Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with dropper.generic_c.mmi


  • This topic is locked This topic is locked
35 replies to this topic

#1 zindoz

zindoz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 30 July 2012 - 10:02 PM

Hi,

I think I am infected by dropper.generic_c.mmi. I have AVG installed on my computer and it opens a pop up every 3 minutes saying: "threar detected! File name: c:/Windows/System32/Services.exe. Threat name: Tropjan horse dropper.generic_c.mmi. Detected on open".

Apparently it can not remove it. I tried to follow some guide online and so far nothing has work. Please help me

Thank you so much for your help

Please find below my DDS log.

Kind regards,
Bertrand

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Bertrand at 22:51:42 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1156 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5E86E154-4668-405C-BA16-270217197F39} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5E86E154-4668-405C-BA16-270217197F39}\14143383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5E86E154-4668-405C-BA16-270217197F39}\2456C6B696E6F5E4B2F5445313432383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E86E154-4668-405C-BA16-270217197F39}\3716E6364757162797D23613 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5E86E154-4668-405C-BA16-270217197F39}\546716E67656C6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E86E154-4668-405C-BA16-270217197F39}\9556C6C6F67784F6273756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bertrand\AppData\Roaming\Mozilla\Firefox\Profiles\zg0qmtrg.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-20 1160824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120420.001\IDSviA64.sys [2012-4-21 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-11 352848]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-6-30 873064]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-28 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-29 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-31 00:49:36 -------- d-----w- C:\Users\Bertrand\AppData\Roaming\Tific
2012-07-31 00:49:33 -------- d-----w- C:\Users\Bertrand\AppData\Local\Symantec
2012-07-31 00:20:37 -------- d-----w- C:\Users\Bertrand\AppData\Roaming\AVG2012
2012-07-30 04:56:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-30 04:55:47 -------- d--h--w- C:\$AVG
2012-07-30 04:55:47 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-30 04:55:47 -------- d-----w- C:\ProgramData\AVG2012
2012-07-30 04:54:55 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-30 04:52:46 -------- d--h--w- C:\ProgramData\Common Files
2012-07-30 04:52:46 -------- d-----w- C:\ProgramData\MFAData
2012-07-30 03:57:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-29 23:07:07 9230024 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-29 18:43:52 -------- d-----w- C:\Users\Bertrand\AppData\Local\Macromedia
2012-07-29 18:43:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-28 01:04:40 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ECCB0D64-3EF1-44DC-ADC7-31559F5F3CD1}\mpengine.dll
2012-07-12 00:14:19 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 00:15:38 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-10 00:06:14 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-10 00:06:14 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-29 23:07:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 03 August 2012 - 12:25 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zindoz

zindoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 05 August 2012 - 10:33 PM

Hello Gringo,

Thank you so much for your help.

I did everything as instructed. I had a few problems with Combofix. I turned off all the antivirus but combofix still detected AVG as being still active. I was unable to disable it at this time so I just ran combofix. It went through 50 phases and deleted 8 to 10 files and then was stuck. After 30 minutes, I closed the window and tried internet, I had the error message "Illegal operation attempted on a registery key that has been marked for deletion", so I restarted.

Now my computer is faster and i dont have the notification from AVG anymore "threar detected! File name: c:/Windows/System32/Services.exe. Threat name: Tropjan horse dropper.generic_c.mmi. Detected on open".

I am sorry, as Combofix didnt finish, it didnt create any log. Do you think the problem is fixed or should i run it again?

Thank you so much for your precious help, gringo

Cheers,
Bertrand

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 05 August 2012 - 10:39 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zindoz

zindoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 05 August 2012 - 11:39 PM

Hi gringo,

Thanks for your prompt answer

I ran combofix in safe mode but missed the reboot, so it prepared the log in windows. Here it is.

