Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log file


  • This topic is locked This topic is locked
11 replies to this topic

#1 pnbsoup

pnbsoup

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 18 July 2012 - 08:56 AM


Was wondering if someone is kind enough and be able to look at my HJT Log below...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:04 AM, on 7/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Voltage Security\VSManager2.exe
C:\Program Files\Common Files\Voltage Security\VSAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Voltage Encryption Manager.lnk = C:\Program Files\Common Files\Voltage Security\VSManager2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.harleysvillegroup.com
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab
O18 - Filter: application/x-vs-authtoken - {1F17617E-C296-4C16-89E3-E22C6C454645} - C:\Program Files\Common Files\Voltage Security\VSTokenHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\system32\atashost.exe
O23 - Service: Fantapper Player Update Service (FTSvc) - Brand Affinity Technologies - C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 8652 bytes

Thanks I appreciate any information...


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 PM

Posted 18 July 2012 - 04:17 PM

HJT doesn't give us enough information anymore, we need a more thorough set of logs, but you haven't said what is wrong with your computer? What symptoms are you experiencing?

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 July 2012 - 09:49 AM

CatByte -
Thanks for looking into my scan...I keep getting pop-up windows...Below are my logs...

TDSS Killer -
10:44:36.0322 5684 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:44:36.0587 5684 ============================================================
10:44:36.0587 5684 Current date / time: 2012/07/19 10:44:36.0587
10:44:36.0587 5684 SystemInfo:
10:44:36.0587 5684
10:44:36.0587 5684 OS Version: 6.1.7601 ServicePack: 1.0
10:44:36.0587 5684 Product type: Workstation
10:44:36.0587 5684 ComputerName: CK-1211-1
10:44:36.0587 5684 UserName: End User
10:44:36.0587 5684 Windows directory: C:\Windows
10:44:36.0587 5684 System windows directory: C:\Windows
10:44:36.0587 5684 Processor architecture: Intel x86
10:44:36.0587 5684 Number of processors: 2
10:44:36.0587 5684 Page size: 0x1000
10:44:36.0587 5684 Boot type: Normal boot
10:44:36.0587 5684 ============================================================
10:44:37.0637 5684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:44:37.0656 5684 ============================================================
10:44:37.0656 5684 \Device\Harddisk0\DR0:
10:44:37.0656 5684 MBR partitions:
10:44:37.0656 5684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:44:37.0656 5684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
10:44:37.0656 5684 ============================================================
10:44:37.0674 5684 C: <-> \Device\Harddisk0\DR0\Partition1
10:44:37.0674 5684 ============================================================
10:44:37.0674 5684 Initialize success
10:44:37.0674 5684 ============================================================
10:45:09.0146 0472 ============================================================
10:45:09.0146 0472 Scan started
10:45:09.0146 0472 Mode: Manual; TDLFS;
10:45:09.0146 0472 ============================================================
10:45:09.0650 0472 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:45:09.0653 0472 1394ohci - ok
10:45:09.0685 0472 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:45:09.0688 0472 ACPI - ok
10:45:09.0700 0472 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:45:09.0701 0472 AcpiPmi - ok
10:45:09.0787 0472 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:45:09.0789 0472 AdobeARMservice - ok
10:45:09.0862 0472 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:45:09.0865 0472 AdobeFlashPlayerUpdateSvc - ok
10:45:09.0909 0472 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
10:45:09.0926 0472 adp94xx - ok
10:45:09.0958 0472 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
10:45:09.0963 0472 adpahci - ok
10:45:09.0986 0472 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
10:45:09.0988 0472 adpu320 - ok
10:45:10.0014 0472 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:45:10.0015 0472 AeLookupSvc - ok
10:45:10.0066 0472 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:45:10.0078 0472 AFD - ok
10:45:10.0089 0472 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:45:10.0090 0472 agp440 - ok
10:45:10.0105 0472 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
10:45:10.0106 0472 aic78xx - ok
10:45:10.0136 0472 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:45:10.0137 0472 ALG - ok
10:45:10.0149 0472 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:45:10.0150 0472 aliide - ok
10:45:10.0165 0472 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:45:10.0166 0472 amdagp - ok
10:45:10.0179 0472 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:45:10.0180 0472 amdide - ok
10:45:10.0198 0472 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
10:45:10.0199 0472 AmdK8 - ok
10:45:10.0218 0472 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
10:45:10.0219 0472 AmdPPM - ok
10:45:10.0248 0472 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:45:10.0249 0472 amdsata - ok
10:45:10.0275 0472 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
10:45:10.0277 0472 amdsbs - ok
10:45:10.0288 0472 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:45:10.0289 0472 amdxata - ok
10:45:10.0301 0472 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:45:10.0302 0472 AppID - ok
10:45:10.0327 0472 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:45:10.0328 0472 AppIDSvc - ok
10:45:10.0338 0472 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:45:10.0339 0472 Appinfo - ok
10:45:10.0360 0472 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
10:45:10.0361 0472 arc - ok
10:45:10.0373 0472 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
10:45:10.0375 0472 arcsas - ok
10:45:10.0399 0472 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:10.0400 0472 AsyncMac - ok
10:45:10.0415 0472 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:45:10.0416 0472 atapi - ok
10:45:10.0476 0472 atashost (2f3e8326c138f27fdded1c4e1dcb0b57) C:\Windows\system32\atashost.exe
10:45:10.0478 0472 atashost - ok
10:45:10.0528 0472 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:45:10.0553 0472 AudioEndpointBuilder - ok
10:45:10.0560 0472 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:45:10.0564 0472 Audiosrv - ok
10:45:10.0584 0472 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:45:10.0586 0472 AxInstSV - ok
10:45:10.0631 0472 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
10:45:10.0641 0472 b06bdrv - ok
10:45:10.0674 0472 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:45:10.0680 0472 b57nd60x - ok
10:45:10.0777 0472 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:45:10.0786 0472 BBSvc - ok
10:45:10.0823 0472 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:45:10.0827 0472 BBUpdate - ok
10:45:10.0872 0472 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:45:10.0874 0472 BDESVC - ok
10:45:10.0895 0472 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:45:10.0896 0472 Beep - ok
10:45:10.0945 0472 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:45:10.0953 0472 BFE - ok
10:45:11.0091 0472 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
10:45:11.0105 0472 BHDrvx86 - ok
10:45:11.0150 0472 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:45:11.0163 0472 BITS - ok
10:45:11.0207 0472 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:45:11.0208 0472 blbdrive - ok
10:45:11.0248 0472 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:45:11.0250 0472 bowser - ok
