Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper.BCMiner


  • This topic is locked This topic is locked
25 replies to this topic

#1 Venoch

Venoch

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 26 July 2012 - 02:09 AM

My computer has Trojan.Dropper.BCMiner, and I need help, I've run Malware Bytes, and it says it successfully deleted it, but it keeps coming back, some other sites have made me try to delete stuff in my registry, but for the most part I've been too scared to delete anything! And I couldn't find any of the processes it told me to delete! And I've also read a bit of what this trojan does and I'm in a little bit a of a panic.

Here's the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by James at 1:50:00 on 2012-07-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4118 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NETGEAR\WPN111 Configuration Utility\WPN111.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\James\AppData\Local\Apps\2.0\EM6JBR4O.N1X\5CEBEC07.NH8\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Spotify] "C:\Users\James\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111 Configuration Utility\WPN111.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54A62299-AEA5-44C9-8F0E-8641A671B526} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54A62299-AEA5-44C9-8F0E-8641A671B526}\157756374784 : NameServer = 192.168.0.1
TCP: Interfaces\{54A62299-AEA5-44C9-8F0E-8641A671B526}\157756374784 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{54A62299-AEA5-44C9-8F0E-8641A671B526}\4596E697D4F6F63756D27657563747 : DhcpNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{FFD8EADC-0A1A-4AF5-B990-F0CF78AECC0B} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1jbcd7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.equestriadaily.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\James\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1jbcd7d.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111015.030\IDSviA64.sys [2011-10-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-6-27 365568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-14 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-18 136824]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\system32\DRIVERS\WPN111vx.sys --> C:\Windows\system32\DRIVERS\WPN111vx.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-25 116648]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-12 250056]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-25 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-25 16:10:51 -------- d-----w- C:\Users\James\AppData\Local\{14E743C9-9A27-40D6-BC45-500C2779E00B}
2012-07-25 16:10:38 -------- d-----w- C:\Users\James\AppData\Local\{18477F0F-FDD8-45B5-81A8-D46F871BA196}
2012-07-25 04:50:14 -------- d-----w- C:\Users\James\AppData\Local\{9B83FC58-DB2E-40E1-BD70-5264F19E2F89}
2012-07-24 05:53:20 -------- d-----w- C:\Users\James\AppData\Local\{C28D400E-CA75-491F-955B-8E5DE75FCDAC}
2012-07-24 05:52:56 -------- d-----w- C:\Users\James\AppData\Local\{FD34CCC5-F34A-46FE-8BFC-0A3C29879521}
2012-07-23 06:28:17 -------- d-----w- C:\Users\James\AppData\Local\{DE5B26A8-5E15-40D4-BF07-0AB2E5BB4219}
2012-07-23 06:28:05 -------- d-----w- C:\Users\James\AppData\Local\{D192FE27-4521-46F3-B123-4EE42FF1A7B7}
2012-07-23 06:09:34 -------- d-----w- C:\Users\James\AppData\Local\{36B9E28E-4CE7-4735-8207-0A10C3A90963}
2012-07-23 06:09:29 -------- d-----w- C:\Users\James\.stencylworks
2012-07-23 06:09:09 -------- d-----w- C:\Users\James\AppData\Local\{10CBB334-1CF1-40AE-8C05-50340E27D859}
2012-07-23 05:59:51 -------- d-----w- C:\_OTL
2012-07-21 20:07:47 -------- d-----w- C:\Users\James\AppData\Local\{1917C50E-F464-4FB8-BDF4-5A476E2DCD00}
2012-07-21 20:07:36 -------- d-----w- C:\Users\James\AppData\Local\{8F23AAF4-548F-4A79-B096-DFAC63C96C02}
2012-07-21 08:17:49 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2012-07-21 08:17:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-21 08:17:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-21 08:17:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 18:44:21 -------- d-----w- C:\Users\James\AppData\Local\{A0C0B2A5-2CE0-4BB7-AC68-2ECFB51E2C05}
2012-07-19 18:43:59 -------- d-----w- C:\Users\James\AppData\Local\{EC1FA984-D249-4076-B354-AAD731C6F49B}
2012-07-19 18:43:14 -------- d-----w- C:\Users\James\AppData\Roaming\Tific
2012-07-19 18:43:13 -------- d-----w- C:\Users\James\AppData\Local\Symantec
2012-07-19 07:23:33 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-18 02:04:23 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F711571-C99B-4F74-BE96-E20A5E37DC0A}\mpengine.dll
2012-07-18 02:00:12 -------- d-----w- C:\Users\James\AppData\Local\{D504458D-3AD1-4604-B007-EE355F1F12AD}
2012-07-18 01:59:59 -------- d-----w- C:\Users\James\AppData\Local\{486C8FCE-8AD6-40C0-BCCE-1D4DC4AD34FC}
2012-07-17 05:09:09 -------- d-----w- C:\Users\James\AppData\Local\{9D24928C-3C69-48E8-A69C-3DE07538FFF1}
2012-07-17 05:08:57 -------- d-----w- C:\Users\James\AppData\Local\{B55581E6-E8DB-4E02-BCFD-EA902886BE92}
2012-07-15 18:03:15 -------- d-----w- C:\Users\James\AppData\Local\{2597BB47-632D-40FA-9D92-8FC69DCF92AC}
2012-07-15 18:03:01 -------- d-----w- C:\Users\James\AppData\Local\{319F7DD7-6660-48A2-968C-E12629C3C621}
2012-07-13 18:11:13 -------- d-----w- C:\Users\James\AppData\Local\{B430493E-AC0B-496A-8822-70D7E10A9441}
2012-07-13 18:10:58 -------- d-----w- C:\Users\James\AppData\Local\{F34A86E1-D07E-4C0B-80B4-700F133C6559}
2012-07-12 20:07:46 -------- d-----w- C:\Users\James\AppData\Local\{E02EF001-48A8-4651-811B-27780DBCECC3}
2012-07-12 20:07:35 -------- d-----w- C:\Users\James\AppData\Local\{F87F4C23-9514-49AC-8B5C-83B3AB0A77DB}
2012-07-12 15:47:34 -------- d-----w- C:\Users\James\AppData\Local\{3784A1F2-74AC-470C-AD59-6A114E07B5B2}
2012-07-11 17:56:42 -------- d-----w- C:\Users\James\AppData\Local\{7C031C2C-8EBC-4A05-8314-3888B403C6D5}
2012-07-11 06:30:33 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 22:02:05 -------- d-----w- C:\Users\James\AppData\Local\{111FFC17-C489-428B-93CA-8D063505DAFE}
2012-07-09 22:01:47 -------- d-----w- C:\Users\James\AppData\Local\{9183F814-C1C4-47FE-8A62-BE9208A32DB8}
2012-07-08 06:53:51 -------- d-----w- C:\Users\James\AppData\Local\{2481335D-BBF7-43FB-A73E-612E59DA5BB7}
2012-07-08 06:53:28 -------- d-----w- C:\Users\James\AppData\Local\{05C7AF7F-D9E8-45D4-A0EF-C9FAE6F044EF}
2012-07-06 05:33:16 -------- d-----w- C:\Users\James\AppData\Local\{7AA5F663-DAEB-477F-B1BB-6CE75BAE5648}
2012-07-06 05:33:01 -------- d-----w- C:\Users\James\AppData\Local\{9B24539E-FEC0-4234-AE48-6E8A0B8F752A}
2012-07-04 20:38:30 -------- d-----w- C:\Windows\en
2012-07-04 20:35:35 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-04 20:33:26 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4381e17e1cd5a2401\DSETUP.dll
2012-07-04 20:33:26 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4381e17e1cd5a2401\DXSETUP.exe
2012-07-04 20:33:26 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4381e17e1cd5a2401\dsetup32.dll
2012-07-04 20:33:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\43e07c471cd5a2402\MeshBetaRemover.exe
2012-07-04 20:32:40 -------- d-----w- C:\Users\James\AppData\Local\{0C4AC8BF-9D16-4750-80CE-EBB2438C91DE}
2012-07-04 20:32:18 -------- d-----w- C:\Users\James\AppData\Local\{6D0B4B8D-8243-4711-870F-94771779F90C}
2012-07-04 19:24:03 -------- d-----w- C:\Users\James\AppData\Local\{D286393F-0E0A-417D-88E2-6B792D2FB7A8}
2012-07-04 19:23:37 -------- d-----w- C:\Users\James\AppData\Local\{6B67ECCA-AE85-481A-BD96-7A4CE4CA840D}
2012-07-03 16:33:53 -------- d-----w- C:\Users\James\AppData\Local\{D68EDF24-B134-4EE0-AC14-B6527A3286D3}
2012-07-03 16:33:41 -------- d-----w- C:\Users\James\AppData\Local\{3867FBAE-72E4-49BF-B5A4-5DB5530785BD}
2012-07-02 14:44:17 -------- d-----w- C:\Users\James\AppData\Local\{64A417F0-5973-4137-AC7E-6944DA668CDD}
2012-06-30 17:25:25 -------- d-----w- C:\Users\James\AppData\Local\{ED50C4D4-D401-48F6-9537-3619E6C8C6E8}
2012-06-30 17:25:11 -------- d-----w- C:\Users\James\AppData\Local\{9A6D4405-C217-4D20-A908-61A2438A184A}
2012-06-30 05:22:03 -------- d-----w- C:\Users\James\AppData\Local\{B47FDD3C-432D-432A-816C-CBC33930884A}
2012-06-30 05:21:51 -------- d-----w- C:\Users\James\AppData\Local\{FBCB6771-D832-4761-A159-1245ADFE1605}
2012-06-29 03:58:35 -------- d-----w- C:\Users\James\AppData\Local\{DDEDE63A-9D51-42C2-9522-A3AED0A7A1FB}
2012-06-29 03:58:21 -------- d-----w- C:\Users\James\AppData\Local\{772A6101-3CD9-4783-8E49-29D5C6B6CB1C}
2012-06-27 16:11:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-27 16:11:24 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-27 16:11:01 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-27 16:11:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-27 16:07:35 -------- d-----w- C:\Users\James\AppData\Local\{77752742-8FF8-4DA1-B944-B7CA37CB718A}
2012-06-27 16:07:21 -------- d-----w- C:\Users\James\AppData\Local\{7CD00F3E-426D-458A-B4BC-6DF7FF0FB721}
2012-06-27 03:19:06 -------- d-----w- C:\Users\James\AppData\Local\{256C90A2-B0B1-4372-82A7-141F3E547464}
2012-06-27 03:18:48 -------- d-----w- C:\Users\James\AppData\Local\{7B3D80C8-B4B2-4689-A7B4-AA19ADCF685B}
2012-06-27 03:16:14 -------- d-----w- C:\Users\James\AppData\Local\{0DB887DC-3882-4182-B2FE-9CBC2880C742}
2012-06-27 03:16:01 -------- d-----w- C:\Users\James\AppData\Local\{4DAB039B-9D73-491C-9454-D00CB0684B14}
2012-06-26 15:11:07 -------- d-----w- C:\Users\James\AppData\Local\{F7583EAA-59F1-4A21-A811-2D07CC79A87C}
2012-06-26 15:10:45 -------- d-----w- C:\Users\James\AppData\Local\{D51BBF82-BD8A-4F0F-8DFF-337CC4F84BE3}
.
==================== Find3M ====================
.
2012-07-12 15:57:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 15:57:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 02:24:15 15890 ----a-w- C:\Windows\SysWow64\drivers\mdc8021x.sys
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 1:50:29.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 27 July 2012 - 01:47 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Venoch

Venoch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 29 July 2012 - 03:32 PM

Security check:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


Combofix log:

ComboFix 12-07-29.02 - James 07/29/2012 14:24:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4778 [GMT -5:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\L\00000004.@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\L\1afb2d56
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\L\201d3dde
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\U\00000004.@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\U\00000008.@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\U\000000cb.@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\U\80000000.@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\U\80000032.@
c:\windows\Installer\{e1ed2b55-8855-81ef-0a2d-dfe3df56bed3}\U\80000064.@
c:\windows\security\Database\tmp.edb
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 19:30 . 2012-07-29 19:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-29 19:30 . 2012-07-29 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 06:09 . 2012-07-23 06:09 -------- d-----w- c:\users\James\.stencylworks
2012-07-23 05:59 . 2012-07-23 05:59 -------- d-----w- C:\_OTL
2012-07-21 08:17 . 2012-07-21 08:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2012-07-21 08:17 . 2012-07-21 08:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 08:17 . 2012-07-21 08:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 08:17 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 18:43 . 2012-07-19 18:43 -------- d-----w- c:\users\James\AppData\Roaming\Tific
2012-07-19 18:43 . 2012-07-19 18:43 -------- d-----w- c:\users\James\AppData\Local\Symantec
2012-07-19 07:23 . 2012-07-19 07:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 02:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F711571-C99B-4F74-BE96-E20A5E37DC0A}\mpengine.dll
2012-07-11 06:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\windows\en
2012-07-04 20:35 . 2012-07-04 20:35 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-04 20:33 . 2012-07-04 20:33 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4381e17e1cd5a2401\DSETUP.dll
2012-07-04 20:33 . 2012-07-04 20:33 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4381e17e1cd5a2401\DXSETUP.exe
2012-07-04 20:33 . 2012-07-04 20:33 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4381e17e1cd5a2401\dsetup32.dll
2012-07-04 20:33 . 2012-07-04 20:33 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\43e07c471cd5a2402\MeshBetaRemover.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 23:57 . 2012-06-13 02:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 23:57 . 2011-08-18 01:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 06:28 . 2011-09-16 00:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-27 16:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 16:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 16:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 16:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 16:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 16:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 16:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-27 16:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-27 16:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 22:40 . 2012-05-18 22:40 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 04:01 . 2012-06-14 02:49 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 02:49 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 02:49 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-14 02:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 02:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 02:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 02:24 . 2011-10-20 17:48 15890 ----a-w- c:\windows\SysWow64\drivers\mdc8021x.sys
2012-05-01 05:40 . 2012-06-14 02:49 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"SanDiskSecureAccess_Manager.exe"="c:\users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-08-24 27306624]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-26 1242448]
"Facebook Update"="c:\users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Spotify"="c:\users\James\AppData\Roaming\Spotify\spotify.exe" [2012-06-04 9478320]
"Spotify Web Helper"="c:\users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-04 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-27 336384]
"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-17 0]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN111 Configuration Utility\WPN111.exe [2011-10-20 491606]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-19 1255736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [2008-08-05 1075712]
R3 X6va005;X6va005;c:\users\James\AppData\Local\Temp\005B8DE.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111015.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-26 237056]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-27 365568]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-26 11172864]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-26 339456]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 136824]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 23:57]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000Core.job
- c:\users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-03 22:00]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000UA.job
- c:\users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-03 22:00]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 05:27]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 05:27]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 18:55]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 18:55]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForJames.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"combofix"="c:\combofix\CF28879.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{54A62299-AEA5-44C9-8F0E-8641A671B526}\157756374784: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1jbcd7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.equestriadaily.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\James\AppData\Local\Temp\005B8DE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-29 15:19:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 20:19
.
Pre-Run: 840,883,519,488 bytes free
Post-Run: 840,465,174,528 bytes free
.
- - End Of File - - 05D2B2F6F5A0FF5E9AD780154BA37843




I ran malwarebytes after my computer had to be restarted for the "Illegal operation attempted on a registery key that has been marked for deletion.", and the scan ran clean! :D Thank you!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 29 July 2012 - 03:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Venoch

Venoch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 31 July 2012 - 01:17 AM

Hello again, everything seems to be working fine, I've had no pop-ups since I ran combofix, and malwarebytes keeps coming up clean. My computer even seems to be running faster. Anyways, I had no problems running these programs, as requested.

