 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:28:53.0462 3656 Schedule - ok
16:28:53.0493 3656 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:28:53.0524 3656 SCPolicySvc - ok
16:28:53.0540 3656 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:28:53.0586 3656 SDRSVC - ok
16:28:53.0618 3656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:28:53.0664 3656 secdrv - ok
16:28:53.0680 3656 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:28:53.0742 3656 seclogon - ok
16:28:53.0774 3656 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:28:53.0836 3656 SENS - ok
16:28:53.0852 3656 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:28:53.0883 3656 SensrSvc - ok
16:28:53.0930 3656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:28:53.0961 3656 Serenum - ok
16:28:53.0976 3656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:28:53.0992 3656 Serial - ok
16:28:54.0039 3656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:28:54.0054 3656 sermouse - ok
16:28:54.0101 3656 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:28:54.0164 3656 SessionEnv - ok
16:28:54.0195 3656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:28:54.0242 3656 sffdisk - ok
16:28:54.0257 3656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:28:54.0273 3656 sffp_mmc - ok
16:28:54.0288 3656 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:28:54.0304 3656 sffp_sd - ok
16:28:54.0320 3656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:54.0366 3656 sfloppy - ok
16:28:54.0429 3656 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:28:54.0460 3656 SftService - ok
16:28:54.0522 3656 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:28:54.0585 3656 SharedAccess - ok
16:28:54.0616 3656 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:28:54.0678 3656 ShellHWDetection - ok
16:28:54.0725 3656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:54.0756 3656 SiSRaid2 - ok
16:28:54.0756 3656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:54.0772 3656 SiSRaid4 - ok
16:28:54.0788 3656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:28:54.0834 3656 Smb - ok
16:28:54.0866 3656 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:28:54.0897 3656 SNMPTRAP - ok
16:28:54.0912 3656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:28:54.0928 3656 spldr - ok
16:28:54.0959 3656 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:28:55.0022 3656 Spooler - ok
16:28:55.0100 3656 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:28:55.0209 3656 sppsvc - ok
16:28:55.0240 3656 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:28:55.0318 3656 sppuinotify - ok
16:28:55.0412 3656 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
16:28:55.0458 3656 SRTSP - ok
16:28:55.0474 3656 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
16:28:55.0474 3656 SRTSPX - ok
16:28:55.0505 3656 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:28:55.0552 3656 srv - ok
16:28:55.0583 3656 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:28:55.0614 3656 srv2 - ok
16:28:55.0630 3656 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:28:55.0661 3656 srvnet - ok
16:28:55.0692 3656 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:28:55.0755 3656 SSDPSRV - ok
16:28:55.0770 3656 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:28:55.0817 3656 SstpSvc - ok
16:28:55.0880 3656 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
16:28:55.0911 3656 STacSV - ok
16:28:55.0973 3656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:28:55.0989 3656 stexstor - ok
16:28:56.0020 3656 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
16:28:56.0051 3656 STHDA - ok
16:28:56.0082 3656 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:28:56.0129 3656 stisvc - ok
16:28:56.0160 3656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:28:56.0160 3656 swenum - ok
16:28:56.0192 3656 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:28:56.0270 3656 swprv - ok
16:28:56.0332 3656 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
16:28:56.0348 3656 SymDS - ok
16:28:56.0379 3656 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
16:28:56.0394 3656 SymEFA - ok
16:28:56.0426 3656 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:28:56.0441 3656 SymEvent - ok
16:28:56.0457 3656 SYMFW - ok
16:28:56.0488 3656 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
16:28:56.0519 3656 SymIRON - ok
16:28:56.0535 3656 SYMNDISV - ok
16:28:56.0550 3656 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMNETS.SYS
16:28:56.0566 3656 SymNetS - ok
16:28:56.0597 3656 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
16:28:56.0613 3656 SynTP - ok
16:28:56.0660 3656 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:28:56.0722 3656 SysMain - ok
16:28:56.0738 3656 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:28:56.0784 3656 TabletInputService - ok
16:28:56.0816 3656 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:28:56.0878 3656 TapiSrv - ok
16:28:56.0909 3656 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:28:56.0972 3656 TBS - ok
16:28:57.0050 3656 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:28:57.0096 3656 Tcpip - ok
16:28:57.0143 3656 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:28:57.0206 3656 TCPIP6 - ok
16:28:57.0221 3656 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:28:57.0252 3656 tcpipreg - ok