10:45:11.0261 0472 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
10:45:11.0262 0472 BrFiltLo - ok
10:45:11.0277 0472 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
10:45:11.0277 0472 BrFiltUp - ok
10:45:11.0307 0472 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:45:11.0309 0472 Browser - ok
10:45:11.0338 0472 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:45:11.0345 0472 Brserid - ok
10:45:11.0366 0472 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:45:11.0367 0472 BrSerWdm - ok
10:45:11.0375 0472 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:45:11.0376 0472 BrUsbMdm - ok
10:45:11.0387 0472 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:45:11.0388 0472 BrUsbSer - ok
10:45:11.0404 0472 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
10:45:11.0405 0472 BTHMODEM - ok
10:45:11.0423 0472 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:45:11.0425 0472 bthserv - ok
10:45:11.0575 0472 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NAV\1307010.005\ccSetx86.sys
10:45:11.0595 0472 ccSet_NAV - ok
10:45:11.0622 0472 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:45:11.0624 0472 cdfs - ok
10:45:11.0655 0472 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:45:11.0657 0472 cdrom - ok
10:45:11.0688 0472 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:45:11.0690 0472 CertPropSvc - ok
10:45:11.0707 0472 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
10:45:11.0708 0472 circlass - ok
10:45:11.0732 0472 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:45:11.0739 0472 CLFS - ok
10:45:11.0806 0472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:45:11.0809 0472 clr_optimization_v2.0.50727_32 - ok
10:45:11.0879 0472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:45:11.0882 0472 clr_optimization_v4.0.30319_32 - ok
10:45:11.0892 0472 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
10:45:11.0893 0472 CmBatt - ok
10:45:11.0911 0472 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:45:11.0912 0472 cmdide - ok
10:45:11.0955 0472 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
10:45:11.0974 0472 CNG - ok
10:45:11.0992 0472 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
10:45:11.0993 0472 Compbatt - ok
10:45:12.0015 0472 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:45:12.0016 0472 CompositeBus - ok
10:45:12.0021 0472 COMSysApp - ok
10:45:12.0033 0472 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
10:45:12.0034 0472 crcdisk - ok
10:45:12.0077 0472 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:45:12.0079 0472 CryptSvc - ok
10:45:12.0117 0472 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:45:12.0125 0472 DcomLaunch - ok
10:45:12.0158 0472 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:45:12.0164 0472 defragsvc - ok
10:45:12.0179 0472 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:45:12.0180 0472 DfsC - ok
10:45:12.0216 0472 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:45:12.0223 0472 Dhcp - ok
10:45:12.0247 0472 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:45:12.0248 0472 discache - ok
10:45:12.0278 0472 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
10:45:12.0279 0472 Disk - ok
10:45:12.0312 0472 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:45:12.0315 0472 Dnscache - ok
10:45:12.0340 0472 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:45:12.0349 0472 dot3svc - ok
10:45:12.0406 0472 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
10:45:12.0408 0472 Dot4 - ok
10:45:12.0434 0472 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:45:12.0435 0472 Dot4Print - ok
10:45:12.0446 0472 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
10:45:12.0447 0472 dot4usb - ok
10:45:12.0462 0472 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:45:12.0464 0472 DPS - ok
10:45:12.0500 0472 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:45:12.0500 0472 drmkaud - ok
10:45:12.0546 0472 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:45:12.0556 0472 DXGKrnl - ok
10:45:12.0596 0472 e1cexpress (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys
10:45:12.0599 0472 e1cexpress - ok
10:45:12.0616 0472 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:45:12.0617 0472 EapHost - ok
10:45:12.0761 0472 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
10:45:12.0812 0472 ebdrv - ok
10:45:12.0881 0472 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:45:12.0892 0472 eeCtrl - ok
10:45:12.0966 0472 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:45:12.0968 0472 EFS - ok
10:45:13.0034 0472 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:45:13.0048 0472 ehRecvr - ok
10:45:13.0066 0472 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:45:13.0068 0472 ehSched - ok
10:45:13.0127 0472 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
10:45:13.0137 0472 elxstor - ok
10:45:13.0212 0472 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:45:13.0215 0472 EraserUtilRebootDrv - ok
10:45:13.0231 0472 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:45:13.0232 0472 ErrDev - ok
10:45:13.0280 0472 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:45:13.0284 0472 EventSystem - ok
10:45:13.0308 0472 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:45:13.0310 0472 exfat - ok
10:45:13.0326 0472 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:45:13.0328 0472 fastfat - ok
10:45:13.0366 0472 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:45:13.0381 0472 Fax - ok
10:45:13.0394 0472 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
10:45:13.0395 0472 fdc - ok
10:45:13.0404 0472 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:45:13.0405 0472 fdPHost - ok
10:45:13.0412 0472 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:45:13.0414 0472 FDResPub - ok
10:45:13.0425 0472 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:45:13.0427 0472 FileInfo - ok
10:45:13.0439 0472 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:45:13.0441 0472 Filetrace - ok
10:45:13.0452 0472 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
10:45:13.0453 0472 flpydisk - ok
10:45:13.0485 0472 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:45:13.0494 0472 FltMgr - ok
10:45:13.0555 0472 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:45:13.0568 0472 FontCache - ok
10:45:13.0638 0472 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:45:13.0640 0472 FontCache3.0.0.0 - ok
10:45:13.0656 0472 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:45:13.0658 0472 FsDepends - ok
10:45:13.0689 0472 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:45:13.0690 0472 Fs_Rec - ok
10:45:13.0760 0472 FTSvc (bbab3700a9840be6aae122c1e3611c8f) C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
10:45:13.0771 0472 FTSvc - ok
10:45:13.0805 0472 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:45:13.0813 0472 fvevol - ok
10:45:13.0836 0472 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
10:45:13.0837 0472 gagp30kx - ok
10:45:13.0884 0472 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:45:13.0913 0472 gpsvc - ok
10:45:13.0930 0472 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:45:13.0931 0472 hcw85cir - ok
10:45:13.0976 0472 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:45:13.0989 0472 HdAudAddService - ok
10:45:14.0014 0472 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:45:14.0016 0472 HDAudBus - ok
10:45:14.0028 0472 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
10:45:14.0030 0472 HidBatt - ok
10:45:14.0048 0472 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
10:45:14.0050 0472 HidBth - ok
10:45:14.0078 0472 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
10:45:14.0079 0472 HidIr - ok
10:45:14.0099 0472 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:45:14.0101 0472 hidserv - ok