TDSSKiller:

00:32:01.0468 3052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:32:02.0017 3052 ============================================================
00:32:02.0017 3052 Current date / time: 2012/07/31 00:32:02.0017
00:32:02.0017 3052 SystemInfo:
00:32:02.0017 3052
00:32:02.0017 3052 OS Version: 6.1.7601 ServicePack: 1.0
00:32:02.0017 3052 Product type: Workstation
00:32:02.0017 3052 ComputerName: JAMES-HP
00:32:02.0017 3052 UserName: James
00:32:02.0017 3052 Windows directory: C:\Windows
00:32:02.0017 3052 System windows directory: C:\Windows
00:32:02.0017 3052 Running under WOW64
00:32:02.0017 3052 Processor architecture: Intel x64
00:32:02.0017 3052 Number of processors: 4
00:32:02.0017 3052 Page size: 0x1000
00:32:02.0017 3052 Boot type: Normal boot
00:32:02.0017 3052 ============================================================
00:32:03.0185 3052 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:32:03.0209 3052 ============================================================
00:32:03.0209 3052 \Device\Harddisk0\DR0:
00:32:03.0209 3052 MBR partitions:
00:32:03.0209 3052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:32:03.0209 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73089000
00:32:03.0209 3052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730BB800, BlocksNum 0x164A800
00:32:03.0209 3052 ============================================================
00:32:03.0235 3052 C: <-> \Device\Harddisk0\DR0\Partition1
00:32:03.0289 3052 D: <-> \Device\Harddisk0\DR0\Partition2
00:32:03.0289 3052 ============================================================
00:32:03.0289 3052 Initialize success
00:32:03.0289 3052 ============================================================
00:32:04.0567 4968 ============================================================
00:32:04.0567 4968 Scan started
00:32:04.0567 4968 Mode: Manual;
00:32:04.0567 4968 ============================================================
00:32:05.0709 4968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:32:05.0715 4968 1394ohci - ok
00:32:05.0746 4968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:32:05.0751 4968 ACPI - ok
00:32:05.0760 4968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:32:05.0762 4968 AcpiPmi - ok
00:32:05.0870 4968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:32:05.0872 4968 AdobeARMservice - ok
00:32:05.0992 4968 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:05.0996 4968 AdobeFlashPlayerUpdateSvc - ok
00:32:06.0059 4968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:32:06.0070 4968 adp94xx - ok
00:32:06.0126 4968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:32:06.0134 4968 adpahci - ok
00:32:06.0161 4968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:32:06.0166 4968 adpu320 - ok
00:32:06.0192 4968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:32:06.0194 4968 AeLookupSvc - ok
00:32:06.0263 4968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:32:06.0273 4968 AFD - ok
00:32:06.0300 4968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:32:06.0302 4968 agp440 - ok
00:32:06.0318 4968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:32:06.0320 4968 ALG - ok
00:32:06.0344 4968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:32:06.0345 4968 aliide - ok
00:32:06.0395 4968 AMD External Events Utility (c9a5a02cb76b35a78404f6d4101163f9) C:\Windows\system32\atiesrxx.exe
00:32:06.0401 4968 AMD External Events Utility - ok
00:32:06.0468 4968 AMD FUEL Service - ok
00:32:06.0488 4968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:32:06.0490 4968 amdide - ok
00:32:06.0511 4968 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
00:32:06.0512 4968 amdiox64 - ok
00:32:06.0528 4968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:32:06.0529 4968 AmdK8 - ok
00:32:07.0311 4968 amdkmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
00:32:07.0443 4968 amdkmdag - ok
00:32:07.0563 4968 amdkmdap (d93655ec3ca48fcbffd9d4e6df63737f) C:\Windows\system32\DRIVERS\atikmpag.sys
00:32:07.0571 4968 amdkmdap - ok
00:32:07.0600 4968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:32:07.0602 4968 AmdPPM - ok
00:32:07.0642 4968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:32:07.0646 4968 amdsata - ok
00:32:07.0677 4968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:32:07.0683 4968 amdsbs - ok
00:32:07.0701 4968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:32:07.0702 4968 amdxata - ok
00:32:07.0716 4968 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
00:32:07.0718 4968 amd_sata - ok
00:32:07.0742 4968 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
00:32:07.0744 4968 amd_xata - ok
00:32:07.0784 4968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:32:07.0787 4968 AppID - ok
00:32:07.0812 4968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:32:07.0814 4968 AppIDSvc - ok
00:32:07.0830 4968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:32:07.0831 4968 Appinfo - ok
00:32:07.0886 4968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:32:07.0890 4968 arc - ok
00:32:07.0914 4968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:32:07.0916 4968 arcsas - ok
00:32:08.0006 4968 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:32:08.0007 4968 aspnet_state - ok
00:32:08.0026 4968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:32:08.0028 4968 AsyncMac - ok
00:32:08.0050 4968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:32:08.0051 4968 atapi - ok
00:32:08.0709 4968 atikmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
00:32:08.0759 4968 atikmdag - ok
00:32:08.0847 4968 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
00:32:08.0848 4968 AtiPcie - ok
00:32:08.0899 4968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:32:08.0908 4968 AudioEndpointBuilder - ok
00:32:08.0917 4968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:32:08.0923 4968 AudioSrv - ok
00:32:08.0949 4968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:32:08.0951 4968 AxInstSV - ok
00:32:09.0011 4968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:32:09.0019 4968 b06bdrv - ok
00:32:09.0059 4968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:32:09.0064 4968 b57nd60a - ok
00:32:09.0081 4968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:32:09.0082 4968 BDESVC - ok
00:32:09.0096 4968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:32:09.0096 4968 Beep - ok
00:32:09.0154 4968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:32:09.0163 4968 BFE - ok
00:32:09.0342 4968 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys
00:32:09.0358 4968 BHDrvx64 - ok
00:32:09.0456 4968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
00:32:09.0457 4968 blbdrive - ok
00:32:09.0484 4968 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
00:32:09.0486 4968 bowser - ok
00:32:09.0511 4968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:32:09.0512 4968 BrFiltLo - ok
00:32:09.0522 4968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:32:09.0523 4968 BrFiltUp - ok
00:32:09.0565 4968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:32:09.0568 4968 BridgeMP - ok
00:32:09.0601 4968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:32:09.0602 4968 Browser - ok
00:32:09.0629 4968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:32:09.0633 4968 Brserid - ok
00:32:09.0653 4968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:32:09.0655 4968 BrSerWdm - ok
00:32:09.0667 4968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:32:09.0668 4968 BrUsbMdm - ok
00:32:09.0692 4968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:32:09.0693 4968 BrUsbSer - ok
00:32:09.0723 4968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:32:09.0726 4968 BTHMODEM - ok
00:32:09.0757 4968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:32:09.0760 4968 bthserv - ok
00:32:09.0788 4968 catchme - ok
00:32:09.0818 4968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:32:09.0821 4968 cdfs - ok
00:32:09.0840 4968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:32:09.0843 4968 cdrom - ok
00:32:09.0869 4968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:32:09.0871 4968 CertPropSvc - ok
00:32:09.0892 4968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:32:09.0894 4968 circlass - ok
00:32:09.0923 4968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:32:09.0928 4968 CLFS - ok
00:32:09.0992 4968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:32:09.0995 4968 clr_optimization_v2.0.50727_32 - ok
00:32:10.0039 4968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:32:10.0042 4968 clr_optimization_v2.0.50727_64 - ok
00:32:10.0109 4968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:32:10.0113 4968 clr_optimization_v4.0.30319_32 - ok
00:32:10.0150 4968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:32:10.0154 4968 clr_optimization_v4.0.30319_64 - ok
00:32:10.0170 4968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:32:10.0172 4968 CmBatt - ok
00:32:10.0192 4968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:32:10.0193 4968 cmdide - ok
00:32:10.0244 4968 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:32:10.0250 4968 CNG - ok
00:32:10.0263 4968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:32:10.0264 4968 Compbatt - ok
00:32:10.0295 4968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:32:10.0296 4968 CompositeBus - ok
00:32:10.0310 4968 COMSysApp - ok
00:32:10.0328 4968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:32:10.0329 4968 crcdisk - ok
00:32:10.0362 4968 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:32:10.0364 4968 CryptSvc - ok
00:32:10.0427 4968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:32:10.0436 4968 DcomLaunch - ok
00:32:10.0480 4968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:32:10.0484 4968 defragsvc - ok
00:32:10.0501 4968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:32:10.0502 4968 DfsC - ok
00:32:10.0564 4968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:32:10.0572 4968 Dhcp - ok
00:32:10.0589 4968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:32:10.0590 4968 discache - ok
00:32:10.0614 4968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:32:10.0616 4968 Disk - ok
00:32:10.0641 4968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:32:10.0644 4968 Dnscache - ok
00:32:10.0678 4968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:32:10.0682 4968 dot3svc - ok
00:32:10.0702 4968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:32:10.0705 4968 DPS - ok
00:32:10.0728 4968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:32:10.0729 4968 drmkaud - ok
00:32:10.0791 4968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:32:10.0804 4968 DXGKrnl - ok
00:32:10.0829 4968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:32:10.0831 4968 EapHost - ok
00:32:11.0011 4968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:32:11.0044 4968 ebdrv - ok
00:32:11.0140 4968 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:32:11.0148 4968 eeCtrl - ok
00:32:11.0226 4968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:32:11.0228 4968 EFS - ok
00:32:11.0308 4968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:32:11.0323 4968 ehRecvr - ok
00:32:11.0367 4968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:32:11.0371 4968 ehSched - ok
00:32:11.0437 4968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:32:11.0447 4968 elxstor - ok
00:32:11.0518 4968 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:32:11.0520 4968 EraserUtilRebootDrv - ok
00:32:11.0538 4968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:32:11.0540 4968 ErrDev - ok
00:32:11.0578 4968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:32:11.0582 4968 EventSystem - ok
00:32:11.0605 4968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:32:11.0608 4968 exfat - ok
00:32:11.0630 4968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:32:11.0632 4968 fastfat - ok
00:32:11.0697 4968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:32:11.0713 4968 Fax - ok
00:32:11.0730 4968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:32:11.0731 4968 fdc - ok
00:32:11.0746 4968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:32:11.0747 4968 fdPHost - ok
00:32:11.0759 4968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:32:11.0760 4968 FDResPub - ok
00:32:11.0773 4968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:32:11.0774 4968 FileInfo - ok
00:32:11.0784 4968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:32:11.0785 4968 Filetrace - ok
00:32:11.0806 4968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:32:11.0807 4968 flpydisk - ok
00:32:11.0836 4968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:32:11.0839 4968 FltMgr - ok
00:32:11.0930 4968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:32:11.0945 4968 FontCache - ok
00:32:12.0078 4968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:32:12.0080 4968 FontCache3.0.0.0 - ok
00:32:12.0209 4968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:32:12.0211 4968 FsDepends - ok
00:32:12.0245 4968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:32:12.0247 4968 Fs_Rec - ok
00:32:12.0286 4968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:32:12.0290 4968 fvevol - ok
00:32:12.0328 4968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:32:12.0331 4968 gagp30kx - ok
00:32:12.0433 4968 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:32:12.0438 4968 GamesAppService - ok
00:32:12.0508 4968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:32:12.0525 4968 gpsvc - ok
00:32:12.0597 4968 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:32:12.0599 4968 gupdate - ok
00:32:12.0607 4968 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:32:12.0609 4968 gupdatem - ok
00:32:12.0640 4968 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:32:12.0641 4968 hamachi - ok
00:32:12.0845 4968 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:32:12.0877 4968 Hamachi2Svc - ok
00:32:12.0989 4968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:32:12.0991 4968 hcw85cir - ok
00:32:13.0056 4968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:32:13.0064 4968 HdAudAddService - ok
00:32:13.0095 4968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:32:13.0098 4968 HDAudBus - ok
00:32:13.0115 4968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:32:13.0116 4968 HidBatt - ok
00:32:13.0134 4968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:32:13.0136 4968 HidBth - ok
00:32:13.0153 4968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:32:13.0154 4968 HidIr - ok
00:32:13.0177 4968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:32:13.0178 4968 hidserv - ok
00:32:13.0205 4968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:32:13.0206 4968 HidUsb - ok
00:32:13.0221 4968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:32:13.0223 4968 hkmsvc - ok
00:32:13.0246 4968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:32:13.0249 4968 HomeGroupListener - ok
00:32:13.0275 4968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:32:13.0279 4968 HomeGroupProvider - ok
00:32:13.0355 4968 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
00:32:13.0363 4968 HPClientSvc - ok
00:32:13.0395 4968 hpqwmiex - ok
00:32:13.0433 4968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:32:13.0436 4968 HpSAMD - ok
00:32:13.0507 4968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:32:13.0522 4968 HTTP - ok
00:32:13.0536 4968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:32:13.0537 4968 hwpolicy - ok
00:32:13.0593 4968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:32:13.0596 4968 i8042prt - ok
00:32:13.0648 4968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:32:13.0657 4968 iaStorV - ok
00:32:13.0767 4968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:32:13.0785 4968 idsvc - ok
00:32:13.0944 4968 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111015.030\IDSvia64.sys
00:32:13.0954 4968 IDSVia64 - ok
00:32:14.0401 4968 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:32:14.0461 4968 igfx - ok
00:32:14.0546 4968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:32:14.0549 4968 iirsp - ok
00:32:14.0633 4968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:32:14.0651 4968 IKEEXT - ok
00:32:14.0815 4968 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
00:32:14.0844 4968 IntcAzAudAddService - ok
00:32:14.0898 4968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:32:14.0900 4968 intelide - ok
00:32:14.0930 4968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
00:32:14.0933 4968 intelppm - ok
00:32:14.0953 4968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:32:14.0958 4968 IPBusEnum - ok
00:32:14.0987 4968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:32:14.0990 4968 IpFilterDriver - ok
00:32:15.0076 4968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:32:15.0089 4968 iphlpsvc - ok
00:32:15.0113 4968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:32:15.0115 4968 IPMIDRV - ok
00:32:15.0140 4968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:32:15.0142 4968 IPNAT - ok
00:32:15.0163 4968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:32:15.0164 4968 IRENUM - ok
00:32:15.0180 4968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:32:15.0182 4968 isapnp - ok
00:32:15.0210 4968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:32:15.0214 4968 iScsiPrt - ok
00:32:15.0232 4968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:32:15.0233 4968 kbdclass - ok
00:32:15.0250 4968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:32:15.0251 4968 kbdhid - ok
00:32:15.0276 4968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:15.0278 4968 KeyIso - ok
00:32:15.0314 4968 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:32:15.0317 4968 KSecDD - ok
00:32:15.0340 4968 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:32:15.0343 4968 KSecPkg - ok
00:32:15.0361 4968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:32:15.0362 4968 ksthunk - ok
00:32:15.0407 4968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:32:15.0414 4968 KtmRm - ok
00:32:15.0456 4968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:32:15.0461 4968 LanmanServer - ok
00:32:15.0486 4968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:32:15.0489 4968 LanmanWorkstation - ok
00:32:15.0599 4968 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:32:15.0607 4968 LBTServ - ok
00:32:15.0639 4968 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:32:15.0640 4968 LHidFilt - ok
00:32:15.0704 4968 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:32:15.0705 4968 LightScribeService - ok
00:32:15.0729 4968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:32:15.0730 4968 lltdio - ok
00:32:15.0780 4968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:32:15.0789 4968 lltdsvc - ok
00:32:15.0807 4968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:32:15.0809 4968 lmhosts - ok
00:32:15.0842 4968 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:32:15.0843 4968 LMouFilt - ok
00:32:15.0877 4968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:32:15.0879 4968 LSI_FC - ok
00:32:15.0907 4968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:32:15.0909 4968 LSI_SAS - ok
00:32:15.0924 4968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:32:15.0926 4968 LSI_SAS2 - ok
00:32:15.0957 4968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:32:15.0959 4968 LSI_SCSI - ok
00:32:15.0986 4968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:32:15.0988 4968 luafv - ok
00:32:16.0024 4968 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys
00:32:16.0025 4968 Lycosa - ok
00:32:16.0048 4968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:32:16.0051 4968 Mcx2Svc - ok
00:32:16.0072 4968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:32:16.0074 4968 megasas - ok
00:32:16.0100 4968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:32:16.0105 4968 MegaSR - ok
00:32:16.0132 4968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:32:16.0134 4968 MMCSS - ok
00:32:16.0148 4968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:32:16.0149 4968 Modem - ok
00:32:16.0169 4968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:32:16.0170 4968 monitor - ok
00:32:16.0204 4968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:32:16.0205 4968 mouclass - ok
00:32:16.0222 4968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:32:16.0223 4968 mouhid - ok
00:32:16.0245 4968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:32:16.0247 4968 mountmgr - ok
00:32:16.0325 4968 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:32:16.0328 4968 MozillaMaintenance - ok
00:32:16.0357 4968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:32:16.0361 4968 mpio - ok
00:32:16.0383 4968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:32:16.0386 4968 mpsdrv - ok
00:32:16.0500 4968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:32:16.0520 4968 MpsSvc - ok
00:32:16.0549 4968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:32:16.0553 4968 MRxDAV - ok
00:32:16.0603 4968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:32:16.0607 4968 mrxsmb - ok
00:32:16.0639 4968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:32:16.0645 4968 mrxsmb10 - ok
00:32:16.0666 4968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:32:16.0670 4968 mrxsmb20 - ok
00:32:16.0695 4968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:32:16.0697 4968 msahci - ok
00:32:16.0737 4968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:32:16.0741 4968 msdsm - ok
00:32:16.0773 4968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:32:16.0780 4968 MSDTC - ok
00:32:16.0812 4968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:32:16.0814 4968 Msfs - ok
00:32:16.0825 4968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:32:16.0826 4968 mshidkmdf - ok
00:32:16.0850 4968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:32:16.0851 4968 msisadrv - ok
00:32:16.0891 4968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:32:16.0894 4968 MSiSCSI - ok
00:32:16.0898 4968 msiserver - ok
00:32:16.0925 4968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:32:16.0926 4968 MSKSSRV - ok
00:32:16.0930 4968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:32:16.0931 4968 MSPCLOCK - ok
00:32:16.0936 4968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:32:16.0937 4968 MSPQM - ok
00:32:16.0975 4968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:32:16.0980 4968 MsRPC - ok
00:32:16.0993 4968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:32:16.0993 4968 mssmbios - ok
00:32:16.0997 4968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:32:16.0998 4968 MSTEE - ok
00:32:17.0011 4968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:32:17.0012 4968 MTConfig - ok
00:32:17.0040 4968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:32:17.0041 4968 Mup - ok
00:32:17.0081 4968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:32:17.0089 4968 napagent - ok
00:32:17.0125 4968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:32:17.0130 4968 NativeWifiP - ok
00:32:17.0260 4968 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111017.003\ENG64.SYS
00:32:17.0264 4968 NAVENG - ok
00:32:17.0395 4968 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111017.003\EX64.SYS
00:32:17.0423 4968 NAVEX15 - ok
00:32:17.0581 4968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:32:17.0599 4968 NDIS - ok
00:32:17.0621 4968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:32:17.0623 4968 NdisCap - ok
00:32:17.0649 4968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:32:17.0650 4968 NdisTapi - ok
00:32:17.0672 4968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:32:17.0673 4968 Ndisuio - ok
00:32:17.0692 4968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:32:17.0694 4968 NdisWan - ok
00:32:17.0709 4968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:32:17.0711 4968 NDProxy - ok
00:32:17.0722 4968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:32:17.0722 4968 NetBIOS - ok
00:32:17.0748 4968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:32:17.0751 4968 NetBT - ok
00:32:17.0776 4968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:17.0778 4968 Netlogon - ok
00:32:17.0820 4968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:32:17.0826 4968 Netman - ok
00:32:17.0914 4968 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:17.0917 4968 NetMsmqActivator - ok
00:32:17.0925 4968 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:17.0928 4968 NetPipeActivator - ok
00:32:17.0977 4968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:32:17.0989 4968 netprofm - ok
00:32:17.0997 4968 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:18.0001 4968 NetTcpActivator - ok
00:32:18.0011 4968 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:18.0016 4968 NetTcpPortSharing - ok
00:32:18.0059 4968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:32:18.0061 4968 nfrd960 - ok
00:32:18.0142 4968 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
00:32:18.0144 4968 NIS - ok
00:32:18.0192 4968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:32:18.0201 4968 NlaSvc - ok
00:32:18.0402 4968 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:32:18.0443 4968 NOBU - ok
00:32:18.0538 4968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:32:18.0539 4968 Npfs - ok
00:32:18.0566 4968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:32:18.0568 4968 nsi - ok
00:32:18.0578 4968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:32:18.0579 4968 nsiproxy - ok
00:32:18.0718 4968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:32:18.0745 4968 Ntfs - ok
00:32:18.0788 4968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:32:18.0789 4968 Null - ok
00:32:18.0820 4968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:32:18.0823 4968 nvraid - ok
00:32:18.0835 4968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:32:18.0838 4968 nvstor - ok
00:32:18.0865 4968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:32:18.0868 4968 nv_agp - ok
00:32:18.0891 4968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:32:18.0893 4968 ohci1394 - ok
00:32:18.0929 4968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:32:18.0935 4968 p2pimsvc - ok
00:32:18.0967 4968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:32:18.0974 4968 p2psvc - ok
00:32:19.0003 4968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:32:19.0005 4968 Parport - ok
00:32:19.0030 4968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:32:19.0031 4968 partmgr - ok
00:32:19.0063 4968 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
00:32:19.0064 4968 PCAMp50a64 - ok
00:32:19.0084 4968 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
00:32:19.0085 4968 PCASp50a64 - ok
00:32:19.0106 4968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:32:19.0110 4968 PcaSvc - ok
00:32:19.0139 4968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:32:19.0141 4968 pci - ok
00:32:19.0169 4968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:32:19.0171 4968 pciide - ok
00:32:19.0208 4968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:32:19.0212 4968 pcmcia - ok
00:32:19.0237 4968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:32:19.0238 4968 pcw - ok
00:32:19.0281 4968 pdfcDispatcher - ok
00:32:19.0332 4968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:32:19.0341 4968 PEAUTH - ok
00:32:19.0403 4968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:32:19.0404 4968 PerfHost - ok
00:32:19.0557 4968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:32:19.0581 4968 pla - ok
00:32:19.0619 4968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:32:19.0624 4968 PlugPlay - ok
00:32:19.0633 4968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:32:19.0635 4968 PNRPAutoReg - ok
00:32:19.0660 4968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:32:19.0663 4968 PNRPsvc - ok
00:32:19.0715 4968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:32:19.0727 4968 PolicyAgent - ok
00:32:19.0754 4968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:32:19.0757 4968 Power - ok
00:32:19.0818 4968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:32:19.0820 4968 PptpMiniport - ok
00:32:19.0844 4968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:32:19.0845 4968 Processor - ok
00:32:19.0887 4968 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:32:19.0891 4968 ProfSvc - ok
00:32:19.0918 4968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:19.0919 4968 ProtectedStorage - ok
00:32:19.0952 4968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:32:19.0954 4968 Psched - ok
00:32:20.0050 4968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:32:20.0072 4968 ql2300 - ok
00:32:20.0159 4968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:32:20.0163 4968 ql40xx - ok
00:32:20.0197 4968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:32:20.0202 4968 QWAVE - ok
00:32:20.0217 4968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:32:20.0218 4968 QWAVEdrv - ok
00:32:20.0236 4968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:32:20.0237 4968 RasAcd - ok
00:32:20.0264 4968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:32:20.0265 4968 RasAgileVpn - ok
00:32:20.0282 4968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:32:20.0286 4968 RasAuto - ok
00:32:20.0301 4968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:32:20.0303 4968 Rasl2tp - ok
00:32:20.0328 4968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:32:20.0334 4968 RasMan - ok
00:32:20.0352 4968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:32:20.0353 4968 RasPppoe - ok
00:32:20.0365 4968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:32:20.0366 4968 RasSstp - ok
00:32:20.0396 4968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:32:20.0400 4968 rdbss - ok
00:32:20.0426 4968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:32:20.0427 4968 rdpbus - ok
00:32:20.0454 4968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:32:20.0454 4968 RDPCDD - ok
00:32:20.0477 4968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:32:20.0478 4968 RDPENCDD - ok
00:32:20.0491 4968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:32:20.0492 4968 RDPREFMP - ok