16:28:57.0284 3656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:28:57.0315 3656 TDPIPE - ok
16:28:57.0346 3656 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:28:57.0393 3656 TDTCP - ok
16:28:57.0424 3656 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:28:57.0486 3656 tdx - ok
16:28:57.0518 3656 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:28:57.0533 3656 TermDD - ok
16:28:57.0564 3656 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:28:57.0642 3656 TermService - ok
16:28:57.0674 3656 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:28:57.0705 3656 Themes - ok
16:28:57.0736 3656 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:28:57.0783 3656 THREADORDER - ok
16:28:57.0783 3656 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:28:57.0830 3656 TrkWks - ok
16:28:57.0876 3656 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:28:57.0939 3656 TrustedInstaller - ok
16:28:57.0970 3656 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:58.0048 3656 tssecsrv - ok
16:28:58.0079 3656 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:28:58.0126 3656 TsUsbFlt - ok
16:28:58.0157 3656 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:28:58.0220 3656 tunnel - ok
16:28:58.0266 3656 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:28:58.0282 3656 TurboB - ok
16:28:58.0313 3656 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:28:58.0329 3656 TurboBoost - ok
16:28:58.0360 3656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:28:58.0376 3656 uagp35 - ok
16:28:58.0407 3656 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:28:58.0485 3656 udfs - ok
16:28:58.0516 3656 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:28:58.0532 3656 UI0Detect - ok
16:28:58.0578 3656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:28:58.0594 3656 uliagpkx - ok
16:28:58.0625 3656 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:28:58.0656 3656 umbus - ok
16:28:58.0688 3656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:28:58.0719 3656 UmPass - ok
16:28:58.0828 3656 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:28:58.0875 3656 UNS - ok
16:28:58.0906 3656 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:28:58.0968 3656 upnphost - ok
16:28:59.0015 3656 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:59.0062 3656 usbccgp - ok
16:28:59.0109 3656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:28:59.0156 3656 usbcir - ok
16:28:59.0187 3656 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:28:59.0218 3656 usbehci - ok
16:28:59.0234 3656 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:28:59.0280 3656 usbhub - ok
16:28:59.0312 3656 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:28:59.0343 3656 usbohci - ok
16:28:59.0390 3656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:28:59.0421 3656 usbprint - ok
16:28:59.0452 3656 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:59.0483 3656 USBSTOR - ok
16:28:59.0514 3656 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:28:59.0546 3656 usbuhci - ok
16:28:59.0577 3656 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:28:59.0608 3656 usbvideo - ok
16:28:59.0639 3656 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:28:59.0702 3656 UxSms - ok
16:28:59.0733 3656 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:28:59.0733 3656 VaultSvc - ok
16:28:59.0764 3656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:28:59.0795 3656 vdrvroot - ok
16:28:59.0826 3656 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:28:59.0889 3656 vds - ok
16:28:59.0904 3656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:59.0936 3656 vga - ok
16:28:59.0982 3656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:29:00.0045 3656 VgaSave - ok
16:29:00.0076 3656 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:29:00.0107 3656 vhdmp - ok
16:29:00.0138 3656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:29:00.0170 3656 viaide - ok
16:29:00.0201 3656 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:29:00.0216 3656 volmgr - ok
16:29:00.0248 3656 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:29:00.0279 3656 volmgrx - ok
16:29:00.0294 3656 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:29:00.0326 3656 volsnap - ok
16:29:00.0372 3656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:29:00.0404 3656 vsmraid - ok
16:29:00.0450 3656 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:29:00.0513 3656 VSS - ok
16:29:00.0560 3656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:29:00.0591 3656 vwifibus - ok
16:29:00.0591 3656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:29:00.0622 3656 vwififlt - ok
16:29:00.0622 3656 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:29:00.0638 3656 vwifimp - ok
16:29:00.0684 3656 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:29:00.0747 3656 W32Time - ok
16:29:00.0762 3656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:29:00.0778 3656 WacomPen - ok
16:29:00.0809 3656 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:00.0887 3656 WANARP - ok
16:29:00.0887 3656 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:00.0918 3656 Wanarpv6 - ok
16:29:00.0981 3656 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:29:01.0012 3656 WatAdminSvc - ok
16:29:01.0074 3656 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:29:01.0106 3656 wbengine - ok
16:29:01.0152 3656 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:29:01.0184 3656 WbioSrvc - ok