10:45:14.0122 0472 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:45:14.0123 0472 HidUsb - ok
10:45:14.0161 0472 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:45:14.0163 0472 hkmsvc - ok
10:45:14.0181 0472 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:45:14.0190 0472 HomeGroupListener - ok
10:45:14.0213 0472 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:45:14.0222 0472 HomeGroupProvider - ok
10:45:14.0334 0472 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:45:14.0338 0472 hpqcxs08 - ok
10:45:14.0357 0472 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:45:14.0360 0472 hpqddsvc - ok
10:45:14.0392 0472 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:45:14.0393 0472 HpSAMD - ok
10:45:14.0452 0472 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:45:14.0470 0472 HPSLPSVC - ok
10:45:14.0522 0472 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:45:14.0537 0472 HTTP - ok
10:45:14.0546 0472 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:45:14.0547 0472 hwpolicy - ok
10:45:14.0575 0472 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:45:14.0577 0472 i8042prt - ok
10:45:14.0616 0472 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:45:14.0628 0472 iaStorV - ok
10:45:14.0729 0472 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:45:14.0743 0472 idsvc - ok
10:45:14.0873 0472 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120718.001\IDSvix86.sys
10:45:14.0885 0472 IDSVix86 - ok
10:45:15.0274 0472 igfx (3de3493935396b81cc57fdac32398001) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:45:15.0443 0472 igfx - ok
10:45:15.0540 0472 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
10:45:15.0541 0472 iirsp - ok
10:45:15.0604 0472 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:45:15.0615 0472 IKEEXT - ok
10:45:15.0770 0472 IntcAzAudAddService (544fcaf4cf73c6ef6a83747cb9274177) C:\Windows\system32\drivers\RTKVHDA.sys
10:45:15.0843 0472 IntcAzAudAddService - ok
10:45:15.0945 0472 Intel® PROSet Monitoring Service (f2c6fb081b707863a0a21d639f325475) C:\Windows\system32\IProsetMonitor.exe
10:45:15.0948 0472 Intel® PROSet Monitoring Service - ok
10:45:15.0971 0472 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:45:15.0972 0472 intelide - ok
10:45:16.0004 0472 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:45:16.0005 0472 intelppm - ok
10:45:16.0025 0472 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:45:16.0028 0472 IPBusEnum - ok
10:45:16.0040 0472 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:45:16.0041 0472 IpFilterDriver - ok
10:45:16.0079 0472 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:45:16.0086 0472 iphlpsvc - ok
10:45:16.0101 0472 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:45:16.0103 0472 IPMIDRV - ok
10:45:16.0118 0472 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:45:16.0120 0472 IPNAT - ok
10:45:16.0132 0472 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:45:16.0134 0472 IRENUM - ok
10:45:16.0148 0472 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:45:16.0149 0472 isapnp - ok
10:45:16.0170 0472 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:45:16.0177 0472 iScsiPrt - ok
10:45:16.0191 0472 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:45:16.0192 0472 kbdclass - ok
10:45:16.0203 0472 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:45:16.0204 0472 kbdhid - ok
10:45:16.0232 0472 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:45:16.0235 0472 KeyIso - ok
10:45:16.0275 0472 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
10:45:16.0276 0472 KSecDD - ok
10:45:16.0308 0472 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
10:45:16.0310 0472 KSecPkg - ok
10:45:16.0343 0472 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:45:16.0356 0472 KtmRm - ok
10:45:16.0397 0472 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:45:16.0406 0472 LanmanServer - ok
10:45:16.0419 0472 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:45:16.0423 0472 LanmanWorkstation - ok
10:45:16.0455 0472 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:16.0457 0472 lltdio - ok
10:45:16.0489 0472 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:45:16.0497 0472 lltdsvc - ok
10:45:16.0513 0472 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:45:16.0515 0472 lmhosts - ok
10:45:16.0594 0472 LMS (af7090488db99607d5aadea6298acc54) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:45:16.0615 0472 LMS - ok
10:45:16.0641 0472 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
10:45:16.0643 0472 LSI_FC - ok
10:45:16.0671 0472 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
10:45:16.0673 0472 LSI_SAS - ok
10:45:16.0690 0472 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
10:45:16.0691 0472 LSI_SAS2 - ok
10:45:16.0711 0472 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:16.0713 0472 LSI_SCSI - ok
10:45:16.0737 0472 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:45:16.0738 0472 luafv - ok
10:45:16.0768 0472 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:45:16.0772 0472 Mcx2Svc - ok
10:45:16.0781 0472 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
10:45:16.0782 0472 megasas - ok
10:45:16.0807 0472 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
10:45:16.0814 0472 MegaSR - ok
10:45:16.0835 0472 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
10:45:16.0836 0472 MEI - ok
10:45:16.0856 0472 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:45:16.0859 0472 MMCSS - ok
10:45:16.0870 0472 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:45:16.0871 0472 Modem - ok
10:45:16.0883 0472 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:45:16.0885 0472 monitor - ok
10:45:16.0902 0472 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:16.0903 0472 mouclass - ok
10:45:16.0907 0472 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:16.0908 0472 mouhid - ok
10:45:16.0918 0472 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:45:16.0920 0472 mountmgr - ok
10:45:17.0007 0472 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:45:17.0010 0472 MozillaMaintenance - ok
10:45:17.0029 0472 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:45:17.0030 0472 mpio - ok
10:45:17.0044 0472 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:45:17.0046 0472 mpsdrv - ok
10:45:17.0080 0472 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:45:17.0088 0472 MpsSvc - ok
10:45:17.0107 0472 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:45:17.0108 0472 MRxDAV - ok
10:45:17.0150 0472 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:17.0151 0472 mrxsmb - ok
10:45:17.0165 0472 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:17.0174 0472 mrxsmb10 - ok
10:45:17.0191 0472 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:17.0192 0472 mrxsmb20 - ok
10:45:17.0200 0472 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:45:17.0201 0472 msahci - ok
10:45:17.0224 0472 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:45:17.0225 0472 msdsm - ok
10:45:17.0245 0472 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:45:17.0248 0472 MSDTC - ok
10:45:17.0268 0472 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:45:17.0269 0472 Msfs - ok
10:45:17.0281 0472 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:45:17.0283 0472 mshidkmdf - ok
10:45:17.0295 0472 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:45:17.0295 0472 msisadrv - ok
10:45:17.0352 0472 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:45:17.0356 0472 MSiSCSI - ok
10:45:17.0360 0472 msiserver - ok
10:45:17.0374 0472 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:17.0376 0472 MSKSSRV - ok
10:45:17.0391 0472 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:17.0393 0472 MSPCLOCK - ok
10:45:17.0405 0472 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:45:17.0406 0472 MSPQM - ok