00:32:20.0530 4968 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:32:20.0534 4968 RDPWD - ok
00:32:20.0569 4968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:32:20.0572 4968 rdyboost - ok
00:32:20.0608 4968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:32:20.0611 4968 RemoteAccess - ok
00:32:20.0643 4968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:32:20.0647 4968 RemoteRegistry - ok
00:32:20.0713 4968 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
00:32:20.0720 4968 RoxioNow Service - ok
00:32:20.0738 4968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:32:20.0743 4968 RpcEptMapper - ok
00:32:20.0766 4968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:32:20.0768 4968 RpcLocator - ok
00:32:20.0806 4968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
00:32:20.0812 4968 RpcSs - ok
00:32:20.0846 4968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:32:20.0848 4968 rspndr - ok
00:32:20.0892 4968 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:32:20.0898 4968 RTL8167 - ok
00:32:20.0926 4968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:20.0928 4968 SamSs - ok
00:32:20.0951 4968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:32:20.0953 4968 sbp2port - ok
00:32:20.0992 4968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:32:20.0997 4968 SCardSvr - ok
00:32:21.0013 4968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:32:21.0014 4968 scfilter - ok
00:32:21.0083 4968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:32:21.0100 4968 Schedule - ok
00:32:21.0119 4968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:32:21.0120 4968 SCPolicySvc - ok
00:32:21.0138 4968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:32:21.0143 4968 SDRSVC - ok
00:32:21.0197 4968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:32:21.0198 4968 secdrv - ok
00:32:21.0217 4968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:32:21.0218 4968 seclogon - ok
00:32:21.0225 4968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:32:21.0227 4968 SENS - ok
00:32:21.0239 4968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:32:21.0240 4968 SensrSvc - ok
00:32:21.0271 4968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:32:21.0272 4968 Serenum - ok
00:32:21.0292 4968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:32:21.0295 4968 Serial - ok
00:32:21.0323 4968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:32:21.0325 4968 sermouse - ok
00:32:21.0362 4968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:32:21.0365 4968 SessionEnv - ok
00:32:21.0384 4968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:32:21.0390 4968 sffdisk - ok
00:32:21.0401 4968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:32:21.0406 4968 sffp_mmc - ok
00:32:21.0420 4968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:32:21.0421 4968 sffp_sd - ok
00:32:21.0432 4968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:32:21.0433 4968 sfloppy - ok
00:32:21.0500 4968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:32:21.0505 4968 SharedAccess - ok
00:32:21.0547 4968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:32:21.0554 4968 ShellHWDetection - ok
00:32:21.0570 4968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:32:21.0572 4968 SiSRaid2 - ok
00:32:21.0594 4968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:32:21.0596 4968 SiSRaid4 - ok
00:32:21.0633 4968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:32:21.0635 4968 Smb - ok
00:32:21.0661 4968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:32:21.0664 4968 SNMPTRAP - ok
00:32:21.0675 4968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:32:21.0675 4968 spldr - ok
00:32:21.0714 4968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:32:21.0724 4968 Spooler - ok
00:32:21.0892 4968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:32:21.0927 4968 sppsvc - ok
00:32:22.0005 4968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:32:22.0008 4968 sppuinotify - ok
00:32:22.0127 4968 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
00:32:22.0143 4968 SRTSP - ok
00:32:22.0159 4968 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
00:32:22.0160 4968 SRTSPX - ok
00:32:22.0206 4968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:32:22.0212 4968 srv - ok
00:32:22.0237 4968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:32:22.0242 4968 srv2 - ok
00:32:22.0264 4968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:32:22.0267 4968 srvnet - ok
00:32:22.0290 4968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:32:22.0294 4968 SSDPSRV - ok
00:32:22.0324 4968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:32:22.0327 4968 SstpSvc - ok
00:32:22.0378 4968 Steam Client Service - ok
00:32:22.0416 4968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:32:22.0419 4968 stexstor - ok
00:32:22.0490 4968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:32:22.0506 4968 stisvc - ok
00:32:22.0529 4968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:32:22.0530 4968 swenum - ok
00:32:22.0565 4968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:32:22.0574 4968 swprv - ok
00:32:22.0659 4968 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
00:32:22.0669 4968 SymDS - ok
00:32:22.0742 4968 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
00:32:22.0759 4968 SymEFA - ok
00:32:22.0789 4968 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:32:22.0792 4968 SymEvent - ok
00:32:22.0825 4968 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
00:32:22.0826 4968 SymIM - ok
00:32:22.0845 4968 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
00:32:22.0848 4968 SymIRON - ok
00:32:22.0877 4968 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
00:32:22.0882 4968 SymNetS - ok
00:32:22.0985 4968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:32:23.0010 4968 SysMain - ok
00:32:23.0082 4968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:32:23.0086 4968 TabletInputService - ok
00:32:23.0117 4968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:32:23.0123 4968 TapiSrv - ok
00:32:23.0137 4968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:32:23.0140 4968 TBS - ok
00:32:23.0281 4968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:32:23.0302 4968 Tcpip - ok
00:32:23.0464 4968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:32:23.0474 4968 TCPIP6 - ok
00:32:23.0526 4968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:32:23.0527 4968 tcpipreg - ok
00:32:23.0539 4968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:32:23.0540 4968 TDPIPE - ok
00:32:23.0567 4968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:32:23.0569 4968 TDTCP - ok
00:32:23.0589 4968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:32:23.0592 4968 tdx - ok
00:32:23.0612 4968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:32:23.0613 4968 TermDD - ok
00:32:23.0681 4968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:32:23.0695 4968 TermService - ok
00:32:23.0706 4968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:32:23.0709 4968 Themes - ok
00:32:23.0732 4968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:32:23.0734 4968 THREADORDER - ok
00:32:23.0751 4968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:32:23.0755 4968 TrkWks - ok
00:32:23.0786 4968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:32:23.0788 4968 TrustedInstaller - ok
00:32:23.0812 4968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:32:23.0813 4968 tssecsrv - ok
00:32:23.0828 4968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:32:23.0830 4968 TsUsbFlt - ok
00:32:23.0850 4968 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:32:23.0851 4968 TsUsbGD - ok
00:32:23.0886 4968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:32:23.0888 4968 tunnel - ok
00:32:23.0913 4968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:32:23.0914 4968 uagp35 - ok
00:32:23.0944 4968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:32:23.0949 4968 udfs - ok
00:32:23.0978 4968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:32:23.0981 4968 UI0Detect - ok
00:32:23.0999 4968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:32:24.0001 4968 uliagpkx - ok
00:32:24.0017 4968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:32:24.0018 4968 umbus - ok
00:32:24.0027 4968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:32:24.0028 4968 UmPass - ok
00:32:24.0063 4968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:32:24.0069 4968 upnphost - ok
00:32:24.0107 4968 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
00:32:24.0109 4968 usbbus - ok
00:32:24.0131 4968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:32:24.0133 4968 usbccgp - ok
00:32:24.0165 4968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:32:24.0167 4968 usbcir - ok
00:32:24.0178 4968 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
00:32:24.0180 4968 UsbDiag - ok
00:32:24.0196 4968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:32:24.0197 4968 usbehci - ok
00:32:24.0214 4968 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
00:32:24.0216 4968 usbfilter - ok
00:32:24.0250 4968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:32:24.0255 4968 usbhub - ok
00:32:24.0276 4968 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
00:32:24.0277 4968 USBModem - ok
00:32:24.0287 4968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:32:24.0289 4968 usbohci - ok
00:32:24.0300 4968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:32:24.0301 4968 usbprint - ok
00:32:24.0326 4968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:32:24.0328 4968 USBSTOR - ok
00:32:24.0344 4968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:32:24.0346 4968 usbuhci - ok
00:32:24.0370 4968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:32:24.0373 4968 UxSms - ok
00:32:24.0401 4968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:24.0403 4968 VaultSvc - ok
00:32:24.0440 4968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:32:24.0442 4968 vdrvroot - ok
00:32:24.0490 4968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:32:24.0499 4968 vds - ok
00:32:24.0522 4968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:32:24.0524 4968 vga - ok
00:32:24.0529 4968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:32:24.0530 4968 VgaSave - ok
00:32:24.0564 4968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:32:24.0568 4968 vhdmp - ok
00:32:24.0588 4968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:32:24.0589 4968 viaide - ok
00:32:24.0609 4968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:32:24.0610 4968 volmgr - ok
00:32:24.0637 4968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:32:24.0643 4968 volmgrx - ok
00:32:24.0666 4968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:32:24.0670 4968 volsnap - ok
00:32:24.0708 4968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:32:24.0714 4968 vsmraid - ok
00:32:24.0830 4968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:32:24.0854 4968 VSS - ok
00:32:24.0938 4968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:32:24.0939 4968 vwifibus - ok
00:32:24.0974 4968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:32:24.0982 4968 W32Time - ok
00:32:24.0996 4968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:32:24.0998 4968 WacomPen - ok
00:32:25.0030 4968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:32:25.0032 4968 WANARP - ok
00:32:25.0036 4968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:32:25.0037 4968 Wanarpv6 - ok
00:32:25.0134 4968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:32:25.0151 4968 WatAdminSvc - ok
00:32:25.0249 4968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:32:25.0272 4968 wbengine - ok
00:32:25.0350 4968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:32:25.0358 4968 WbioSrvc - ok
00:32:25.0401 4968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:32:25.0413 4968 wcncsvc - ok
00:32:25.0431 4968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:32:25.0434 4968 WcsPlugInService - ok
00:32:25.0466 4968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:32:25.0467 4968 Wd - ok
00:32:25.0512 4968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:32:25.0521 4968 Wdf01000 - ok
00:32:25.0536 4968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:32:25.0539 4968 WdiServiceHost - ok
00:32:25.0542 4968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:32:25.0545 4968 WdiSystemHost - ok
00:32:25.0568 4968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:32:25.0572 4968 WebClient - ok
00:32:25.0586 4968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:32:25.0590 4968 Wecsvc - ok
00:32:25.0601 4968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:32:25.0603 4968 wercplsupport - ok
00:32:25.0632 4968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:32:25.0634 4968 WerSvc - ok
00:32:25.0687 4968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:32:25.0689 4968 WfpLwf - ok
00:32:25.0707 4968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:32:25.0709 4968 WIMMount - ok
00:32:25.0736 4968 WinDefend - ok
00:32:25.0746 4968 WinHttpAutoProxySvc - ok
00:32:25.0801 4968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:32:25.0806 4968 Winmgmt - ok
00:32:25.0923 4968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:32:25.0945 4968 WinRM - ok
00:32:26.0091 4968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:32:26.0112 4968 Wlansvc - ok
00:32:26.0172 4968 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:32:26.0174 4968 wlcrasvc - ok
00:32:26.0363 4968 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:32:26.0393 4968 wlidsvc - ok
00:32:26.0486 4968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:32:26.0487 4968 WmiAcpi - ok
00:32:26.0545 4968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:32:26.0550 4968 wmiApSrv - ok
00:32:26.0585 4968 WMPNetworkSvc - ok
00:32:26.0616 4968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:32:26.0620 4968 WPCSvc - ok
00:32:26.0632 4968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:32:26.0635 4968 WPDBusEnum - ok
00:32:26.0724 4968 WPN111 (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\WPN111vx.sys
00:32:26.0739 4968 WPN111 - ok
00:32:26.0764 4968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:32:26.0765 4968 ws2ifsl - ok
00:32:26.0789 4968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:32:26.0796 4968 wscsvc - ok
00:32:26.0803 4968 WSearch - ok
00:32:26.0968 4968 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:32:26.0995 4968 wuauserv - ok
00:32:27.0073 4968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:32:27.0076 4968 WudfPf - ok
00:32:27.0108 4968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:32:27.0111 4968 WUDFRd - ok
00:32:27.0136 4968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:32:27.0139 4968 wudfsvc - ok
00:32:27.0166 4968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:32:27.0172 4968 WwanSvc - ok
00:32:27.0274 4968 X6va005 - ok
00:32:27.0334 4968 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
00:32:27.0337 4968 xusb21 - ok
00:32:27.0359 4968 MBR (0x1B8) (12aa7b560dd722627fb3d07c8e9cda75) \Device\Harddisk0\DR0
00:32:27.0597 4968 \Device\Harddisk0\DR0 - ok
00:32:27.0603 4968 Boot (0x1200) (ed80b8c94fe0d998cd0568c130c7e467) \Device\Harddisk0\DR0\Partition0
00:32:27.0605 4968 \Device\Harddisk0\DR0\Partition0 - ok
00:32:27.0616 4968 Boot (0x1200) (00f9d6e247c8a11d33728a429e58a5c1) \Device\Harddisk0\DR0\Partition1
00:32:27.0617 4968 \Device\Harddisk0\DR0\Partition1 - ok
00:32:27.0652 4968 Boot (0x1200) (7a004365763a27f19e6e96324f11de36) \Device\Harddisk0\DR0\Partition2
00:32:27.0654 4968 \Device\Harddisk0\DR0\Partition2 - ok
00:32:27.0654 4968 ============================================================
00:32:27.0654 4968 Scan finished
00:32:27.0654 4968 ============================================================
00:32:27.0666 1792 Detected object count: 0
00:32:27.0666 1792 Actual detected object count: 0
00:32:36.0372 5500 ============================================================
00:32:36.0372 5500 Scan started
00:32:36.0372 5500 Mode: Manual;
00:32:36.0372 5500 ============================================================
00:32:36.0773 5500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:32:36.0774 5500 1394ohci - ok
00:32:36.0803 5500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:32:36.0805 5500 ACPI - ok
00:32:36.0818 5500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:32:36.0819 5500 AcpiPmi - ok
00:32:36.0887 5500 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:32:36.0888 5500 AdobeARMservice - ok
00:32:37.0009 5500 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:37.0013 5500 AdobeFlashPlayerUpdateSvc - ok
00:32:37.0069 5500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:32:37.0076 5500 adp94xx - ok
00:32:37.0118 5500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:32:37.0123 5500 adpahci - ok
00:32:37.0152 5500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:32:37.0155 5500 adpu320 - ok
00:32:37.0184 5500 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:32:37.0185 5500 AeLookupSvc - ok
00:32:37.0241 5500 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:32:37.0245 5500 AFD - ok
00:32:37.0267 5500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:32:37.0268 5500 agp440 - ok
00:32:37.0285 5500 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:32:37.0286 5500 ALG - ok
00:32:37.0302 5500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:32:37.0302 5500 aliide - ok
00:32:37.0337 5500 AMD External Events Utility (c9a5a02cb76b35a78404f6d4101163f9) C:\Windows\system32\atiesrxx.exe
00:32:37.0340 5500 AMD External Events Utility - ok
00:32:37.0367 5500 AMD FUEL Service - ok
00:32:37.0379 5500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:32:37.0380 5500 amdide - ok
00:32:37.0394 5500 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
00:32:37.0395 5500 amdiox64 - ok
00:32:37.0411 5500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:32:37.0411 5500 AmdK8 - ok
00:32:38.0019 5500 amdkmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
00:32:38.0071 5500 amdkmdag - ok
00:32:38.0189 5500 amdkmdap (d93655ec3ca48fcbffd9d4e6df63737f) C:\Windows\system32\DRIVERS\atikmpag.sys
00:32:38.0194 5500 amdkmdap - ok
00:32:38.0217 5500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:32:38.0218 5500 AmdPPM - ok
00:32:38.0241 5500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:32:38.0242 5500 amdsata - ok
00:32:38.0273 5500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:32:38.0275 5500 amdsbs - ok
00:32:38.0292 5500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:32:38.0293 5500 amdxata - ok
00:32:38.0306 5500 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
00:32:38.0307 5500 amd_sata - ok
00:32:38.0317 5500 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
00:32:38.0317 5500 amd_xata - ok
00:32:38.0341 5500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:32:38.0342 5500 AppID - ok
00:32:38.0370 5500 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:32:38.0372 5500 AppIDSvc - ok
00:32:38.0397 5500 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:32:38.0398 5500 Appinfo - ok
00:32:38.0435 5500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:32:38.0436 5500 arc - ok
00:32:38.0456 5500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:32:38.0457 5500 arcsas - ok
00:32:38.0531 5500 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:32:38.0532 5500 aspnet_state - ok
00:32:38.0539 5500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:32:38.0539 5500 AsyncMac - ok
00:32:38.0549 5500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:32:38.0550 5500 atapi - ok
00:32:39.0158 5500 atikmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
00:32:39.0209 5500 atikmdag - ok
00:32:39.0289 5500 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
00:32:39.0290 5500 AtiPcie - ok
00:32:39.0360 5500 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:32:39.0371 5500 AudioEndpointBuilder - ok
00:32:39.0381 5500 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:32:39.0385 5500 AudioSrv - ok
00:32:39.0398 5500 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:32:39.0399 5500 AxInstSV - ok
00:32:39.0436 5500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:32:39.0439 5500 b06bdrv - ok
00:32:39.0467 5500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:32:39.0469 5500 b57nd60a - ok
00:32:39.0488 5500 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:32:39.0489 5500 BDESVC - ok
00:32:39.0495 5500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:32:39.0496 5500 Beep - ok
00:32:39.0553 5500 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:32:39.0564 5500 BFE - ok
00:32:39.0741 5500 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys
00:32:39.0758 5500 BHDrvx64 - ok
00:32:39.0857 5500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
00:32:39.0858 5500 blbdrive - ok
00:32:39.0886 5500 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
00:32:39.0887 5500 bowser - ok
00:32:39.0903 5500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:32:39.0904 5500 BrFiltLo - ok
00:32:39.0914 5500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:32:39.0915 5500 BrFiltUp - ok
00:32:39.0930 5500 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:32:39.0931 5500 BridgeMP - ok
00:32:39.0959 5500 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:32:39.0961 5500 Browser - ok
00:32:39.0988 5500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:32:39.0990 5500 Brserid - ok
00:32:40.0012 5500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:32:40.0012 5500 BrSerWdm - ok
00:32:40.0025 5500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:32:40.0026 5500 BrUsbMdm - ok
00:32:40.0050 5500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:32:40.0050 5500 BrUsbSer - ok
00:32:40.0063 5500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:32:40.0064 5500 BTHMODEM - ok
00:32:40.0080 5500 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:32:40.0081 5500 bthserv - ok
00:32:40.0084 5500 catchme - ok
00:32:40.0107 5500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:32:40.0108 5500 cdfs - ok
00:32:40.0124 5500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:32:40.0125 5500 cdrom - ok
00:32:40.0144 5500 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:32:40.0145 5500 CertPropSvc - ok
00:32:40.0167 5500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:32:40.0168 5500 circlass - ok
00:32:40.0198 5500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:32:40.0202 5500 CLFS - ok
00:32:40.0267 5500 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:32:40.0269 5500 clr_optimization_v2.0.50727_32 - ok
00:32:40.0306 5500 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:32:40.0308 5500 clr_optimization_v2.0.50727_64 - ok
00:32:40.0351 5500 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:32:40.0354 5500 clr_optimization_v4.0.30319_32 - ok
00:32:40.0403 5500 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:32:40.0405 5500 clr_optimization_v4.0.30319_64 - ok
00:32:40.0436 5500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:32:40.0437 5500 CmBatt - ok
00:32:40.0467 5500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:32:40.0468 5500 cmdide - ok
00:32:40.0527 5500 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:32:40.0534 5500 CNG - ok
00:32:40.0554 5500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:32:40.0555 5500 Compbatt - ok
00:32:40.0570 5500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:32:40.0570 5500 CompositeBus - ok
00:32:40.0574 5500 COMSysApp - ok
00:32:40.0586 5500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:32:40.0587 5500 crcdisk - ok
00:32:40.0623 5500 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:32:40.0625 5500 CryptSvc - ok
00:32:40.0687 5500 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:32:40.0697 5500 DcomLaunch - ok
00:32:40.0731 5500 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:32:40.0737 5500 defragsvc - ok
00:32:40.0760 5500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:32:40.0761 5500 DfsC - ok
00:32:40.0794 5500 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:32:40.0797 5500 Dhcp - ok
00:32:40.0806 5500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:32:40.0807 5500 discache - ok
00:32:40.0831 5500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:32:40.0832 5500 Disk - ok
00:32:40.0858 5500 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:32:40.0860 5500 Dnscache - ok
00:32:40.0887 5500 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:32:40.0889 5500 dot3svc - ok
00:32:40.0911 5500 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:32:40.0913 5500 DPS - ok
00:32:40.0927 5500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:32:40.0928 5500 drmkaud - ok
00:32:41.0001 5500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:32:41.0009 5500 DXGKrnl - ok
00:32:41.0037 5500 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:32:41.0039 5500 EapHost - ok
00:32:41.0230 5500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:32:41.0247 5500 ebdrv - ok
00:32:41.0328 5500 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:32:41.0332 5500 eeCtrl - ok
00:32:41.0409 5500 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:32:41.0411 5500 EFS - ok
00:32:41.0496 5500 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:32:41.0506 5500 ehRecvr - ok
00:32:41.0524 5500 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:32:41.0525 5500 ehSched - ok
00:32:41.0598 5500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:32:41.0602 5500 elxstor - ok
00:32:41.0652 5500 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:32:41.0653 5500 EraserUtilRebootDrv - ok
00:32:41.0672 5500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:32:41.0672 5500 ErrDev - ok
00:32:41.0716 5500 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:32:41.0720 5500 EventSystem - ok
00:32:41.0750 5500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:32:41.0752 5500 exfat - ok
00:32:41.0775 5500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:32:41.0777 5500 fastfat - ok
00:32:41.0825 5500 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:32:41.0832 5500 Fax - ok
00:32:41.0847 5500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:32:41.0848 5500 fdc - ok
00:32:41.0863 5500 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:32:41.0864 5500 fdPHost - ok
00:32:41.0876 5500 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:32:41.0877 5500 FDResPub - ok
00:32:41.0890 5500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:32:41.0891 5500 FileInfo - ok
00:32:41.0901 5500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:32:41.0902 5500 Filetrace - ok
00:32:41.0922 5500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:32:41.0923 5500 flpydisk - ok
00:32:41.0955 5500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:32:41.0958 5500 FltMgr - ok
00:32:42.0041 5500 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:32:42.0052 5500 FontCache - ok
00:32:42.0112 5500 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:32:42.0114 5500 FontCache3.0.0.0 - ok
00:32:42.0159 5500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:32:42.0161 5500 FsDepends - ok
00:32:42.0195 5500 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:32:42.0196 5500 Fs_Rec - ok
00:32:42.0228 5500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:32:42.0231 5500 fvevol - ok
00:32:42.0252 5500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:32:42.0253 5500 gagp30kx - ok
00:32:42.0313 5500 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:32:42.0316 5500 GamesAppService - ok
00:32:42.0398 5500 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:32:42.0408 5500 gpsvc - ok
00:32:42.0454 5500 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:32:42.0456 5500 gupdate - ok
00:32:42.0464 5500 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:32:42.0466 5500 gupdatem - ok
00:32:42.0497 5500 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:32:42.0498 5500 hamachi - ok
00:32:42.0705 5500 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:32:42.0719 5500 Hamachi2Svc - ok
00:32:42.0820 5500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:32:42.0821 5500 hcw85cir - ok
00:32:42.0857 5500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:32:42.0860 5500 HdAudAddService - ok
00:32:42.0884 5500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:32:42.0885 5500 HDAudBus - ok
00:32:42.0897 5500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:32:42.0898 5500 HidBatt - ok
00:32:42.0917 5500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:32:42.0918 5500 HidBth - ok
00:32:42.0927 5500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:32:42.0927 5500 HidIr - ok
00:32:42.0950 5500 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:32:42.0952 5500 hidserv - ok
00:32:42.0971 5500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:32:42.0971 5500 HidUsb - ok
00:32:42.0986 5500 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:32:42.0988 5500 hkmsvc - ok
00:32:43.0122 5500 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:32:43.0128 5500 HomeGroupListener - ok
00:32:43.0161 5500 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:32:43.0167 5500 HomeGroupProvider - ok
00:32:43.0247 5500 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
00:32:43.0252 5500 HPClientSvc - ok
00:32:43.0277 5500 hpqwmiex - ok
00:32:43.0314 5500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:32:43.0315 5500 HpSAMD - ok
00:32:43.0372 5500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:32:43.0378 5500 HTTP - ok
00:32:43.0392 5500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:32:43.0393 5500 hwpolicy - ok
00:32:43.0415 5500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:32:43.0416 5500 i8042prt - ok
00:32:43.0457 5500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:32:43.0461 5500 iaStorV - ok
00:32:43.0577 5500 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:32:43.0590 5500 idsvc - ok
00:32:43.0745 5500 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111015.030\IDSvia64.sys
00:32:43.0752 5500 IDSVia64 - ok
00:32:44.0173 5500 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:32:44.0202 5500 igfx - ok