Thank you
Bertrand


ComboFix 12-08-05.02 - Bertrand 08/06/2012 0:07.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2565 [GMT -4:00]
Running from: c:\users\Bertrand\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\L\00000004.@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\L\201d3dde
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\U\00000004.@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\U\00000008.@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\U\000000cb.@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\U\80000000.@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\U\80000032.@
c:\windows\Installer\{ffebe115-9f3b-e15d-5b37-2e45d95699bd}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 04:14 . 2012-08-06 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 02:06 . 2012-08-03 02:06 -------- d-----w- c:\program files\iPod
2012-08-03 02:06 . 2012-08-03 02:07 -------- d-----w- c:\program files\iTunes
2012-08-03 02:06 . 2012-08-03 02:07 -------- d-----w- c:\program files (x86)\iTunes
2012-07-31 00:49 . 2012-07-31 00:49 -------- d-----w- c:\users\Bertrand\AppData\Roaming\Tific
2012-07-31 00:49 . 2012-07-31 00:49 -------- d-----w- c:\users\Bertrand\AppData\Local\Symantec
2012-07-31 00:20 . 2012-07-31 00:20 -------- d-----w- c:\users\Bertrand\AppData\Roaming\AVG2012
2012-07-30 04:56 . 2012-07-31 02:11 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-30 04:55 . 2012-08-06 01:13 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-30 04:55 . 2012-07-31 00:35 -------- d-----w- c:\programdata\AVG2012
2012-07-30 04:55 . 2012-07-30 04:55 -------- d-----w- C:\$AVG
2012-07-30 04:54 . 2012-07-30 04:54 -------- d-----w- c:\program files (x86)\AVG
2012-07-30 04:52 . 2012-08-06 01:13 -------- d-----w- c:\programdata\MFAData
2012-07-30 04:52 . 2012-07-30 04:52 -------- d--h--w- c:\programdata\Common Files
2012-07-30 03:57 . 2012-07-30 03:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-29 18:43 . 2012-07-29 18:43 -------- d-----w- c:\users\Bertrand\AppData\Local\Macromedia
2012-07-29 18:43 . 2012-08-06 02:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 01:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECCB0D64-3EF1-44DC-ADC7-31559F5F3CD1}\mpengine.dll
2012-07-12 00:14 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 00:06 . 2012-07-10 00:06 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-10 00:06 . 2012-07-10 00:06 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 02:07 . 2011-12-06 04:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 00:11 . 2012-02-29 07:00 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 00:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 00:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 00:09 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 00:09 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 00:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 00:09 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 00:09 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 00:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 00:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-31 1092688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-25 336384]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-24 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-03-01 1142376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-18 279616]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120420.001\IDSvia64.sys [2012-04-13 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 204288]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-03-09 257344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 9257472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-29 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 02:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-02-23 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bertrand\AppData\Roaming\Mozilla\Firefox\Profiles\zg0qmtrg.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
.
**************************************************************************
.
Completion time: 2012-08-06 00:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 04:29
.
Pre-Run: 517,063,712,768 bytes free
Post-Run: 516,895,150,080 bytes free

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 06 August 2012 - 01:14 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 08 August 2012 - 11:17 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 zindoz

zindoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 09 August 2012 - 12:03 AM

Hi Gringo,

I am sorry, I missed your last post, i am out of town right now till the end of the week but will finish the procedure on Monday as instructed

Thanks for your precious help

Cheers,
Z

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 09 August 2012 - 09:23 AM

no problem and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 16 August 2012 - 09:36 AM

how are you coming with this?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 zindoz

zindoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 19 August 2012 - 02:02 PM