16:29:01.0199 3656 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:29:01.0246 3656 wcncsvc - ok
16:29:01.0262 3656 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:29:01.0293 3656 WcsPlugInService - ok
16:29:01.0340 3656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:29:01.0371 3656 Wd - ok
16:29:01.0402 3656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:29:01.0433 3656 Wdf01000 - ok
16:29:01.0449 3656 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:29:01.0527 3656 WdiServiceHost - ok
16:29:01.0542 3656 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:29:01.0558 3656 WdiSystemHost - ok
16:29:01.0589 3656 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:29:01.0636 3656 WebClient - ok
16:29:01.0652 3656 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:29:01.0714 3656 Wecsvc - ok
16:29:01.0714 3656 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:29:01.0761 3656 wercplsupport - ok
16:29:01.0761 3656 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:29:01.0808 3656 WerSvc - ok
16:29:01.0854 3656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:01.0917 3656 WfpLwf - ok
16:29:01.0979 3656 WiMAXAppSrv (221780b6c152fb24881638defeff4305) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
16:29:02.0010 3656 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning
16:29:02.0010 3656 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1)
16:29:02.0057 3656 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:29:02.0073 3656 WimFltr - ok
16:29:02.0120 3656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:29:02.0135 3656 WIMMount - ok
16:29:02.0151 3656 WinDefend - ok
16:29:02.0166 3656 WinHttpAutoProxySvc - ok
16:29:02.0198 3656 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:29:02.0260 3656 Winmgmt - ok
16:29:02.0322 3656 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:29:02.0385 3656 WinRM - ok
16:29:02.0432 3656 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:29:02.0463 3656 Wlansvc - ok
16:29:02.0525 3656 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:29:02.0541 3656 wlcrasvc - ok
16:29:02.0619 3656 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:29:02.0666 3656 wlidsvc - ok
16:29:02.0712 3656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:29:02.0744 3656 WmiAcpi - ok
16:29:02.0790 3656 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:29:02.0822 3656 wmiApSrv - ok
16:29:02.0868 3656 WMPNetworkSvc - ok
16:29:02.0900 3656 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:29:02.0931 3656 WPCSvc - ok
16:29:02.0962 3656 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:29:02.0993 3656 WPDBusEnum - ok
16:29:03.0024 3656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:29:03.0087 3656 ws2ifsl - ok
16:29:03.0118 3656 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:29:03.0149 3656 wscsvc - ok
16:29:03.0149 3656 WSearch - ok
16:29:03.0227 3656 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:29:03.0290 3656 wuauserv - ok
16:29:03.0336 3656 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:29:03.0399 3656 WudfPf - ok
16:29:03.0414 3656 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:03.0461 3656 WUDFRd - ok
16:29:03.0492 3656 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:29:03.0524 3656 wudfsvc - ok
16:29:03.0555 3656 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:29:03.0602 3656 WwanSvc - ok
16:29:03.0664 3656 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:29:03.0695 3656 yukonw7 - ok
16:29:03.0742 3656 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
16:29:03.0773 3656 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
16:29:03.0789 3656 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
16:29:03.0960 3656 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:29:03.0960 3656 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:29:03.0960 3656 MBR (0x1B8) (9b4f3db6e31857f19ff5a6b6e45a620e) \Device\Harddisk1\DR1
16:29:04.0148 3656 \Device\Harddisk1\DR1 - ok
16:29:04.0148 3656 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
16:29:04.0148 3656 \Device\Harddisk0\DR0\Partition0 - ok
16:29:04.0194 3656 Boot (0x1200) (02d3c531ac736f85f2d45f0e1fd3f66f) \Device\Harddisk0\DR0\Partition1
16:29:04.0194 3656 \Device\Harddisk0\DR0\Partition1 - ok
16:29:04.0194 3656 Boot (0x1200) (982f93dd7b3fddd13e2a35540f87dfba) \Device\Harddisk1\DR1\Partition0
16:29:04.0194 3656 \Device\Harddisk1\DR1\Partition0 - ok
16:29:04.0194 3656 ============================================================
16:29:04.0194 3656 Scan finished
16:29:04.0194 3656 ============================================================
16:29:04.0210 1472 Detected object count: 5
16:29:04.0210 1472 Actual detected object count: 5
16:29:11.0058 1472 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0058 1472 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0058 1472 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0058 1472 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0074 1472 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0074 1472 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0074 1472 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0074 1472 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0074 1472 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:29:11.0074 1472 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:29:13.0367 5524 Deinitialize success