00:32:44.0295 5500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:32:44.0296 5500 iirsp - ok
00:32:44.0384 5500 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:32:44.0398 5500 IKEEXT - ok
00:32:44.0558 5500 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
00:32:44.0573 5500 IntcAzAudAddService - ok
00:32:44.0630 5500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:32:44.0631 5500 intelide - ok
00:32:44.0646 5500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
00:32:44.0647 5500 intelppm - ok
00:32:44.0667 5500 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:32:44.0669 5500 IPBusEnum - ok
00:32:44.0702 5500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:32:44.0703 5500 IpFilterDriver - ok
00:32:44.0767 5500 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:32:44.0776 5500 iphlpsvc - ok
00:32:44.0804 5500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:32:44.0805 5500 IPMIDRV - ok
00:32:44.0823 5500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:32:44.0824 5500 IPNAT - ok
00:32:44.0836 5500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:32:44.0837 5500 IRENUM - ok
00:32:44.0854 5500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:32:44.0855 5500 isapnp - ok
00:32:44.0884 5500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:32:44.0887 5500 iScsiPrt - ok
00:32:44.0906 5500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:32:44.0907 5500 kbdclass - ok
00:32:44.0915 5500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:32:44.0916 5500 kbdhid - ok
00:32:44.0942 5500 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:44.0944 5500 KeyIso - ok
00:32:44.0970 5500 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:32:44.0971 5500 KSecDD - ok
00:32:44.0986 5500 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:32:44.0988 5500 KSecPkg - ok
00:32:45.0001 5500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:32:45.0002 5500 ksthunk - ok
00:32:45.0040 5500 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:32:45.0045 5500 KtmRm - ok
00:32:45.0082 5500 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:32:45.0089 5500 LanmanServer - ok
00:32:45.0121 5500 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:32:45.0127 5500 LanmanWorkstation - ok
00:32:45.0223 5500 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:32:45.0227 5500 LBTServ - ok
00:32:45.0255 5500 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:32:45.0256 5500 LHidFilt - ok
00:32:45.0311 5500 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:32:45.0313 5500 LightScribeService - ok
00:32:45.0336 5500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:32:45.0337 5500 lltdio - ok
00:32:45.0377 5500 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:32:45.0384 5500 lltdsvc - ok
00:32:45.0398 5500 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:32:45.0401 5500 lmhosts - ok
00:32:45.0433 5500 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:32:45.0434 5500 LMouFilt - ok
00:32:45.0470 5500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:32:45.0472 5500 LSI_FC - ok
00:32:45.0491 5500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:32:45.0493 5500 LSI_SAS - ok
00:32:45.0508 5500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:32:45.0510 5500 LSI_SAS2 - ok
00:32:45.0540 5500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:32:45.0541 5500 LSI_SCSI - ok
00:32:45.0561 5500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:32:45.0562 5500 luafv - ok
00:32:45.0590 5500 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys
00:32:45.0590 5500 Lycosa - ok
00:32:45.0614 5500 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:32:45.0616 5500 Mcx2Svc - ok
00:32:45.0638 5500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:32:45.0639 5500 megasas - ok
00:32:45.0674 5500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:32:45.0677 5500 MegaSR - ok
00:32:45.0698 5500 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:32:45.0700 5500 MMCSS - ok
00:32:45.0713 5500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:32:45.0714 5500 Modem - ok
00:32:45.0726 5500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:32:45.0728 5500 monitor - ok
00:32:45.0737 5500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:32:45.0737 5500 mouclass - ok
00:32:45.0743 5500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:32:45.0743 5500 mouhid - ok
00:32:45.0761 5500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:32:45.0762 5500 mountmgr - ok
00:32:45.0816 5500 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:32:45.0819 5500 MozillaMaintenance - ok
00:32:45.0848 5500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:32:45.0851 5500 mpio - ok
00:32:45.0871 5500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:32:45.0873 5500 mpsdrv - ok
00:32:45.0939 5500 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:32:45.0949 5500 MpsSvc - ok
00:32:45.0968 5500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:32:45.0970 5500 MRxDAV - ok
00:32:45.0999 5500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:32:46.0000 5500 mrxsmb - ok
00:32:46.0024 5500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:32:46.0026 5500 mrxsmb10 - ok
00:32:46.0038 5500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:32:46.0039 5500 mrxsmb20 - ok
00:32:46.0060 5500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:32:46.0060 5500 msahci - ok
00:32:46.0090 5500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:32:46.0091 5500 msdsm - ok
00:32:46.0120 5500 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:32:46.0121 5500 MSDTC - ok
00:32:46.0144 5500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:32:46.0145 5500 Msfs - ok
00:32:46.0149 5500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:32:46.0150 5500 mshidkmdf - ok
00:32:46.0174 5500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:32:46.0174 5500 msisadrv - ok
00:32:46.0198 5500 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:32:46.0199 5500 MSiSCSI - ok
00:32:46.0202 5500 msiserver - ok
00:32:46.0215 5500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:32:46.0216 5500 MSKSSRV - ok
00:32:46.0219 5500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:32:46.0219 5500 MSPCLOCK - ok
00:32:46.0223 5500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:32:46.0223 5500 MSPQM - ok
00:32:46.0256 5500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:32:46.0259 5500 MsRPC - ok
00:32:46.0275 5500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:32:46.0275 5500 mssmbios - ok
00:32:46.0278 5500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:32:46.0278 5500 MSTEE - ok
00:32:46.0301 5500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:32:46.0302 5500 MTConfig - ok
00:32:46.0313 5500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:32:46.0314 5500 Mup - ok
00:32:46.0353 5500 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:32:46.0357 5500 napagent - ok
00:32:46.0393 5500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:32:46.0395 5500 NativeWifiP - ok
00:32:46.0529 5500 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111017.003\ENG64.SYS
00:32:46.0531 5500 NAVENG - ok
00:32:46.0656 5500 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111017.003\EX64.SYS
00:32:46.0670 5500 NAVEX15 - ok
00:32:46.0794 5500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:32:46.0800 5500 NDIS - ok
00:32:46.0812 5500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:32:46.0812 5500 NdisCap - ok
00:32:46.0823 5500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:32:46.0824 5500 NdisTapi - ok
00:32:46.0838 5500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:32:46.0838 5500 Ndisuio - ok
00:32:46.0857 5500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:32:46.0858 5500 NdisWan - ok
00:32:46.0866 5500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:32:46.0867 5500 NDProxy - ok
00:32:46.0879 5500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:32:46.0879 5500 NetBIOS - ok
00:32:46.0904 5500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:32:46.0906 5500 NetBT - ok
00:32:46.0925 5500 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:46.0926 5500 Netlogon - ok
00:32:46.0960 5500 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:32:46.0963 5500 Netman - ok
00:32:47.0046 5500 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:47.0049 5500 NetMsmqActivator - ok
00:32:47.0059 5500 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:47.0062 5500 NetPipeActivator - ok
00:32:47.0105 5500 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:32:47.0110 5500 netprofm - ok
00:32:47.0115 5500 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:47.0117 5500 NetTcpActivator - ok
00:32:47.0121 5500 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:32:47.0123 5500 NetTcpPortSharing - ok
00:32:47.0166 5500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:32:47.0167 5500 nfrd960 - ok
00:32:47.0258 5500 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
00:32:47.0260 5500 NIS - ok
00:32:47.0301 5500 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:32:47.0308 5500 NlaSvc - ok
00:32:47.0532 5500 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:32:47.0551 5500 NOBU - ok
00:32:47.0637 5500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:32:47.0639 5500 Npfs - ok
00:32:47.0666 5500 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:32:47.0668 5500 nsi - ok
00:32:47.0678 5500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:32:47.0679 5500 nsiproxy - ok
00:32:47.0813 5500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:32:47.0827 5500 Ntfs - ok
00:32:47.0871 5500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:32:47.0872 5500 Null - ok
00:32:47.0903 5500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:32:47.0904 5500 nvraid - ok
00:32:47.0915 5500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:32:47.0916 5500 nvstor - ok
00:32:47.0932 5500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:32:47.0933 5500 nv_agp - ok
00:32:47.0958 5500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:32:47.0960 5500 ohci1394 - ok
00:32:48.0002 5500 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:32:48.0010 5500 p2pimsvc - ok
00:32:48.0066 5500 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:32:48.0076 5500 p2psvc - ok
00:32:48.0094 5500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:32:48.0096 5500 Parport - ok
00:32:48.0122 5500 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:32:48.0123 5500 partmgr - ok
00:32:48.0146 5500 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
00:32:48.0147 5500 PCAMp50a64 - ok
00:32:48.0159 5500 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
00:32:48.0159 5500 PCASp50a64 - ok
00:32:48.0181 5500 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:32:48.0185 5500 PcaSvc - ok
00:32:48.0214 5500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:32:48.0216 5500 pci - ok
00:32:48.0244 5500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:32:48.0245 5500 pciide - ok
00:32:48.0283 5500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:32:48.0285 5500 pcmcia - ok
00:32:48.0312 5500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:32:48.0312 5500 pcw - ok
00:32:48.0348 5500 pdfcDispatcher - ok
00:32:48.0414 5500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:32:48.0420 5500 PEAUTH - ok
00:32:48.0504 5500 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:32:48.0506 5500 PerfHost - ok
00:32:48.0692 5500 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:32:48.0705 5500 pla - ok
00:32:48.0736 5500 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:32:48.0739 5500 PlugPlay - ok
00:32:48.0749 5500 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:32:48.0751 5500 PNRPAutoReg - ok
00:32:48.0776 5500 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:32:48.0778 5500 PNRPsvc - ok
00:32:48.0823 5500 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:32:48.0826 5500 PolicyAgent - ok
00:32:48.0854 5500 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:32:48.0856 5500 Power - ok
00:32:48.0911 5500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:32:48.0913 5500 PptpMiniport - ok
00:32:48.0935 5500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:32:48.0936 5500 Processor - ok
00:32:48.0981 5500 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:32:48.0987 5500 ProfSvc - ok
00:32:49.0010 5500 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:49.0013 5500 ProtectedStorage - ok
00:32:49.0037 5500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:32:49.0039 5500 Psched - ok
00:32:49.0137 5500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:32:49.0150 5500 ql2300 - ok
00:32:49.0234 5500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:32:49.0237 5500 ql40xx - ok
00:32:49.0277 5500 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:32:49.0284 5500 QWAVE - ok
00:32:49.0301 5500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:32:49.0302 5500 QWAVEdrv - ok
00:32:49.0319 5500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:32:49.0319 5500 RasAcd - ok
00:32:49.0347 5500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:32:49.0348 5500 RasAgileVpn - ok
00:32:49.0366 5500 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:32:49.0369 5500 RasAuto - ok
00:32:49.0384 5500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:32:49.0386 5500 Rasl2tp - ok
00:32:49.0412 5500 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:32:49.0417 5500 RasMan - ok
00:32:49.0435 5500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:32:49.0436 5500 RasPppoe - ok
00:32:49.0448 5500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:32:49.0449 5500 RasSstp - ok
00:32:49.0475 5500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:32:49.0477 5500 rdbss - ok
00:32:49.0501 5500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:32:49.0501 5500 rdpbus - ok
00:32:49.0520 5500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:32:49.0521 5500 RDPCDD - ok
00:32:49.0535 5500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:32:49.0536 5500 RDPENCDD - ok
00:32:49.0549 5500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:32:49.0550 5500 RDPREFMP - ok
00:32:49.0589 5500 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:32:49.0591 5500 RDPWD - ok
00:32:49.0611 5500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:32:49.0614 5500 rdyboost - ok
00:32:49.0642 5500 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:32:49.0644 5500 RemoteAccess - ok
00:32:49.0676 5500 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:32:49.0680 5500 RemoteRegistry - ok
00:32:49.0746 5500 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
00:32:49.0752 5500 RoxioNow Service - ok
00:32:49.0770 5500 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:32:49.0772 5500 RpcEptMapper - ok
00:32:49.0791 5500 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:32:49.0792 5500 RpcLocator - ok
00:32:49.0836 5500 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
00:32:49.0847 5500 RpcSs - ok
00:32:49.0897 5500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:32:49.0899 5500 rspndr - ok
00:32:49.0935 5500 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:32:49.0938 5500 RTL8167 - ok
00:32:49.0959 5500 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:49.0961 5500 SamSs - ok
00:32:49.0985 5500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:32:49.0986 5500 sbp2port - ok
00:32:50.0018 5500 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:32:50.0021 5500 SCardSvr - ok
00:32:50.0029 5500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:32:50.0030 5500 scfilter - ok
00:32:50.0102 5500 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:32:50.0113 5500 Schedule - ok
00:32:50.0135 5500 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:32:50.0136 5500 SCPolicySvc - ok
00:32:50.0153 5500 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:32:50.0155 5500 SDRSVC - ok
00:32:50.0206 5500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:32:50.0208 5500 secdrv - ok
00:32:50.0226 5500 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:32:50.0230 5500 seclogon - ok
00:32:50.0243 5500 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:32:50.0245 5500 SENS - ok
00:32:50.0264 5500 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:32:50.0265 5500 SensrSvc - ok
00:32:50.0279 5500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:32:50.0279 5500 Serenum - ok
00:32:50.0299 5500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:32:50.0299 5500 Serial - ok
00:32:50.0305 5500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:32:50.0306 5500 sermouse - ok
00:32:50.0329 5500 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:32:50.0331 5500 SessionEnv - ok
00:32:50.0349 5500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:32:50.0350 5500 sffdisk - ok
00:32:50.0359 5500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:32:50.0360 5500 sffp_mmc - ok
00:32:50.0370 5500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:32:50.0370 5500 sffp_sd - ok
00:32:50.0417 5500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:32:50.0417 5500 sfloppy - ok
00:32:50.0491 5500 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:32:50.0494 5500 SharedAccess - ok
00:32:50.0565 5500 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:32:50.0571 5500 ShellHWDetection - ok
00:32:50.0620 5500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:32:50.0621 5500 SiSRaid2 - ok
00:32:50.0646 5500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:32:50.0648 5500 SiSRaid4 - ok
00:32:50.0677 5500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:32:50.0679 5500 Smb - ok
00:32:50.0711 5500 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:32:50.0716 5500 SNMPTRAP - ok
00:32:50.0725 5500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:32:50.0726 5500 spldr - ok
00:32:50.0783 5500 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:32:50.0795 5500 Spooler - ok
00:32:51.0050 5500 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:32:51.0072 5500 sppsvc - ok
00:32:51.0146 5500 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:32:51.0151 5500 sppuinotify - ok
00:32:51.0273 5500 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
00:32:51.0284 5500 SRTSP - ok
00:32:51.0300 5500 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
00:32:51.0301 5500 SRTSPX - ok
00:32:51.0352 5500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:32:51.0359 5500 srv - ok
00:32:51.0388 5500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:32:51.0391 5500 srv2 - ok
00:32:51.0406 5500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:32:51.0407 5500 srvnet - ok
00:32:51.0431 5500 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:32:51.0433 5500 SSDPSRV - ok
00:32:51.0448 5500 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:32:51.0450 5500 SstpSvc - ok
00:32:51.0486 5500 Steam Client Service - ok
00:32:51.0516 5500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:32:51.0517 5500 stexstor - ok
00:32:51.0583 5500 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:32:51.0596 5500 stisvc - ok
00:32:51.0621 5500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:32:51.0622 5500 swenum - ok
00:32:51.0668 5500 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:32:51.0674 5500 swprv - ok
00:32:51.0761 5500 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
00:32:51.0768 5500 SymDS - ok
00:32:51.0849 5500 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
00:32:51.0860 5500 SymEFA - ok
00:32:51.0889 5500 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:32:51.0891 5500 SymEvent - ok
00:32:51.0916 5500 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
00:32:51.0917 5500 SymIM - ok
00:32:51.0938 5500 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
00:32:51.0939 5500 SymIRON - ok
00:32:51.0970 5500 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
00:32:51.0973 5500 SymNetS - ok
00:32:52.0081 5500 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:32:52.0097 5500 SysMain - ok
00:32:52.0174 5500 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:32:52.0177 5500 TabletInputService - ok
00:32:52.0210 5500 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:32:52.0215 5500 TapiSrv - ok
00:32:52.0229 5500 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:32:52.0232 5500 TBS - ok
00:32:52.0377 5500 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:32:52.0396 5500 Tcpip - ok
00:32:52.0627 5500 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:32:52.0640 5500 TCPIP6 - ok
00:32:52.0710 5500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:32:52.0712 5500 tcpipreg - ok
00:32:52.0731 5500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:32:52.0732 5500 TDPIPE - ok
00:32:52.0759 5500 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:32:52.0759 5500 TDTCP - ok
00:32:52.0778 5500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:32:52.0780 5500 tdx - ok
00:32:52.0796 5500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:32:52.0797 5500 TermDD - ok
00:32:52.0854 5500 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:32:52.0861 5500 TermService - ok
00:32:52.0872 5500 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:32:52.0875 5500 Themes - ok
00:32:52.0898 5500 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:32:52.0899 5500 THREADORDER - ok
00:32:52.0917 5500 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:32:52.0919 5500 TrkWks - ok
00:32:52.0947 5500 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:32:52.0951 5500 TrustedInstaller - ok
00:32:52.0979 5500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:32:52.0979 5500 tssecsrv - ok
00:32:52.0995 5500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:32:52.0996 5500 TsUsbFlt - ok
00:32:53.0016 5500 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:32:53.0017 5500 TsUsbGD - ok
00:32:53.0036 5500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:32:53.0037 5500 tunnel - ok
00:32:53.0063 5500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:32:53.0064 5500 uagp35 - ok
00:32:53.0095 5500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:32:53.0098 5500 udfs - ok
00:32:53.0128 5500 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:32:53.0131 5500 UI0Detect - ok
00:32:53.0149 5500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:32:53.0150 5500 uliagpkx - ok
00:32:53.0167 5500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:32:53.0168 5500 umbus - ok
00:32:53.0177 5500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:32:53.0178 5500 UmPass - ok
00:32:53.0214 5500 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:32:53.0219 5500 upnphost - ok
00:32:53.0240 5500 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
00:32:53.0241 5500 usbbus - ok
00:32:53.0265 5500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:32:53.0266 5500 usbccgp - ok
00:32:53.0299 5500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:32:53.0300 5500 usbcir - ok
00:32:53.0312 5500 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
00:32:53.0312 5500 UsbDiag - ok
00:32:53.0329 5500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:32:53.0330 5500 usbehci - ok
00:32:53.0340 5500 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
00:32:53.0340 5500 usbfilter - ok
00:32:53.0375 5500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:32:53.0378 5500 usbhub - ok
00:32:53.0392 5500 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
00:32:53.0393 5500 USBModem - ok
00:32:53.0404 5500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:32:53.0405 5500 usbohci - ok
00:32:53.0417 5500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:32:53.0417 5500 usbprint - ok
00:32:53.0434 5500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:32:53.0435 5500 USBSTOR - ok
00:32:53.0452 5500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:32:53.0453 5500 usbuhci - ok
00:32:53.0479 5500 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:32:53.0484 5500 UxSms - ok
00:32:53.0509 5500 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:32:53.0512 5500 VaultSvc - ok
00:32:53.0523 5500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:32:53.0525 5500 vdrvroot - ok
00:32:53.0572 5500 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:32:53.0584 5500 vds - ok
00:32:53.0605 5500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:32:53.0606 5500 vga - ok
00:32:53.0610 5500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:32:53.0611 5500 VgaSave - ok
00:32:53.0648 5500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:32:53.0649 5500 vhdmp - ok
00:32:53.0671 5500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:32:53.0671 5500 viaide - ok
00:32:53.0684 5500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:32:53.0684 5500 volmgr - ok
00:32:53.0712 5500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:32:53.0714 5500 volmgrx - ok
00:32:53.0740 5500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:32:53.0742 5500 volsnap - ok
00:32:53.0774 5500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:32:53.0775 5500 vsmraid - ok
00:32:53.0880 5500 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:32:53.0896 5500 VSS - ok
00:32:53.0997 5500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:32:53.0998 5500 vwifibus - ok
00:32:54.0035 5500 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:32:54.0040 5500 W32Time - ok
00:32:54.0054 5500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:32:54.0055 5500 WacomPen - ok
00:32:54.0072 5500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:32:54.0073 5500 WANARP - ok
00:32:54.0077 5500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:32:54.0078 5500 Wanarpv6 - ok
00:32:54.0180 5500 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:32:54.0191 5500 WatAdminSvc - ok
00:32:54.0309 5500 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:32:54.0324 5500 wbengine - ok
00:32:54.0453 5500 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:32:54.0460 5500 WbioSrvc - ok
00:32:54.0500 5500 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:32:54.0510 5500 wcncsvc - ok
00:32:54.0539 5500 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:32:54.0542 5500 WcsPlugInService - ok
00:32:54.0574 5500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:32:54.0574 5500 Wd - ok
00:32:54.0622 5500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:32:54.0627 5500 Wdf01000 - ok
00:32:54.0644 5500 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:32:54.0647 5500 WdiServiceHost - ok
00:32:54.0651 5500 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:32:54.0654 5500 WdiSystemHost - ok
00:32:54.0689 5500 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:32:54.0693 5500 WebClient - ok
00:32:54.0715 5500 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:32:54.0719 5500 Wecsvc - ok
00:32:54.0736 5500 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:32:54.0739 5500 wercplsupport - ok
00:32:54.0750 5500 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:32:54.0753 5500 WerSvc - ok
00:32:54.0804 5500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:32:54.0805 5500 WfpLwf - ok
00:32:54.0824 5500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:32:54.0826 5500 WIMMount - ok
00:32:54.0846 5500 WinDefend - ok
00:32:54.0864 5500 WinHttpAutoProxySvc - ok
00:32:54.0925 5500 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:32:54.0929 5500 Winmgmt - ok
00:32:55.0096 5500 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:32:55.0109 5500 WinRM - ok
00:32:55.0246 5500 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:32:55.0263 5500 Wlansvc - ok
00:32:55.0322 5500 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:32:55.0323 5500 wlcrasvc - ok
00:32:55.0519 5500 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:32:55.0532 5500 wlidsvc - ok
00:32:55.0582 5500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:32:55.0583 5500 WmiAcpi - ok
00:32:55.0646 5500 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:32:55.0650 5500 wmiApSrv - ok
00:32:55.0677 5500 WMPNetworkSvc - ok
00:32:55.0708 5500 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:32:55.0713 5500 WPCSvc - ok
00:32:55.0732 5500 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:32:55.0735 5500 WPDBusEnum - ok
00:32:55.0811 5500 WPN111 (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\WPN111vx.sys
00:32:55.0820 5500 WPN111 - ok
00:32:55.0848 5500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:32:55.0849 5500 ws2ifsl - ok
00:32:55.0863 5500 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:32:55.0866 5500 wscsvc - ok
00:32:55.0870 5500 WSearch - ok
00:32:56.0032 5500 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:32:56.0054 5500 wuauserv - ok
00:32:56.0148 5500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:32:56.0150 5500 WudfPf - ok
00:32:56.0178 5500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:32:56.0182 5500 WUDFRd - ok
00:32:56.0212 5500 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:32:56.0218 5500 wudfsvc - ok
00:32:56.0243 5500 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:32:56.0247 5500 WwanSvc - ok
00:32:56.0308 5500 X6va005 - ok
00:32:56.0351 5500 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
00:32:56.0353 5500 xusb21 - ok
00:32:56.0384 5500 MBR (0x1B8) (12aa7b560dd722627fb3d07c8e9cda75) \Device\Harddisk0\DR0
00:32:56.0759 5500 \Device\Harddisk0\DR0 - ok
00:32:56.0765 5500 Boot (0x1200) (ed80b8c94fe0d998cd0568c130c7e467) \Device\Harddisk0\DR0\Partition0
00:32:56.0768 5500 \Device\Harddisk0\DR0\Partition0 - ok
00:32:56.0775 5500 Boot (0x1200) (00f9d6e247c8a11d33728a429e58a5c1) \Device\Harddisk0\DR0\Partition1
00:32:56.0777 5500 \Device\Harddisk0\DR0\Partition1 - ok
00:32:56.0802 5500 Boot (0x1200) (7a004365763a27f19e6e96324f11de36) \Device\Harddisk0\DR0\Partition2
00:32:56.0804 5500 \Device\Harddisk0\DR0\Partition2 - ok
00:32:56.0804 5500 ============================================================
00:32:56.0804 5500 Scan finished
00:32:56.0804 5500 ============================================================
00:32:56.0814 5044 Detected object count: 0
00:32:56.0814 5044 Actual detected object count: 0