10:45:17.0426 0472 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:45:17.0429 0472 MsRPC - ok
10:45:17.0441 0472 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:17.0441 0472 mssmbios - ok
10:45:17.0453 0472 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:45:17.0454 0472 MSTEE - ok
10:45:17.0460 0472 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
10:45:17.0462 0472 MTConfig - ok
10:45:17.0475 0472 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:45:17.0477 0472 Mup - ok
10:45:17.0517 0472 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:45:17.0530 0472 napagent - ok
10:45:17.0566 0472 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:17.0572 0472 NativeWifiP - ok
10:45:17.0648 0472 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
10:45:17.0651 0472 NAV - ok
10:45:17.0761 0472 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120718.034\NAVENG.SYS
10:45:17.0762 0472 NAVENG - ok
10:45:17.0843 0472 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120718.034\NAVEX15.SYS
10:45:17.0876 0472 NAVEX15 - ok
10:45:17.0991 0472 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:45:18.0001 0472 NDIS - ok
10:45:18.0024 0472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:45:18.0026 0472 NdisCap - ok
10:45:18.0052 0472 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:18.0054 0472 NdisTapi - ok
10:45:18.0080 0472 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:18.0082 0472 Ndisuio - ok
10:45:18.0104 0472 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:18.0107 0472 NdisWan - ok
10:45:18.0120 0472 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:45:18.0123 0472 NDProxy - ok
10:45:18.0180 0472 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
10:45:18.0182 0472 Net Driver HPZ12 - ok
10:45:18.0194 0472 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:45:18.0196 0472 NetBIOS - ok
10:45:18.0215 0472 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:45:18.0224 0472 NetBT - ok
10:45:18.0249 0472 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:45:18.0251 0472 Netlogon - ok
10:45:18.0294 0472 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:45:18.0308 0472 Netman - ok
10:45:18.0327 0472 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:45:18.0334 0472 netprofm - ok
10:45:18.0405 0472 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:45:18.0408 0472 NetTcpPortSharing - ok
10:45:18.0437 0472 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
10:45:18.0439 0472 nfrd960 - ok
10:45:18.0463 0472 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:45:18.0503 0472 NlaSvc - ok
10:45:18.0538 0472 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:45:18.0540 0472 Npfs - ok
10:45:18.0547 0472 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:45:18.0550 0472 nsi - ok
10:45:18.0562 0472 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:45:18.0563 0472 nsiproxy - ok
10:45:18.0636 0472 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:45:18.0654 0472 Ntfs - ok
10:45:18.0665 0472 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:45:18.0666 0472 Null - ok
10:45:18.0695 0472 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:45:18.0698 0472 nvraid - ok
10:45:18.0720 0472 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:45:18.0723 0472 nvstor - ok
10:45:18.0743 0472 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:45:18.0746 0472 nv_agp - ok
10:45:18.0762 0472 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:45:18.0764 0472 ohci1394 - ok
10:45:18.0823 0472 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:18.0827 0472 ose - ok
10:45:19.0023 0472 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:45:19.0090 0472 osppsvc - ok
10:45:19.0184 0472 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:45:19.0189 0472 p2pimsvc - ok
10:45:19.0215 0472 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:45:19.0228 0472 p2psvc - ok
10:45:19.0255 0472 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:45:19.0257 0472 Parport - ok
10:45:19.0284 0472 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:45:19.0286 0472 partmgr - ok
10:45:19.0297 0472 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:45:19.0299 0472 Parvdm - ok
10:45:19.0312 0472 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:45:19.0315 0472 PcaSvc - ok
10:45:19.0335 0472 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:45:19.0338 0472 pci - ok
10:45:19.0350 0472 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:45:19.0352 0472 pciide - ok
10:45:19.0370 0472 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
10:45:19.0373 0472 pcmcia - ok
10:45:19.0387 0472 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:45:19.0389 0472 pcw - ok
10:45:19.0426 0472 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:45:19.0433 0472 PEAUTH - ok
10:45:19.0518 0472 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:45:19.0552 0472 pla - ok
10:45:19.0665 0472 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:45:19.0679 0472 PlugPlay - ok
10:45:19.0742 0472 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
10:45:19.0745 0472 Pml Driver HPZ12 - ok
10:45:19.0764 0472 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:45:19.0769 0472 PNRPAutoReg - ok
10:45:19.0794 0472 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:45:19.0798 0472 PNRPsvc - ok
10:45:19.0846 0472 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:45:19.0858 0472 PolicyAgent - ok
10:45:19.0888 0472 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:45:19.0892 0472 Power - ok
10:45:19.0954 0472 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:45:19.0957 0472 PptpMiniport - ok
10:45:19.0971 0472 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
10:45:19.0973 0472 Processor - ok
10:45:20.0011 0472 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
10:45:20.0020 0472 ProfSvc - ok
10:45:20.0049 0472 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:45:20.0051 0472 ProtectedStorage - ok
10:45:20.0090 0472 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:45:20.0092 0472 Psched - ok
10:45:20.0168 0472 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
10:45:20.0189 0472 ql2300 - ok
10:45:20.0273 0472 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
10:45:20.0276 0472 ql40xx - ok
10:45:20.0310 0472 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:45:20.0319 0472 QWAVE - ok
10:45:20.0331 0472 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:45:20.0333 0472 QWAVEdrv - ok
10:45:20.0343 0472 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:45:20.0345 0472 RasAcd - ok
10:45:20.0381 0472 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:45:20.0382 0472 RasAgileVpn - ok
10:45:20.0400 0472 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:45:20.0404 0472 RasAuto - ok
10:45:20.0419 0472 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:45:20.0421 0472 Rasl2tp - ok
10:45:20.0443 0472 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:45:20.0449 0472 RasMan - ok
10:45:20.0467 0472 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:45:20.0469 0472 RasPppoe - ok
10:45:20.0478 0472 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:45:20.0480 0472 RasSstp - ok
10:45:20.0506 0472 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:45:20.0513 0472 rdbss - ok
10:45:20.0527 0472 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
10:45:20.0528 0472 rdpbus - ok
10:45:20.0538 0472 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:45:20.0538 0472 RDPCDD - ok
10:45:20.0557 0472 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:45:20.0558 0472 RDPENCDD - ok
10:45:20.0568 0472 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:45:20.0569 0472 RDPREFMP - ok
10:45:20.0600 0472 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:45:20.0602 0472 RDPWD - ok