#6 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 24 April 2012 - 09:03 AM

Bonjour nasdaq

Since my last post:

Computer operating normally
Norton 360 running
Malwarebytes pay version running
Adobe Flash Player requested to update: refused update unitl I hear from you
Malwarebytes updated automatically to latest definitions

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 24 April 2012 - 12:27 PM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Now that you have a new System Restore point get the latest Adobe reader.

#8 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 24 April 2012 - 12:37 PM

Following your instructions above re: ComboFix results in the following message:

Windows cannot find ComboFix. Make sure you typed the name correctly and then try again.

Did not proceed further.

Note I do not have Adobe Reader Installed at this time. I have the full version of Adobe X, Version 10.1.3

Edited by joshuals, 24 April 2012 - 01:05 PM.


#9 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 24 April 2012 - 12:40 PM

I bet I need to be in the account with Administrator Privileges....let me try that....be right back

#10 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 24 April 2012 - 12:58 PM

OK.....I was able to delete ComboFix when logged into the account w/ Administrator Priviliges, but the uninstall warned me to shut off the Norton360, so:

(1) Shut off both antivirus & firewall for 5 hours by right clicking on icon
(2) Launched Norton360 from Start Menu and unchecked all boxes, disabling everything
(3) Clicked on OK in ComboFix message box that instructed me to turn off Norton360, and message came up stating it still thought Norton Scanner was running, but that ComboFix would run at my own risk
(4) ComboFix uninstalled successfully
(5) Deleted DDS from Desktop

I proceed no further, as we have not reversed the effect of defogger, have we?????

The following apps still exist
(1) Defogger
(2) TDSSK

Waiting on further instruction before proceeding further

Edited by joshuals, 24 April 2012 - 01:06 PM.


#11 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 24 April 2012 - 01:04 PM

Further note....I have allowed Norton360 to re-enable. If I need to disable it before proceeding with your next instruction, please advise.....

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 25 April 2012 - 07:01 AM

HOW TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Delete the TDSSKiller tool.

#13 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 25 April 2012 - 09:59 AM

In following your instructions above, clicking Re-Enable in Defogger results in an error message

"Defogger Error: Unable to find the file"

A Defogger_Enable file was created but it has zero bytes and no text that I can copy/paste.

Did not proceed any further. Computer otherwise running normally

Edited by joshuals, 25 April 2012 - 10:30 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 25 April 2012 - 10:47 AM

You should be ok. I will keep this topic open for 5 days.

#15 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:07:08 PM

Posted 25 April 2012 - 10:59 AM

Should I delete the following files from the desktop?

(1) Defogger.exe
(2) Defogger_Disable.log
(3) TDSSDKiller.exe

Should I delete the following file from c:\users\?

(1) Defogger_Enable.log (zero bytes)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users