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 00:34:44
-----------------------------
00:34:44.348 OS Version: Windows x64 6.1.7601 Service Pack 1
00:34:44.348 Number of processors: 4 586 0xA00
00:34:44.349 ComputerName: JAMES-HP UserName: James
00:34:47.696 Initialize success
00:36:04.659 AVAST engine defs: 12073100
00:36:56.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
00:36:56.683 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
00:36:56.698 Disk 0 MBR read successfully
00:36:56.703 Disk 0 MBR scan
00:36:56.712 Disk 0 unknown MBR code
00:36:56.720 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:36:56.737 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942354 MB offset 206848
00:36:56.781 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11413 MB offset 1930147840
00:36:56.833 Disk 0 scanning C:\Windows\system32\drivers
00:37:04.481 Service scanning
00:37:24.275 Modules scanning
00:37:24.293 Disk 0 trace - called modules:
00:37:24.313 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
00:37:24.325 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e02790]
00:37:24.337 3 CLASSPNP.SYS[fffff88001b8d43f] -> nt!IofCallDriver -> [0xfffffa8005d09ac0]
00:37:24.347 5 amd_xata.sys[fffff88000eda8b4] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8005d029c0]
00:37:26.243 AVAST engine scan C:\Windows
00:37:30.019 AVAST engine scan C:\Windows\system32
00:39:42.367 AVAST engine scan C:\Windows\system32\drivers
00:39:55.967 AVAST engine scan C:\Users\James
00:48:48.900 AVAST engine scan C:\ProgramData
00:50:34.165 Scan finished successfully
01:16:59.158 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
01:16:59.162 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 31 July 2012 - 01:22 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1jbcd7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 02 August 2012 - 11:27 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Venoch