10:45:20.0627 0472 rdsdrvdm (35045bc673e74fe0e8aa89bc16d50fbb) C:\Windows\system32\DRIVERS\rdsdrvdm.sys
10:45:20.0629 0472 rdsdrvdm - ok
10:45:20.0661 0472 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:45:20.0670 0472 rdyboost - ok
10:45:20.0697 0472 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:45:20.0700 0472 RemoteAccess - ok
10:45:20.0723 0472 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:45:20.0727 0472 RemoteRegistry - ok
10:45:20.0754 0472 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:45:20.0758 0472 RpcEptMapper - ok
10:45:20.0779 0472 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:45:20.0781 0472 RpcLocator - ok
10:45:20.0808 0472 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:45:20.0813 0472 RpcSs - ok
10:45:20.0846 0472 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:45:20.0848 0472 rspndr - ok
10:45:20.0874 0472 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:45:20.0876 0472 SamSs - ok
10:45:20.0897 0472 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:45:20.0900 0472 sbp2port - ok
10:45:20.0919 0472 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:45:20.0923 0472 SCardSvr - ok
10:45:20.0928 0472 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:45:20.0930 0472 scfilter - ok
10:45:20.0976 0472 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:45:20.0992 0472 Schedule - ok
10:45:21.0013 0472 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:45:21.0013 0472 SCPolicySvc - ok
10:45:21.0030 0472 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:45:21.0033 0472 SDRSVC - ok
10:45:21.0047 0472 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:45:21.0049 0472 secdrv - ok
10:45:21.0060 0472 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:45:21.0063 0472 seclogon - ok
10:45:21.0075 0472 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:45:21.0077 0472 SENS - ok
10:45:21.0102 0472 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:45:21.0104 0472 SensrSvc - ok
10:45:21.0129 0472 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:45:21.0131 0472 Serenum - ok
10:45:21.0149 0472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:45:21.0151 0472 Serial - ok
10:45:21.0164 0472 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
10:45:21.0166 0472 sermouse - ok
10:45:21.0188 0472 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:45:21.0191 0472 SessionEnv - ok
10:45:21.0194 0472 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:45:21.0195 0472 sffdisk - ok
10:45:21.0209 0472 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:45:21.0211 0472 sffp_mmc - ok
10:45:21.0217 0472 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:45:21.0219 0472 sffp_sd - ok
10:45:21.0222 0472 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
10:45:21.0224 0472 sfloppy - ok
10:45:21.0259 0472 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:45:21.0264 0472 SharedAccess - ok
10:45:21.0290 0472 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:45:21.0303 0472 ShellHWDetection - ok
10:45:21.0320 0472 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:45:21.0322 0472 sisagp - ok
10:45:21.0338 0472 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
10:45:21.0339 0472 SiSRaid2 - ok
10:45:21.0355 0472 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
10:45:21.0357 0472 SiSRaid4 - ok
10:45:21.0376 0472 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:45:21.0378 0472 Smb - ok
10:45:21.0403 0472 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:45:21.0406 0472 SNMPTRAP - ok
10:45:21.0419 0472 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:45:21.0421 0472 spldr - ok
10:45:21.0453 0472 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:45:21.0467 0472 Spooler - ok
10:45:21.0584 0472 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:45:21.0630 0472 sppsvc - ok
10:45:21.0707 0472 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:45:21.0709 0472 sppuinotify - ok
10:45:21.0805 0472 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NAV\1307010.005\SRTSP.SYS
10:45:21.0818 0472 SRTSP - ok
10:45:21.0850 0472 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NAV\1307010.005\SRTSPX.SYS
10:45:21.0852 0472 SRTSPX - ok
10:45:21.0889 0472 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:45:21.0901 0472 srv - ok
10:45:21.0925 0472 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:45:21.0938 0472 srv2 - ok
10:45:21.0952 0472 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:45:21.0955 0472 srvnet - ok
10:45:21.0986 0472 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:45:21.0996 0472 SSDPSRV - ok
10:45:22.0010 0472 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:45:22.0014 0472 SstpSvc - ok
10:45:22.0030 0472 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
10:45:22.0033 0472 stexstor - ok
10:45:22.0075 0472 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:45:22.0091 0472 StiSvc - ok
10:45:22.0101 0472 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:45:22.0103 0472 swenum - ok
10:45:22.0139 0472 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:45:22.0151 0472 swprv - ok
10:45:22.0249 0472 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NAV\1307010.005\SYMDS.SYS
10:45:22.0262 0472 SymDS - ok
10:45:22.0332 0472 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NAV\1307010.005\SYMEFA.SYS
10:45:22.0351 0472 SymEFA - ok
10:45:22.0393 0472 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
10:45:22.0396 0472 SymEvent - ok
10:45:22.0428 0472 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NAV\1307010.005\Ironx86.SYS
10:45:22.0431 0472 SymIRON - ok
10:45:22.0463 0472 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NAV\1307010.005\SYMNETS.SYS
10:45:22.0477 0472 SymNetS - ok
10:45:22.0540 0472 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:45:22.0561 0472 SysMain - ok
10:45:22.0577 0472 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:45:22.0581 0472 TabletInputService - ok
10:45:22.0600 0472 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:45:22.0607 0472 TapiSrv - ok
10:45:22.0621 0472 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:45:22.0623 0472 TBS - ok
10:45:22.0729 0472 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:45:22.0747 0472 Tcpip - ok
10:45:22.0773 0472 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:45:22.0782 0472 TCPIP6 - ok
10:45:22.0812 0472 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:45:22.0813 0472 tcpipreg - ok
10:45:22.0828 0472 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:45:22.0830 0472 TDPIPE - ok
10:45:22.0853 0472 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:45:22.0854 0472 TDTCP - ok
10:45:22.0869 0472 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:45:22.0871 0472 tdx - ok
10:45:22.0884 0472 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
10:45:22.0886 0472 TermDD - ok
10:45:22.0921 0472 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:45:22.0935 0472 TermService - ok
10:45:22.0951 0472 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:45:22.0954 0472 Themes - ok
10:45:22.0980 0472 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:45:22.0982 0472 THREADORDER - ok
10:45:23.0011 0472 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:45:23.0014 0472 TrkWks - ok
10:45:23.0061 0472 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:45:23.0070 0472 TrustedInstaller - ok
10:45:23.0088 0472 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:45:23.0090 0472 tssecsrv - ok
10:45:23.0103 0472 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:45:23.0105 0472 TsUsbFlt - ok
10:45:23.0131 0472 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
10:45:23.0133 0472 TsUsbGD - ok
10:45:23.0172 0472 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:45:23.0175 0472 tunnel - ok
10:45:23.0181 0472 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