Venoch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 August 2012 - 01:52 PM

Hi! I have been gone for a few days and in my absence I think I've become infected again! I haven't followed the previous instructions and malwarebytes says I am infected with "Trojan.Agent"! And my computer is running incredibly slow and often times I can't connect to the internet.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 04 August 2012 - 03:11 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Venoch

Venoch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 August 2012 - 05:16 PM

ComboFix 12-08-04.02 - James 08/04/2012 16:26:50.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4436 [GMT -5:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM121.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM151.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM1E0.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM230.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM270.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM32D.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM35E.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM3AE.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM40E.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM47D.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM4EC.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM55B.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM5AB.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM5CD.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM61D.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM64D.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM6BE.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM6CF.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM6E1.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEM6F2.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMAF.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMD1.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMF93C.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMF93E.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMF950.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMF961.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMF9E0.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMF9F2.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFA42.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFA82.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFB01.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFB32.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFB91.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFBB2.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFBE3.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFC91.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFCB2.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFCD3.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFCE5.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFCF6.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFE50.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFE71.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFEC1.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFED2.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFF92.tmp
c:\users\James\AppData\Local\Temp\XTMP1MC3VE\DEMFFD3.tmp
c:\users\James\AppData\Local\Temp\YTMP7MC8AA\TAAFF80.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 21:34 . 2012-08-04 21:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-04 21:34 . 2012-08-04 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 18:51 . 2012-08-04 18:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F711571-C99B-4F74-BE96-E20A5E37DC0A}\offreg.dll
2012-08-04 05:00 . 2012-08-04 05:00 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\A445.tmp
2012-08-04 05:00 . 2012-08-04 05:00 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\A444.tmp
2012-07-31 07:55 . 2012-07-31 07:55 -------- d-----w- c:\users\James\AppData\Local\ManyCam
2012-07-31 07:55 . 2012-07-31 07:55 -------- d-----w- c:\programdata\ManyCam
2012-07-31 07:55 . 2012-07-31 07:55 -------- d-----w- c:\users\James\AppData\Roaming\ManyCam
2012-07-31 07:55 . 2012-07-31 07:55 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-31 07:54 . 2012-07-31 07:54 -------- d-----w- c:\users\James\AppData\Local\APN
2012-07-31 07:54 . 2012-07-31 07:55 -------- d-----w- c:\program files (x86)\ManyCam
2012-07-31 07:54 . 2012-07-31 07:54 -------- d-----w- c:\programdata\Ask
2012-07-23 06:09 . 2012-07-23 06:09 -------- d-----w- c:\users\James\.stencylworks
2012-07-23 05:59 . 2012-07-23 05:59 -------- d-----w- C:\_OTL
2012-07-21 08:17 . 2012-07-21 08:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2012-07-21 08:17 . 2012-07-21 08:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 08:17 . 2012-07-21 08:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 08:17 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 18:43 . 2012-07-19 18:43 -------- d-----w- c:\users\James\AppData\Roaming\Tific
2012-07-19 18:43 . 2012-07-19 18:43 -------- d-----w- c:\users\James\AppData\Local\Symantec
2012-07-19 07:23 . 2012-07-19 07:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 02:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F711571-C99B-4F74-BE96-E20A5E37DC0A}\mpengine.dll
2012-07-11 06:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 02:57 . 2012-06-13 02:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 02:57 . 2011-08-18 01:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 06:28 . 2011-09-16 00:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-04 20:35 . 2012-07-04 20:35 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-27 16:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 16:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 16:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 16:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 16:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 16:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 16:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-27 16:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-27 16:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 22:40 . 2012-05-18 22:40 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 04:01 . 2012-06-14 02:49 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 02:49 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 02:49 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-04_07.45.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-04 20:03 . 2012-08-04 20:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-07-19 07:40 . 2012-08-04 18:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-19 07:40 . 2012-08-04 05:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-04 19:29 . 2012-08-04 20:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012080420120805\index.dat
+ 2012-08-04 19:29 . 2012-08-04 18:50 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat
- 2012-07-19 07:23 . 2012-08-04 05:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-19 07:23 . 2012-08-04 21:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-08-04 18:50 51758 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 21:24 36298 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-04 07:45 36298 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-18 03:27 . 2012-08-04 21:24 20764 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3851693690-3446655048-1488436680-1000_UserData.bin
+ 2011-02-11 19:25 . 2012-08-04 18:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-08-03 20:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-25 16:33 . 2012-08-03 20:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-25 16:33 . 2012-08-04 18:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 20:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 18:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 00:49 . 2012-08-04 21:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-18 00:49 . 2012-08-04 07:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-18 00:49 . 2012-08-04 07:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-18 00:49 . 2012-08-04 21:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-18 00:49 . 2012-08-04 21:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-18 00:49 . 2012-08-04 07:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 03:21 . 2012-08-04 21:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-18 03:21 . 2012-08-04 07:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-18 03:21 . 2012-08-04 07:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 03:21 . 2012-08-04 21:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-04 20:03 . 2012-08-04 20:03 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6C834975-DE6F-11E1-998C-2C27D72265CA}.dat
+ 2012-08-04 20:03 . 2012-08-04 20:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C834976-DE6F-11E1-998C-2C27D72265CA}.dat
+ 2012-08-04 21:35 . 2012-08-04 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-04 07:43 . 2012-08-04 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 21:35 . 2012-08-04 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 07:43 . 2012-08-04 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-16 23:01 . 2012-08-04 21:36 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-16 23:01 . 2012-08-04 05:02 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-27 21:32 . 2012-08-04 07:44 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-27 21:32 . 2012-08-04 21:36 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 18:41 . 2012-08-04 22:03 359254 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-08-04 21:34 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-04 07:42 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-04 21:36 4145152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 21:36 1196032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-04 07:44 1196032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 03:24 . 2012-08-04 08:04 2833208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-18 03:24 . 2012-08-04 07:42 2833208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-18 03:24 . 2012-08-04 07:42 38458428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3851693690-3446655048-1488436680-1000-8192.dat
+ 2011-08-18 03:24 . 2012-08-04 21:34 38458428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3851693690-3446655048-1488436680-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 02:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"SanDiskSecureAccess_Manager.exe"="c:\users\James\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-08-24 27306624]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Facebook Update"="c:\users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Spotify"="c:\users\James\AppData\Roaming\Spotify\spotify.exe" [2012-06-04 9478320]
"Spotify Web Helper"="c:\users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-04 932528]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-06-28 2160024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-27 336384]
"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-17 0]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN111 Configuration Utility\WPN111.exe [2011-10-20 491606]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-19 1255736]
R3 X6va005;X6va005;c:\users\James\AppData\Local\Temp\005B8DE.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111015.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-26 237056]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-27 365568]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-26 11172864]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-26 339456]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 136824]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [2008-08-05 1075712]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 02:57]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000Core.job
- c:\users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-03 22:00]
.
2012-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000UA.job
- c:\users\James\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-03 22:00]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 05:27]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 05:27]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 18:55]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3851693690-3446655048-1488436680-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 18:55]
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForJames.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{54A62299-AEA5-44C9-8F0E-8641A671B526}\157756374784: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1jbcd7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.equestriadaily.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\James\AppData\Local\Temp\005B8DE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-08-04 17:06:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 22:06
ComboFix2.txt 2012-08-04 07:50
ComboFix3.txt 2012-07-29 20:19
.
Pre-Run: 842,116,546,560 bytes free
Post-Run: 842,010,570,752 bytes free
.
- - End Of File - - 398F8ED2FA7C2B52B0223A1615B21681



Okay, here is the log form the successful attempt, when I first ran Combofix, my computer froze at Stage_5, so I ran it again and got the above log. I just ran a MalwareBytes Anti-Malware scan and it says Trojan.Agent is still there.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 04 August 2012 - 05:22 PM

I want you to rerun these again, Don't run any other scans until I ask you to please

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Venoch

Venoch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 August 2012 - 05:23 PM

Okay, should I download those scans again or should I delete the ones I downloaded before?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 04 August 2012 - 05:24 PM

go ahead and download new ones (just in case it has been updated)



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Venoch

Venoch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 August 2012 - 05:46 PM

17:25:00.0235 0936 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:25:00.0661 0936 ============================================================
17:25:00.0661 0936 Current date / time: 2012/08/04 17:25:00.0661
17:25:00.0661 0936 SystemInfo:
17:25:00.0661 0936
17:25:00.0661 0936 OS Version: 6.1.7601 ServicePack: 1.0
17:25:00.0661 0936 Product type: Workstation
17:25:00.0661 0936 ComputerName: JAMES-HP
17:25:00.0662 0936 UserName: James
17:25:00.0662 0936 Windows directory: C:\Windows
17:25:00.0662 0936 System windows directory: C:\Windows
17:25:00.0662 0936 Running under WOW64
17:25:00.0662 0936 Processor architecture: Intel x64
17:25:00.0662 0936 Number of processors: 4
17:25:00.0662 0936 Page size: 0x1000
17:25:00.0662 0936 Boot type: Normal boot
17:25:00.0662 0936 ============================================================
17:25:01.0958 0936 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:01.0978 0936 ============================================================
17:25:01.0978 0936 \Device\Harddisk0\DR0:
17:25:01.0978 0936 MBR partitions:
17:25:01.0978 0936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:25:01.0978 0936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73089000
17:25:01.0978 0936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730BB800, BlocksNum 0x164A800
17:25:01.0978 0936 ============================================================
17:25:02.0000 0936 C: <-> \Device\Harddisk0\DR0\Partition1
17:25:02.0054 0936 D: <-> \Device\Harddisk0\DR0\Partition2
17:25:02.0054 0936 ============================================================
17:25:02.0054 0936 Initialize success
17:25:02.0054 0936 ============================================================
17:25:42.0401 1860 ============================================================
17:25:42.0401 1860 Scan started
17:25:42.0401 1860 Mode: Manual;
17:25:42.0401 1860 ============================================================
17:25:43.0431 1860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:25:43.0434 1860 1394ohci - ok
17:25:43.0462 1860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:25:43.0466 1860 ACPI - ok
17:25:43.0475 1860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:25:43.0476 1860 AcpiPmi - ok
17:25:43.0577 1860 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:43.0579 1860 AdobeARMservice - ok
17:25:43.0705 1860 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:25:43.0706 1860 AdobeFlashPlayerUpdateSvc - ok
17:25:43.0772 1860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:25:43.0783 1860 adp94xx - ok
17:25:43.0835 1860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:25:43.0843 1860 adpahci - ok
17:25:43.0876 1860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:25:43.0881 1860 adpu320 - ok
17:25:43.0907 1860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:25:43.0909 1860 AeLookupSvc - ok
17:25:43.0972 1860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:25:43.0979 1860 AFD - ok
17:25:44.0009 1860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:25:44.0010 1860 agp440 - ok
17:25:44.0034 1860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:25:44.0036 1860 ALG - ok
17:25:44.0075 1860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:25:44.0076 1860 aliide - ok
17:25:44.0119 1860 AMD External Events Utility (c9a5a02cb76b35a78404f6d4101163f9) C:\Windows\system32\atiesrxx.exe
17:25:44.0123 1860 AMD External Events Utility - ok
17:25:44.0182 1860 AMD FUEL Service - ok
17:25:44.0194 1860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:25:44.0195 1860 amdide - ok
17:25:44.0218 1860 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:25:44.0219 1860 amdiox64 - ok
17:25:44.0235 1860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:25:44.0237 1860 AmdK8 - ok
17:25:44.0876 1860 amdkmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
17:25:45.0018 1860 amdkmdag - ok
17:25:45.0141 1860 amdkmdap (d93655ec3ca48fcbffd9d4e6df63737f) C:\Windows\system32\DRIVERS\atikmpag.sys
17:25:45.0144 1860 amdkmdap - ok
17:25:45.0173 1860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:25:45.0173 1860 AmdPPM - ok
17:25:45.0205 1860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:25:45.0207 1860 amdsata - ok
17:25:45.0239 1860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:25:45.0242 1860 amdsbs - ok
17:25:45.0257 1860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:25:45.0257 1860 amdxata - ok
17:25:45.0271 1860 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
17:25:45.0271 1860 amd_sata - ok
17:25:45.0298 1860 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
17:25:45.0299 1860 amd_xata - ok
17:25:45.0331 1860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:25:45.0332 1860 AppID - ok
17:25:45.0351 1860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:25:45.0352 1860 AppIDSvc - ok
17:25:45.0361 1860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:25:45.0361 1860 Appinfo - ok
17:25:45.0409 1860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:25:45.0410 1860 arc - ok
17:25:45.0448 1860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:25:45.0451 1860 arcsas - ok
17:25:45.0547 1860 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:25:45.0548 1860 aspnet_state - ok
17:25:45.0557 1860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:45.0558 1860 AsyncMac - ok
17:25:45.0589 1860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:25:45.0590 1860 atapi - ok
17:25:46.0204 1860 atikmdag (5f62e6cfd4fea8d19110bdeb423bf510) C:\Windows\system32\DRIVERS\atikmdag.sys
17:25:46.0254 1860 atikmdag - ok
17:25:46.0337 1860 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
17:25:46.0337 1860 AtiPcie - ok
17:25:46.0384 1860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:25:46.0390 1860 AudioEndpointBuilder - ok
17:25:46.0396 1860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:25:46.0399 1860 AudioSrv - ok
17:25:46.0421 1860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:25:46.0423 1860 AxInstSV - ok
17:25:46.0465 1860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:25:46.0470 1860 b06bdrv - ok
17:25:46.0497 1860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:25:46.0500 1860 b57nd60a - ok
17:25:46.0519 1860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:25:46.0521 1860 BDESVC - ok
17:25:46.0527 1860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:25:46.0528 1860 Beep - ok
17:25:46.0580 1860 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:25:46.0586 1860 BFE - ok
17:25:46.0761 1860 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys
17:25:46.0770 1860 BHDrvx64 - ok
17:25:46.0863 1860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
17:25:46.0864 1860 blbdrive - ok
17:25:46.0891 1860 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
17:25:46.0893 1860 bowser - ok
17:25:46.0918 1860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:25:46.0919 1860 BrFiltLo - ok
17:25:46.0929 1860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:25:46.0930 1860 BrFiltUp - ok
17:25:46.0962 1860 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:25:46.0964 1860 BridgeMP - ok
17:25:46.0991 1860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:25:46.0992 1860 Browser - ok
17:25:47.0019 1860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:25:47.0024 1860 Brserid - ok
17:25:47.0043 1860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:25:47.0045 1860 BrSerWdm - ok
17:25:47.0066 1860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:25:47.0067 1860 BrUsbMdm - ok
17:25:47.0107 1860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:25:47.0109 1860 BrUsbSer - ok
17:25:47.0136 1860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:25:47.0138 1860 BTHMODEM - ok
17:25:47.0162 1860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:25:47.0164 1860 bthserv - ok
17:25:47.0307 1860 catchme - ok
17:25:47.0341 1860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:25:47.0344 1860 cdfs - ok
17:25:47.0388 1860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:25:47.0391 1860 cdrom - ok
17:25:47.0461 1860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:25:47.0464 1860 CertPropSvc - ok
17:25:47.0508 1860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:25:47.0510 1860 circlass - ok
17:25:47.0561 1860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:25:47.0570 1860 CLFS - ok
17:25:47.0647 1860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:47.0647 1860 clr_optimization_v2.0.50727_32 - ok
17:25:47.0701 1860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:25:47.0702 1860 clr_optimization_v2.0.50727_64 - ok
17:25:47.0800 1860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:25:47.0802 1860 clr_optimization_v4.0.30319_32 - ok
17:25:47.0830 1860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:25:47.0832 1860 clr_optimization_v4.0.30319_64 - ok
17:25:47.0859 1860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:25:47.0860 1860 CmBatt - ok
17:25:47.0882 1860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:25:47.0883 1860 cmdide - ok
17:25:47.0935 1860 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:25:47.0941 1860 CNG - ok
17:25:47.0953 1860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:25:47.0954 1860 Compbatt - ok
17:25:47.0976 1860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:25:47.0977 1860 CompositeBus - ok
17:25:47.0991 1860 COMSysApp - ok
17:25:48.0001 1860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:25:48.0002 1860 crcdisk - ok
17:25:48.0047 1860 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:25:48.0049 1860 CryptSvc - ok
17:25:48.0114 1860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:25:48.0126 1860 DcomLaunch - ok
17:25:48.0162 1860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:25:48.0167 1860 defragsvc - ok
17:25:48.0183 1860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:25:48.0185 1860 DfsC - ok
17:25:48.0242 1860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:25:48.0245 1860 Dhcp - ok
17:25:48.0254 1860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:25:48.0255 1860 discache - ok
17:25:48.0295 1860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:25:48.0327 1860 Disk - ok
17:25:48.0443 1860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:25:48.0446 1860 Dnscache - ok
17:25:48.0477 1860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:25:48.0481 1860 dot3svc - ok
17:25:48.0502 1860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:25:48.0504 1860 DPS - ok
17:25:48.0534 1860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:25:48.0535 1860 drmkaud - ok
17:25:48.0598 1860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:25:48.0606 1860 DXGKrnl - ok
17:25:48.0635 1860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:25:48.0636 1860 EapHost - ok
17:25:48.0850 1860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:25:48.0886 1860 ebdrv - ok
17:25:48.0981 1860 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:25:48.0988 1860 eeCtrl - ok
17:25:49.0083 1860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:25:49.0086 1860 EFS - ok
17:25:49.0176 1860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:25:49.0186 1860 ehRecvr - ok
17:25:49.0233 1860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:25:49.0235 1860 ehSched - ok
17:25:49.0306 1860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:25:49.0317 1860 elxstor - ok
17:25:49.0399 1860 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:25:49.0402 1860 EraserUtilRebootDrv - ok
17:25:49.0445 1860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:25:49.0447 1860 ErrDev - ok
17:25:49.0534 1860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:25:49.0543 1860 EventSystem - ok
17:25:49.0637 1860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:25:49.0642 1860 exfat - ok
17:25:49.0669 1860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:25:49.0674 1860 fastfat - ok
17:25:49.0750 1860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:25:49.0765 1860 Fax - ok
17:25:49.0796 1860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:25:49.0798 1860 fdc - ok
17:25:49.0828 1860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:25:49.0831 1860 fdPHost - ok
17:25:49.0842 1860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:25:49.0844 1860 FDResPub - ok
17:25:49.0864 1860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:25:49.0866 1860 FileInfo - ok
17:25:49.0875 1860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:25:49.0876 1860 Filetrace - ok
17:25:49.0896 1860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:25:49.0897 1860 flpydisk - ok
17:25:49.0928 1860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:25:49.0932 1860 FltMgr - ok
17:25:50.0014 1860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:25:50.0029 1860 FontCache - ok
17:25:50.0093 1860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:25:50.0095 1860 FontCache3.0.0.0 - ok
17:25:50.0132 1860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:25:50.0134 1860 FsDepends - ok
17:25:50.0168 1860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:25:50.0169 1860 Fs_Rec - ok
17:25:50.0210 1860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:25:50.0215 1860 fvevol - ok
17:25:50.0250 1860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:25:50.0253 1860 gagp30kx - ok
17:25:50.0342 1860 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:25:50.0345 1860 GamesAppService - ok
17:25:50.0416 1860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:25:50.0433 1860 gpsvc - ok
17:25:50.0494 1860 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:25:50.0496 1860 gupdate - ok
17:25:50.0504 1860 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:25:50.0506 1860 gupdatem - ok
17:25:50.0537 1860 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:25:50.0538 1860 hamachi - ok
17:25:50.0766 1860 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:25:50.0780 1860 Hamachi2Svc - ok
17:25:50.0894 1860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:25:50.0895 1860 hcw85cir - ok
17:25:50.0931 1860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:25:50.0936 1860 HdAudAddService - ok
17:25:50.0960 1860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:25:50.0962 1860 HDAudBus - ok
17:25:50.0979 1860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:25:50.0980 1860 HidBatt - ok
17:25:50.0998 1860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:25:51.0000 1860 HidBth - ok
17:25:51.0017 1860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:25:51.0018 1860 HidIr - ok
17:25:51.0041 1860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:25:51.0042 1860 hidserv - ok
17:25:51.0069 1860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:25:51.0070 1860 HidUsb - ok
17:25:51.0085 1860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:25:51.0087 1860 hkmsvc - ok
17:25:51.0119 1860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:25:51.0122 1860 HomeGroupListener - ok
17:25:51.0148 1860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:25:51.0152 1860 HomeGroupProvider - ok
17:25:51.0228 1860 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:25:51.0234 1860 HPClientSvc - ok
17:25:51.0267 1860 hpqwmiex - ok
17:25:51.0305 1860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:25:51.0308 1860 HpSAMD - ok
17:25:51.0381 1860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:25:51.0397 1860 HTTP - ok
17:25:51.0416 1860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:25:51.0417 1860 hwpolicy - ok
17:25:51.0489 1860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:25:51.0491 1860 i8042prt - ok
17:25:51.0530 1860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:25:51.0536 1860 iaStorV - ok
17:25:51.0652 1860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:25:51.0665 1860 idsvc - ok
17:25:51.0809 1860 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111015.030\IDSvia64.sys
17:25:51.0816 1860 IDSVia64 - ok
17:25:52.0252 1860 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:25:52.0317 1860 igfx - ok
17:25:52.0409 1860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:25:52.0411 1860 iirsp - ok
17:25:52.0494 1860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:25:52.0506 1860 IKEEXT - ok
17:25:52.0671 1860 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
17:25:52.0690 1860 IntcAzAudAddService - ok
17:25:52.0737 1860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:25:52.0737 1860 intelide - ok
17:25:52.0769 1860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
17:25:52.0771 1860 intelppm - ok
17:25:52.0792 1860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:25:52.0797 1860 IPBusEnum - ok
17:25:52.0826 1860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:25:52.0829 1860 IpFilterDriver - ok
17:25:52.0906 1860 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:25:52.0919 1860 iphlpsvc - ok
17:25:52.0944 1860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:25:52.0945 1860 IPMIDRV - ok
17:25:52.0969 1860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:25:52.0971 1860 IPNAT - ok
17:25:52.0993 1860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:25:52.0994 1860 IRENUM - ok
17:25:53.0011 1860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:25:53.0012 1860 isapnp - ok
17:25:53.0041 1860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:25:53.0045 1860 iScsiPrt - ok
17:25:53.0071 1860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:25:53.0072 1860 kbdclass - ok
17:25:53.0089 1860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:25:53.0090 1860 kbdhid - ok
17:25:53.0125 1860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:25:53.0127 1860 KeyIso - ok
17:25:53.0160 1860 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:25:53.0161 1860 KSecDD - ok
17:25:53.0176 1860 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:25:53.0178 1860 KSecPkg - ok
17:25:53.0192 1860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:25:53.0192 1860 ksthunk - ok
17:25:53.0238 1860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:25:53.0245 1860 KtmRm - ok
17:25:53.0287 1860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:25:53.0291 1860 LanmanServer - ok
17:25:53.0318 1860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:25:53.0321 1860 LanmanWorkstation - ok
17:25:53.0432 1860 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:25:53.0438 1860 LBTServ - ok
17:25:53.0479 1860 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:25:53.0481 1860 LHidFilt - ok
17:25:53.0543 1860 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:25:53.0544 1860 LightScribeService - ok
17:25:53.0562 1860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:25:53.0564 1860 lltdio - ok
17:25:53.0613 1860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:25:53.0621 1860 lltdsvc - ok
17:25:53.0638 1860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:25:53.0641 1860 lmhosts - ok
17:25:53.0682 1860 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:25:53.0684 1860 LMouFilt - ok
17:25:53.0735 1860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:25:53.0738 1860 LSI_FC - ok
17:25:53.0756 1860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:25:53.0760 1860 LSI_SAS - ok
17:25:53.0780 1860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:25:53.0782 1860 LSI_SAS2 - ok
17:25:53.0813 1860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:25:53.0815 1860 LSI_SCSI - ok
17:25:53.0842 1860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:25:53.0844 1860 luafv - ok
17:25:53.0880 1860 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys
17:25:53.0880 1860 Lycosa - ok
17:25:53.0929 1860 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
17:25:53.0930 1860 ManyCam - ok
17:25:53.0975 1860 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
17:25:53.0976 1860 mcaudrv_simple - ok
17:25:54.0005 1860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:25:54.0010 1860 Mcx2Svc - ok
17:25:54.0037 1860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:25:54.0039 1860 megasas - ok
17:25:54.0094 1860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:25:54.0101 1860 MegaSR - ok
17:25:54.0123 1860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:25:54.0127 1860 MMCSS - ok
17:25:54.0148 1860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:25:54.0150 1860 Modem - ok
17:25:54.0175 1860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:25:54.0175 1860 monitor - ok
17:25:54.0193 1860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:25:54.0194 1860 mouclass - ok
17:25:54.0199 1860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:25:54.0200 1860 mouhid - ok
17:25:54.0218 1860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:25:54.0219 1860 mountmgr - ok
17:25:54.0298 1860 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:25:54.0300 1860 MozillaMaintenance - ok
17:25:54.0335 1860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:25:54.0338 1860 mpio - ok
17:25:54.0360 1860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:25:54.0361 1860 mpsdrv - ok
17:25:54.0448 1860 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:25:54.0460 1860 MpsSvc - ok
17:25:54.0484 1860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:25:54.0486 1860 MRxDAV - ok
17:25:54.0515 1860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:25:54.0517 1860 mrxsmb - ok
17:25:54.0540 1860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:25:54.0544 1860 mrxsmb10 - ok
17:25:54.0562 1860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:25:54.0564 1860 mrxsmb20 - ok
17:25:54.0592 1860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:25:54.0593 1860 msahci - ok
17:25:54.0623 1860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:25:54.0625 1860 msdsm - ok
17:25:54.0652 1860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:25:54.0656 1860 MSDTC - ok
17:25:54.0685 1860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:25:54.0687 1860 Msfs - ok
17:25:54.0714 1860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:25:54.0715 1860 mshidkmdf - ok
17:25:54.0739 1860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:25:54.0740 1860 msisadrv - ok
17:25:54.0763 1860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:25:54.0767 1860 MSiSCSI - ok
17:25:54.0770 1860 msiserver - ok
17:25:54.0797 1860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:25:54.0798 1860 MSKSSRV - ok
17:25:54.0802 1860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:25:54.0803 1860 MSPCLOCK - ok
17:25:54.0808 1860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:25:54.0809 1860 MSPQM - ok
17:25:54.0843 1860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:25:54.0847 1860 MsRPC - ok
17:25:54.0856 1860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:25:54.0857 1860 mssmbios - ok
17:25:54.0859 1860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:25:54.0860 1860 MSTEE - ok
17:25:54.0883 1860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:25:54.0883 1860 MTConfig - ok
17:25:54.0903 1860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:25:54.0904 1860 Mup - ok
17:25:54.0943 1860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:25:54.0955 1860 napagent - ok
17:25:54.0990 1860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:25:54.0994 1860 NativeWifiP - ok
17:25:55.0110 1860 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111017.003\ENG64.SYS
17:25:55.0113 1860 NAVENG - ok
17:25:55.0287 1860 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111017.003\EX64.SYS
17:25:55.0304 1860 NAVEX15 - ok
17:25:55.0478 1860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:25:55.0490 1860 NDIS - ok
17:25:55.0518 1860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:25:55.0520 1860 NdisCap - ok
17:25:55.0547 1860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:25:55.0548 1860 NdisTapi - ok
17:25:55.0570 1860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:25:55.0571 1860 Ndisuio - ok
17:25:55.0589 1860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:25:55.0592 1860 NdisWan - ok
17:25:55.0607 1860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:25:55.0608 1860 NDProxy - ok
17:25:55.0619 1860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:25:55.0620 1860 NetBIOS - ok
17:25:55.0645 1860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:25:55.0649 1860 NetBT - ok
17:25:55.0673 1860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:25:55.0675 1860 Netlogon - ok
17:25:55.0718 1860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:25:55.0724 1860 Netman - ok
17:25:55.0807 1860 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:55.0810 1860 NetMsmqActivator - ok
17:25:55.0817 1860 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:55.0820 1860 NetPipeActivator - ok
17:25:55.0858 1860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:25:55.0864 1860 netprofm - ok
17:25:55.0867 1860 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:55.0868 1860 NetTcpActivator - ok
17:25:55.0871 1860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:55.0872 1860 NetTcpPortSharing - ok
17:25:55.0915 1860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:25:55.0916 1860 nfrd960 - ok
17:25:55.0988 1860 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
17:25:55.0990 1860 NIS - ok
17:25:56.0035 1860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:25:56.0040 1860 NlaSvc - ok
17:25:56.0215 1860 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:25:56.0232 1860 NOBU - ok
17:25:56.0310 1860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:25:56.0312 1860 Npfs - ok
17:25:56.0338 1860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:25:56.0339 1860 nsi - ok
17:25:56.0350 1860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:25:56.0351 1860 nsiproxy - ok
17:25:56.0463 1860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:25:56.0479 1860 Ntfs - ok
17:25:56.0518 1860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:25:56.0519 1860 Null - ok
17:25:56.0549 1860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:25:56.0551 1860 nvraid - ok
17:25:56.0560 1860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:25:56.0562 1860 nvstor - ok
17:25:56.0586 1860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:25:56.0588 1860 nv_agp - ok
17:25:56.0613 1860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:25:56.0614 1860 ohci1394 - ok
17:25:56.0651 1860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:25:56.0660 1860 p2pimsvc - ok
17:25:56.0694 1860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:25:56.0699 1860 p2psvc - ok
17:25:56.0716 1860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:25:56.0717 1860 Parport - ok
17:25:56.0743 1860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:25:56.0744 1860 partmgr - ok
17:25:56.0777 1860 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
17:25:56.0779 1860 PCAMp50a64 - ok
17:25:56.0806 1860 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
17:25:56.0807 1860 PCASp50a64 - ok
17:25:56.0828 1860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:25:56.0830 1860 PcaSvc - ok
17:25:56.0852 1860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:25:56.0854 1860 pci - ok
17:25:56.0875 1860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:25:56.0876 1860 pciide - ok
17:25:56.0913 1860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:25:56.0915 1860 pcmcia - ok
17:25:56.0934 1860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:25:56.0935 1860 pcw - ok
17:25:56.0979 1860 pdfcDispatcher - ok
17:25:57.0030 1860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:25:57.0039 1860 PEAUTH - ok
17:25:57.0100 1860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:25:57.0102 1860 PerfHost - ok
17:25:57.0270 1860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:25:57.0290 1860 pla - ok
17:25:57.0337 1860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:25:57.0344 1860 PlugPlay - ok
17:25:57.0355 1860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:25:57.0358 1860 PNRPAutoReg - ok
17:25:57.0388 1860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:25:57.0392 1860 PNRPsvc - ok
17:25:57.0451 1860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:25:57.0458 1860 PolicyAgent - ok
17:25:57.0495 1860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:25:57.0498 1860 Power - ok
17:25:57.0558 1860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:25:57.0562 1860 PptpMiniport - ok
17:25:57.0591 1860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:25:57.0593 1860 Processor - ok
17:25:57.0635 1860 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:25:57.0641 1860 ProfSvc - ok
17:25:57.0665 1860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:25:57.0669 1860 ProtectedStorage - ok
17:25:57.0702 1860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:25:57.0705 1860 Psched - ok
17:25:57.0842 1860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:25:57.0863 1860 ql2300 - ok
17:25:57.0946 1860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:25:57.0948 1860 ql40xx - ok
17:25:57.0987 1860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:25:57.0992 1860 QWAVE - ok
17:25:58.0014 1860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:25:58.0015 1860 QWAVEdrv - ok
17:25:58.0033 1860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:25:58.0034 1860 RasAcd - ok
17:25:58.0053 1860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:25:58.0054 1860 RasAgileVpn - ok
17:25:58.0072 1860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:25:58.0075 1860 RasAuto - ok
17:25:58.0090 1860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:25:58.0092 1860 Rasl2tp - ok
17:25:58.0117 1860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:25:58.0123 1860 RasMan - ok
17:25:58.0141 1860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:25:58.0143 1860 RasPppoe - ok
17:25:58.0154 1860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:25:58.0156 1860 RasSstp - ok
17:25:58.0197 1860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:25:58.0201 1860 rdbss - ok
17:25:58.0223 1860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:25:58.0224 1860 rdpbus - ok
17:25:58.0234 1860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:25:58.0235 1860 RDPCDD - ok
17:25:58.0250 1860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:25:58.0250 1860 RDPENCDD - ok
17:25:58.0263 1860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:25:58.0264 1860 RDPREFMP - ok
17:25:58.0304 1860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:25:58.0309 1860 RDPWD - ok
17:25:58.0342 1860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:25:58.0345 1860 rdyboost - ok
17:25:58.0381 1860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:25:58.0384 1860 RemoteAccess - ok
17:25:58.0415 1860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:25:58.0419 1860 RemoteRegistry - ok
17:25:58.0612 1860 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:25:58.0618 1860 RoxioNow Service - ok
17:25:58.0634 1860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:25:58.0637 1860 RpcEptMapper - ok
17:25:58.0655 1860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:25:58.0657 1860 RpcLocator - ok
17:25:58.0696 1860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:25:58.0702 1860 RpcSs - ok
17:25:58.0753 1860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:25:58.0755 1860 rspndr - ok
17:25:58.0799 1860 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:25:58.0802 1860 RTL8167 - ok
17:25:58.0823 1860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:25:58.0825 1860 SamSs - ok
17:25:58.0849 1860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:25:58.0851 1860 sbp2port - ok
17:25:58.0890 1860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:25:58.0895 1860 SCardSvr - ok
17:25:58.0910 1860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:25:58.0911 1860 scfilter - ok
17:25:58.0982 1860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:25:58.0998 1860 Schedule - ok
17:25:59.0017 1860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:25:59.0018 1860 SCPolicySvc - ok
17:25:59.0036 1860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:25:59.0040 1860 SDRSVC - ok
17:25:59.0095 1860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:25:59.0096 1860 secdrv - ok
17:25:59.0115 1860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:25:59.0117 1860 seclogon - ok
17:25:59.0133 1860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:25:59.0136 1860 SENS - ok
17:25:59.0162 1860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:25:59.0165 1860 SensrSvc - ok
17:25:59.0228 1860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:25:59.0230 1860 Serenum - ok
17:25:59.0249 1860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:25:59.0252 1860 Serial - ok
17:25:59.0279 1860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:25:59.0280 1860 sermouse - ok
17:25:59.0312 1860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:25:59.0316 1860 SessionEnv - ok
17:25:59.0339 1860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:25:59.0340 1860 sffdisk - ok
17:25:59.0350 1860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:25:59.0351 1860 sffp_mmc - ok
17:25:59.0360 1860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:25:59.0361 1860 sffp_sd - ok
17:25:59.0372 1860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:25:59.0373 1860 sfloppy - ok
17:25:59.0453 1860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:25:59.0458 1860 SharedAccess - ok
17:25:59.0508 1860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:25:59.0518 1860 ShellHWDetection - ok
17:25:59.0544 1860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:25:59.0546 1860 SiSRaid2 - ok
17:25:59.0568 1860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:25:59.0570 1860 SiSRaid4 - ok
17:25:59.0607 1860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:25:59.0609 1860 Smb - ok
17:25:59.0634 1860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:25:59.0637 1860 SNMPTRAP - ok
17:25:59.0648 1860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:25:59.0649 1860 spldr - ok
17:25:59.0688 1860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:25:59.0697 1860 Spooler - ok
17:25:59.0899 1860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:25:59.0924 1860 sppsvc - ok
17:25:59.0987 1860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:25:59.0992 1860 sppuinotify - ok
17:26:00.0114 1860 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
17:26:00.0121 1860 SRTSP - ok
17:26:00.0132 1860 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
17:26:00.0132 1860 SRTSPX - ok
17:26:00.0186 1860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:26:00.0190 1860 srv - ok
17:26:00.0213 1860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:26:00.0217 1860 srv2 - ok
17:26:00.0245 1860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:26:00.0247 1860 srvnet - ok
17:26:00.0278 1860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:26:00.0281 1860 SSDPSRV - ok
17:26:00.0296 1860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:26:00.0298 1860 SstpSvc - ok
17:26:00.0344 1860 Steam Client Service - ok
17:26:00.0373 1860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:26:00.0375 1860 stexstor - ok
17:26:00.0443 1860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:26:00.0452 1860 stisvc - ok
17:26:00.0469 1860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:26:00.0470 1860 swenum - ok
17:26:00.0525 1860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:26:00.0539 1860 swprv - ok
17:26:00.0625 1860 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
17:26:00.0634 1860 SymDS - ok
17:26:00.0698 1860 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
17:26:00.0709 1860 SymEFA - ok
17:26:00.0737 1860 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:26:00.0739 1860 SymEvent - ok
17:26:00.0773 1860 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
17:26:00.0774 1860 SymIM - ok
17:26:00.0794 1860 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
17:26:00.0796 1860 SymIRON - ok
17:26:00.0826 1860 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
17:26:00.0829 1860 SymNetS - ok
17:26:00.0930 1860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:26:00.0947 1860 SysMain - ok
17:26:01.0013 1860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:26:01.0016 1860 TabletInputService - ok
17:26:01.0037 1860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:26:01.0040 1860 TapiSrv - ok
17:26:01.0051 1860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:26:01.0053 1860 TBS - ok
17:26:01.0190 1860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:26:01.0210 1860 Tcpip - ok
17:26:01.0368 1860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:26:01.0379 1860 TCPIP6 - ok
17:26:01.0466 1860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:26:01.0468 1860 tcpipreg - ok
17:26:01.0488 1860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:26:01.0491 1860 TDPIPE - ok
17:26:01.0524 1860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:26:01.0526 1860 TDTCP - ok
17:26:01.0570 1860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:26:01.0574 1860 tdx - ok
17:26:01.0612 1860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:26:01.0614 1860 TermDD - ok
17:26:01.0677 1860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:26:01.0688 1860 TermService - ok
17:26:01.0704 1860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:26:01.0707 1860 Themes - ok
17:26:01.0730 1860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:26:01.0732 1860 THREADORDER - ok
17:26:01.0750 1860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:26:01.0753 1860 TrkWks - ok
17:26:01.0785 1860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:26:01.0787 1860 TrustedInstaller - ok
17:26:01.0810 1860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:01.0812 1860 tssecsrv - ok
17:26:01.0826 1860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:26:01.0828 1860 TsUsbFlt - ok
17:26:01.0848 1860 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:26:01.0849 1860 TsUsbGD - ok
17:26:01.0884 1860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:26:01.0886 1860 tunnel - ok
17:26:01.0911 1860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:26:01.0913 1860 uagp35 - ok
17:26:01.0943 1860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:26:01.0948 1860 udfs - ok
17:26:01.0976 1860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:26:01.0979 1860 UI0Detect - ok
17:26:01.0997 1860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:26:01.0999 1860 uliagpkx - ok
17:26:02.0015 1860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:26:02.0017 1860 umbus - ok
17:26:02.0025 1860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:26:02.0027 1860 UmPass - ok
17:26:02.0062 1860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:26:02.0068 1860 upnphost - ok
17:26:02.0106 1860 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
17:26:02.0107 1860 usbbus - ok
17:26:02.0139 1860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:02.0142 1860 usbccgp - ok
17:26:02.0182 1860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:26:02.0185 1860 usbcir - ok
17:26:02.0210 1860 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
17:26:02.0212 1860 UsbDiag - ok
17:26:02.0237 1860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:26:02.0239 1860 usbehci - ok
17:26:02.0263 1860 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
17:26:02.0265 1860 usbfilter - ok
17:26:02.0313 1860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:26:02.0320 1860 usbhub - ok
17:26:02.0350 1860 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
17:26:02.0352 1860 USBModem - ok
17:26:02.0370 1860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:26:02.0371 1860 usbohci - ok
17:26:02.0390 1860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:26:02.0391 1860 usbprint - ok
17:26:02.0408 1860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:02.0409 1860 USBSTOR - ok
17:26:02.0426 1860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:26:02.0427 1860 usbuhci - ok
17:26:02.0452 1860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:26:02.0454 1860 UxSms - ok
17:26:02.0482 1860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:26:02.0484 1860 VaultSvc - ok
17:26:02.0513 1860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:26:02.0514 1860 vdrvroot - ok
17:26:02.0554 1860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:26:02.0564 1860 vds - ok
17:26:02.0587 1860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:02.0588 1860 vga - ok
17:26:02.0594 1860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:26:02.0595 1860 VgaSave - ok
17:26:02.0630 1860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:26:02.0633 1860 vhdmp - ok
17:26:02.0653 1860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:26:02.0654 1860 viaide - ok
17:26:02.0674 1860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:26:02.0675 1860 volmgr - ok
17:26:02.0703 1860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:26:02.0708 1860 volmgrx - ok
17:26:02.0732 1860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:26:02.0736 1860 volsnap - ok
17:26:02.0773 1860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:26:02.0776 1860 vsmraid - ok
17:26:02.0883 1860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:26:02.0906 1860 VSS - ok
17:26:02.0995 1860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:26:02.0997 1860 vwifibus - ok
17:26:03.0037 1860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:26:03.0044 1860 W32Time - ok
17:26:03.0061 1860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:26:03.0062 1860 WacomPen - ok
17:26:03.0095 1860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:26:03.0098 1860 WANARP - ok
17:26:03.0105 1860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:26:03.0107 1860 Wanarpv6 - ok
17:26:03.0219 1860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:26:03.0236 1860 WatAdminSvc - ok
17:26:03.0337 1860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:26:03.0358 1860 wbengine - ok
17:26:03.0454 1860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:26:03.0459 1860 WbioSrvc - ok
17:26:03.0494 1860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:26:03.0501 1860 wcncsvc - ok
17:26:03.0513 1860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:26:03.0516 1860 WcsPlugInService - ok
17:26:03.0547 1860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:26:03.0548 1860 Wd - ok
17:26:03.0595 1860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:26:03.0608 1860 Wdf01000 - ok
17:26:03.0626 1860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:26:03.0629 1860 WdiServiceHost - ok
17:26:03.0633 1860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:26:03.0636 1860 WdiSystemHost - ok
17:26:03.0671 1860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:26:03.0676 1860 WebClient - ok
17:26:03.0697 1860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:26:03.0702 1860 Wecsvc - ok
17:26:03.0718 1860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:26:03.0721 1860 wercplsupport - ok
17:26:03.0740 1860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:26:03.0743 1860 WerSvc - ok
17:26:03.0794 1860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:26:03.0795 1860 WfpLwf - ok
17:26:03.0815 1860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:26:03.0816 1860 WIMMount - ok
17:26:03.0843 1860 WinDefend - ok
17:26:03.0853 1860 WinHttpAutoProxySvc - ok
17:26:03.0904 1860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:26:03.0907 1860 Winmgmt - ok
17:26:04.0033 1860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:26:04.0059 1860 WinRM - ok
17:26:04.0193 1860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:26:04.0209 1860 Wlansvc - ok
17:26:04.0270 1860 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:26:04.0272 1860 wlcrasvc - ok
17:26:04.0479 1860 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:26:04.0492 1860 wlidsvc - ok
17:26:04.0577 1860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:26:04.0578 1860 WmiAcpi - ok
17:26:04.0642 1860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:26:04.0645 1860 wmiApSrv - ok
17:26:04.0675 1860 WMPNetworkSvc - ok
17:26:04.0698 1860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:26:04.0701 1860 WPCSvc - ok
17:26:04.0713 1860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:26:04.0717 1860 WPDBusEnum - ok
17:26:04.0808 1860 WPN111 (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\WPN111vx.sys
17:26:04.0823 1860 WPN111 - ok
17:26:04.0846 1860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:26:04.0847 1860 ws2ifsl - ok
17:26:04.0870 1860 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:26:04.0873 1860 wscsvc - ok
17:26:04.0877 1860 WSearch - ok
17:26:05.0048 1860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:26:05.0082 1860 wuauserv - ok
17:26:05.0161 1860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:26:05.0163 1860 WudfPf - ok
17:26:05.0199 1860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:05.0202 1860 WUDFRd - ok
17:26:05.0233 1860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:26:05.0236 1860 wudfsvc - ok
17:26:05.0257 1860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:26:05.0262 1860 WwanSvc - ok
17:26:05.0364 1860 X6va005 - ok
17:26:05.0440 1860 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
17:26:05.0441 1860 xusb21 - ok
17:26:05.0466 1860 MBR (0x1B8) (12aa7b560dd722627fb3d07c8e9cda75) \Device\Harddisk0\DR0
17:26:05.0521 1860 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:26:05.0521 1860 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:26:05.0529 1860 Boot (0x1200) (ed80b8c94fe0d998cd0568c130c7e467) \Device\Harddisk0\DR0\Partition0
17:26:05.0532 1860 \Device\Harddisk0\DR0\Partition0 - ok
17:26:05.0539 1860 Boot (0x1200) (00f9d6e247c8a11d33728a429e58a5c1) \Device\Harddisk0\DR0\Partition1
17:26:05.0542 1860 \Device\Harddisk0\DR0\Partition1 - ok
17:26:05.0558 1860 Boot (0x1200) (7a004365763a27f19e6e96324f11de36) \Device\Harddisk0\DR0\Partition2
17:26:05.0560 1860 \Device\Harddisk0\DR0\Partition2 - ok
17:26:05.0560 1860 ============================================================
17:26:05.0560 1860 Scan finished
17:26:05.0560 1860 ============================================================
17:26:05.0570 2372 Detected object count: 1
17:26:05.0570 2372 Actual detected object count: 1
17:26:18.0623 2372 \Device\Harddisk0\DR0\# - copied to quarantine
17:26:18.0623 2372 \Device\Harddisk0\DR0 - copied to quarantine
17:26:18.0661 2372 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:26:18.0663 2372 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:26:18.0667 2372 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:26:18.0673 2372 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:26:18.0688 2372 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:26:18.0698 2372 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:26:18.0699 2372 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:26:18.0700 2372 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:26:18.0702 2372 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:26:18.0704 2372 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:26:18.0706 2372 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:26:18.0708 2372 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:26:18.0709 2372 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:26:18.0711 2372 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:26:18.0843 2372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:26:18.0867 2372 \Device\Harddisk0\DR0 - ok
17:26:19.0166 2372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:26:27.0461 5284 Deinitialize success