10:45:23.0183 0472 uagp35 - ok
10:45:23.0212 0472 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:45:23.0219 0472 udfs - ok
10:45:23.0246 0472 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:45:23.0250 0472 UI0Detect - ok
10:45:23.0265 0472 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:45:23.0267 0472 uliagpkx - ok
10:45:23.0287 0472 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:45:23.0289 0472 umbus - ok
10:45:23.0308 0472 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
10:45:23.0309 0472 UmPass - ok
10:45:23.0465 0472 UNS (4ce819aff4608198957b375b3456751a) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:45:23.0516 0472 UNS - ok
10:45:23.0613 0472 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:45:23.0628 0472 upnphost - ok
10:45:23.0657 0472 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:45:23.0659 0472 usbccgp - ok
10:45:23.0687 0472 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:45:23.0690 0472 usbcir - ok
10:45:23.0705 0472 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
10:45:23.0707 0472 usbehci - ok
10:45:23.0736 0472 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:45:23.0743 0472 usbhub - ok
10:45:23.0766 0472 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:45:23.0769 0472 usbohci - ok
10:45:23.0787 0472 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:45:23.0788 0472 usbprint - ok
10:45:23.0822 0472 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:45:23.0823 0472 usbscan - ok
10:45:23.0847 0472 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:45:23.0849 0472 USBSTOR - ok
10:45:23.0883 0472 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:45:23.0885 0472 usbuhci - ok
10:45:23.0908 0472 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:45:23.0910 0472 UxSms - ok
10:45:23.0940 0472 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:45:23.0941 0472 VaultSvc - ok
10:45:23.0964 0472 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:45:23.0965 0472 vdrvroot - ok
10:45:23.0994 0472 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:45:24.0004 0472 vds - ok
10:45:24.0028 0472 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:45:24.0030 0472 vga - ok
10:45:24.0043 0472 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:45:24.0045 0472 VgaSave - ok
10:45:24.0062 0472 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:45:24.0065 0472 vhdmp - ok
10:45:24.0091 0472 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:45:24.0093 0472 viaagp - ok
10:45:24.0109 0472 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
10:45:24.0111 0472 ViaC7 - ok
10:45:24.0128 0472 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:45:24.0130 0472 viaide - ok
10:45:24.0144 0472 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:45:24.0145 0472 volmgr - ok
10:45:24.0173 0472 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:45:24.0185 0472 volmgrx - ok
10:45:24.0205 0472 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:45:24.0212 0472 volsnap - ok
10:45:24.0243 0472 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
10:45:24.0246 0472 vsmraid - ok
10:45:24.0303 0472 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:45:24.0318 0472 VSS - ok
10:45:24.0331 0472 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:45:24.0332 0472 vwifibus - ok
10:45:24.0361 0472 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:45:24.0374 0472 W32Time - ok
10:45:24.0384 0472 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
10:45:24.0386 0472 WacomPen - ok
10:45:24.0406 0472 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:45:24.0407 0472 WANARP - ok
10:45:24.0410 0472 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:45:24.0410 0472 Wanarpv6 - ok
10:45:24.0512 0472 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:45:24.0535 0472 WatAdminSvc - ok
10:45:24.0603 0472 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:45:24.0622 0472 wbengine - ok
10:45:24.0637 0472 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:45:24.0641 0472 WbioSrvc - ok
10:45:24.0660 0472 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:45:24.0665 0472 wcncsvc - ok
10:45:24.0677 0472 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:45:24.0680 0472 WcsPlugInService - ok
10:45:24.0730 0472 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
10:45:24.0732 0472 Wd - ok
10:45:24.0771 0472 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:45:24.0786 0472 Wdf01000 - ok
10:45:24.0804 0472 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:45:24.0808 0472 WdiServiceHost - ok
10:45:24.0811 0472 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:45:24.0815 0472 WdiSystemHost - ok
10:45:24.0835 0472 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:45:24.0843 0472 WebClient - ok
10:45:24.0860 0472 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:45:24.0864 0472 Wecsvc - ok
10:45:24.0877 0472 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:45:24.0880 0472 wercplsupport - ok
10:45:24.0901 0472 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:45:24.0904 0472 WerSvc - ok
10:45:24.0929 0472 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:45:24.0931 0472 WfpLwf - ok
10:45:24.0949 0472 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:45:24.0951 0472 WIMMount - ok
10:45:25.0025 0472 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:45:25.0036 0472 WinDefend - ok
10:45:25.0041 0472 WinHttpAutoProxySvc - ok
10:45:25.0092 0472 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:45:25.0095 0472 Winmgmt - ok
10:45:25.0169 0472 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:45:25.0188 0472 WinRM - ok
10:45:25.0263 0472 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:45:25.0278 0472 Wlansvc - ok
10:45:25.0412 0472 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:45:25.0447 0472 wlidsvc - ok
10:45:25.0774 0472 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:45:25.0776 0472 WmiAcpi - ok
10:45:25.0828 0472 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:45:25.0830 0472 wmiApSrv - ok
10:45:25.0916 0472 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:45:25.0938 0472 WMPNetworkSvc - ok
10:45:25.0954 0472 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:45:25.0957 0472 WPCSvc - ok
10:45:25.0976 0472 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:45:25.0980 0472 WPDBusEnum - ok
10:45:26.0028 0472 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:45:26.0030 0472 ws2ifsl - ok
10:45:26.0042 0472 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:45:26.0045 0472 wscsvc - ok
10:45:26.0052 0472 WSearch - ok
10:45:26.0156 0472 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:45:26.0193 0472 wuauserv - ok
10:45:26.0269 0472 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:45:26.0271 0472 WudfPf - ok
10:45:26.0306 0472 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:45:26.0310 0472 WUDFRd - ok
10:45:26.0340 0472 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:45:26.0344 0472 wudfsvc - ok
10:45:26.0365 0472 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:45:26.0375 0472 WwanSvc - ok
10:45:26.0402 0472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:45:26.0628 0472 \Device\Harddisk0\DR0 - ok
10:45:26.0631 0472 Boot (0x1200) (67170dcb2c63815eb51c701694c9e02f) \Device\Harddisk0\DR0\Partition0
10:45:26.0633 0472 \Device\Harddisk0\DR0\Partition0 - ok
10:45:26.0663 0472 Boot (0x1200) (ffb1e9a05af091c2e9443ef25a14518b) \Device\Harddisk0\DR0\Partition1
10:45:26.0665 0472 \Device\Harddisk0\DR0\Partition1 - ok
10:45:26.0666 0472 ============================================================
10:45:26.0666 0472 Scan finished
10:45:26.0666 0472 ============================================================
10:45:26.0678 4716 Detected object count: 0
10:45:26.0678 4716 Actual detected object count: 0