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 17:32:12
-----------------------------
17:32:12.522 OS Version: Windows x64 6.1.7601 Service Pack 1
17:32:12.522 Number of processors: 4 586 0xA00
17:32:12.522 ComputerName: JAMES-HP UserName: James
17:32:15.143 Initialize success
17:34:18.559 AVAST engine defs: 12080401
17:34:29.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
17:34:29.261 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
17:34:29.261 Disk 0 MBR read successfully
17:34:29.276 Disk 0 MBR scan
17:34:29.276 Disk 0 unknown MBR code
17:34:29.292 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:34:29.308 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942354 MB offset 206848
17:34:29.354 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11413 MB offset 1930147840
17:34:29.401 Disk 0 scanning C:\Windows\system32\drivers
17:34:37.108 Service scanning
17:34:56.904 Modules scanning
17:34:56.920 Disk 0 trace - called modules:
17:34:56.998 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
17:34:57.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e01790]
17:34:57.029 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8005d27ac0]
17:34:57.029 5 amd_xata.sys[fffff88000c648b4] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8005d209c0]
17:34:59.197 AVAST engine scan C:\Windows
17:35:03.191 AVAST engine scan C:\Windows\system32
17:37:03.373 AVAST engine scan C:\Windows\system32\drivers
17:37:17.772 AVAST engine scan C:\Users\James
17:42:55.404 AVAST engine scan C:\ProgramData
17:44:16.602 Scan finished successfully
17:44:48.426 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
17:44:48.441 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 PM

Posted 04 August 2012 - 06:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users