aswMBR log...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 10:09:07
-----------------------------
10:09:07.523 OS Version: Windows 6.1.7601 Service Pack 1
10:09:07.524 Number of processors: 2 586 0x2A07
10:09:07.525 ComputerName: CK-1211-1 UserName: End User
10:09:09.256 Initialize success
10:19:00.537 AVAST engine defs: 12071901
10:25:36.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:36.462 Disk 0 Vendor: WDC_WD5000AAKX-603CA0 18.01H18 Size: 476940MB BusType: 11
10:25:36.468 Disk 0 MBR read successfully
10:25:36.471 Disk 0 MBR scan
10:25:36.478 Disk 0 Windows 7 default MBR code
10:25:36.482 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:25:36.495 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:25:36.503 Disk 0 scanning sectors +976771072
10:25:36.567 Disk 0 scanning C:\Windows\system32\drivers
10:25:42.961 Service scanning
10:25:58.554 Modules scanning
10:26:05.035 Disk 0 trace - called modules:
10:26:05.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
10:26:05.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86696228]
10:26:05.401 3 CLASSPNP.SYS[8c78559e] -> nt!IofCallDriver -> [0x861c4918]
10:26:05.410 5 ACPI.sys[8c0a53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86218908]
10:26:06.955 AVAST engine scan C:\Windows
10:26:09.386 AVAST engine scan C:\Windows\system32
10:28:36.438 AVAST engine scan C:\Windows\system32\drivers
10:29:01.789 AVAST engine scan C:\Users\End User
10:32:15.016 Disk 0 MBR has been saved successfully to "C:\Users\End User\Desktop\MBR.dat"
10:32:15.023 The log file has been saved successfully to "C:\Users\End User\Desktop\aswMBR log.txt"


DDS log -

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by End User at 10:06:02 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3494.1456 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Voltage Security\VSManager2.exe
C:\Program Files\Common Files\Voltage Security\VSAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\QUICKQ~3\Office10\MSACCESS.EXE
C:\QuickFL\QQ Document and Imaging\QQFileManager.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\voltag~1.lnk - c:\program files\common files\voltage security\VSManager2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: harleysvillegroup.com
DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} - hxxps://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 66.80.130.23 64.7.11.2
TCP: Interfaces\{C41EF200-77F9-4716-92D6-1E01975B140F} : DhcpNameServer = 66.80.130.23 64.7.11.2
Filter: application/x-vs-authtoken - {1F17617E-C296-4C16-89E3-E22C6C454645} - c:\program files\common files\voltage security\VSTokenHandler.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\end user\appdata\roaming\mozilla\firefox\profiles\8mtigf06.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\voltage security\npvsth.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010.005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-16 821920]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys [2012-5-18 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20120718.001\IDSvix86.sys [2012-7-19 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005\ironx86.sys [2012-5-18 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1307010.005\symnets.sys [2012-5-18 318584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-2-29 133944]
R2 FTSvc;Fantapper Player Update Service;c:\program files\brand affinity technologies\fantapper updater\FantapperUpdater.exe [2012-4-23 14336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-12-30 110752]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-12-30 2656280]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-12-30 238760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-12-30 41088]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 rdsdrvdm;rdsdrvdm;c:\windows\system32\drivers\rdsdrvdm.sys [2012-1-3 27648]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-31 1343400]
.
=============== Created Last 30 ================
.
2012-07-18 13:32:11 388096 ----a-r- c:\users\end user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-18 13:32:11 -------- d-----w- c:\program files\Trend Micro
2012-07-17 15:09:00 -------- d-----w- c:\users\end user\appdata\local\QQ_Solutions,_Inc
2012-07-17 13:08:37 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bda93ba4-16e3-461e-b1f8-380335b1dc12}\mpengine.dll
2012-07-11 20:58:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-26 13:13:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-26 13:13:27 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-26 13:13:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-26 13:13:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-17 13:14:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 13:14:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-07 17:35:07 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 21:21:34 770384 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-23 21:21:34 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-23 21:21:34 138056 ----a-w- c:\windows\system32\atl100.dll
.
============= FINISH: 10:06:48.43 ===============


Thanks Again!!

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 PM

Posted 19 July 2012 - 10:40 AM

Hi,

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 July 2012 - 01:30 PM

here is combofix log..

ComboFix 12-07-19.02 - End User 07/19/2012 14:13:15.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3494.790 [GMT -4:00]
Running from: c:\users\End User\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Brand Affinity Technologies
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\users\End User\AppData\Local\assembly\tmp
c:\users\End User\g2mdlhlpx.exe
c:\users\End User\helperdll.dll
c:\users\End User\RDSK_EN.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 18:19 . 2012-07-19 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 18:16 . 2012-07-19 18:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA93BA4-16E3-461E-B1F8-380335B1DC12}\offreg.dll
2012-07-18 13:32 . 2012-07-18 13:32 388096 ----a-r- c:\users\End User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-18 13:32 . 2012-07-18 13:32 -------- d-----w- c:\program files\Trend Micro
2012-07-17 15:09 . 2012-07-17 15:09 -------- d-----w- c:\users\End User\AppData\Local\QQ_Solutions,_Inc
2012-07-17 13:08 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA93BA4-16E3-461E-B1F8-380335B1DC12}\mpengine.dll
2012-07-11 20:58 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-26 13:13 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-26 13:13 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-26 13:13 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-26 13:13 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-26 13:13 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-26 13:13 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-26 13:13 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-26 13:13 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-26 13:13 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 13:14 . 2012-04-05 13:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 13:14 . 2011-12-30 20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 16:25 . 2012-06-13 14:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-07 17:35 . 2012-05-07 17:35 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 04:44 . 2012-06-13 13:24 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 13:24 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 13:24 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 13:24 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 13:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 13:24 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 13:24 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 13:24 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 21:21 . 2012-04-23 21:21 770384 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-23 21:21 . 2012-04-23 21:21 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-23 21:21 . 2012-04-23 21:21 138056 ----a-w- c:\windows\system32\atl100.dll
2012-07-18 13:28 . 2011-12-30 20:21 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SecureOfficeIconOverlay]
@="{419B6A44-1B3E-4AB2-A14D-5D1B95C57BA5}"
[HKEY_CLASSES_ROOT\CLSID\{419B6A44-1B3E-4AB2-A14D-5D1B95C57BA5}]
2012-02-15 21:11 287816 ----a-w- c:\program files\Voltage Security\Voltage SecureFile\SecureOfficeIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-27 9914984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 176408]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-10-26 74752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Voltage Encryption Manager.lnk - c:\program files\Common Files\Voltage Security\VSManager2.exe [2012-2-15 1188936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307010.005\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307010.005\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307010.005\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120718.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307010.005\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1307010.005\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 rdsdrvdm;rdsdrvdm;c:\windows\system32\DRIVERS\rdsdrvdm.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: harleysvillegroup.com
TCP: DhcpNameServer = 66.80.130.23 64.7.11.2
Filter: application/x-vs-authtoken - {1F17617E-C296-4C16-89E3-E22C6C454645} - c:\program files\Common Files\Voltage Security\VSTokenHandler.dll
DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} - hxxps://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab
FF - ProfilePath - c:\users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(428)
c:\program files\Voltage Security\Voltage SecureFile\SecureOfficeIconOverlay.dll
c:\windows\system32\l3codecx.acm
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Voltage Security\VSAgent.exe
c:\windows\system32\conhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-19 14:24:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 18:24
.
Pre-Run: 448,536,268,800 bytes free
Post-Run: 451,995,746,304 bytes free
.
- - End Of File - - 401588960AF959103A786375864D1232

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 PM

Posted 19 July 2012 - 01:38 PM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 July 2012 - 02:12 PM

Is there anything that you see that could be causing the pop windows?? Im d/l alot of programs?

#8 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 July 2012 - 03:37 PM

Enclosed is my ESET log...

C:\Users\End User\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined

Malware Log is below...

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
End User :: CK-1211-1 [administrator]

Protection: Enabled

7/19/2012 3:20:17 PM
mbam-log-2012-07-19 (15-20-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181491
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 PM

Posted 19 July 2012 - 03:38 PM

how is the computer running now?

Are you still getting the popup?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 20 July 2012 - 09:03 AM

It seems to be running alot smoother...no pop-ups just yet...I was also getting another error where internet explorer would crash, I'm not getting that either...Thank you and I appreciate your help!!

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 PM

Posted 20 July 2012 - 09:07 AM

that's good to hear, we just have some housekeeping to do now, please do the following:


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


You can delete the DDS, TDSSKiller and aswMBR logs and programs from your desktop. Keep Malwarebytes it's a good program to have, run it every once in a while.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 PM

Posted 23 July 2012 - 06:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users