Hello Gringo,

Please find below the 2 logs

Thank you

Bertrand

14:53:57.0695 1376 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:53:58.0765 1376 ============================================================
14:53:58.0765 1376 Current date / time: 2012/08/19 14:53:58.0765
14:53:58.0765 1376 SystemInfo:
14:53:58.0765 1376
14:53:58.0765 1376 OS Version: 6.1.7601 ServicePack: 1.0
14:53:58.0765 1376 Product type: Workstation
14:53:58.0765 1376 ComputerName: BERTRAND-PC
14:53:58.0765 1376 UserName: Bertrand
14:53:58.0765 1376 Windows directory: C:\Windows
14:53:58.0765 1376 System windows directory: C:\Windows
14:53:58.0765 1376 Running under WOW64
14:53:58.0765 1376 Processor architecture: Intel x64
14:53:58.0765 1376 Number of processors: 4
14:53:58.0765 1376 Page size: 0x1000
14:53:58.0765 1376 Boot type: Normal boot
14:53:58.0775 1376 ============================================================
14:54:00.0333 1376 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:54:00.0349 1376 Drive \Device\Harddisk1\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:54:00.0380 1376 ============================================================
14:54:00.0380 1376 \Device\Harddisk0\DR0:
14:54:00.0380 1376 MBR partitions:
14:54:00.0380 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
14:54:00.0380 1376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x48825000
14:54:00.0380 1376 \Device\Harddisk1\DR2:
14:54:00.0380 1376 MBR partitions:
14:54:00.0380 1376 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
14:54:00.0380 1376 ============================================================
14:54:00.0427 1376 C: <-> \Device\Harddisk0\DR0\Partition2
14:54:00.0427 1376 ============================================================
14:54:00.0427 1376 Initialize success
14:54:00.0427 1376 ============================================================
14:54:15.0699 19888 ============================================================
14:54:15.0699 19888 Scan started
14:54:15.0699 19888 Mode: Manual;
14:54:15.0699 19888 ============================================================
14:54:16.0635 19888 ================ Scan services =============================
14:54:16.0885 19888 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:54:16.0900 19888 1394ohci - ok
14:54:16.0931 19888 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:54:16.0947 19888 ACPI - ok
14:54:16.0947 19888 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:54:16.0947 19888 AcpiPmi - ok
14:54:17.0056 19888 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:54:17.0072 19888 AdobeFlashPlayerUpdateSvc - ok
14:54:17.0181 19888 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:54:17.0197 19888 adp94xx - ok
14:54:17.0243 19888 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:54:17.0243 19888 adpahci - ok
14:54:17.0243 19888 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:54:17.0259 19888 adpu320 - ok
14:54:17.0290 19888 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:54:17.0290 19888 AeLookupSvc - ok
14:54:17.0384 19888 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:54:17.0446 19888 AFD - ok
14:54:17.0540 19888 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:54:17.0571 19888 agp440 - ok
14:54:17.0587 19888 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
14:54:17.0587 19888 ALG - ok
14:54:17.0618 19888 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:54:17.0618 19888 aliide - ok
14:54:17.0665 19888 [ e57b43acd7e14f59cc8b733fe589854c ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:54:17.0665 19888 AMD External Events Utility - ok
14:54:17.0680 19888 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
14:54:17.0680 19888 amdide - ok
14:54:17.0696 19888 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:54:17.0696 19888 AmdK8 - ok
14:54:17.0914 19888 [ f99dfeb934c18fcf96cd589e6681629c ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:54:18.0117 19888 amdkmdag - ok
14:54:18.0148 19888 [ 2d964e526cd067d5aafd46bfd19b3749 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:54:18.0164 19888 amdkmdap - ok
14:54:18.0179 19888 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:54:18.0179 19888 AmdPPM - ok
14:54:18.0211 19888 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:54:18.0211 19888 amdsata - ok
14:54:18.0257 19888 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:54:18.0257 19888 amdsbs - ok
14:54:18.0273 19888 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:54:18.0289 19888 amdxata - ok
14:54:18.0304 19888 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
14:54:18.0304 19888 AppID - ok
14:54:18.0335 19888 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:54:18.0335 19888 AppIDSvc - ok
14:54:18.0335 19888 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:54:18.0351 19888 Appinfo - ok
14:54:18.0445 19888 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:54:18.0460 19888 Apple Mobile Device - ok
14:54:18.0523 19888 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
14:54:18.0569 19888 arc - ok
14:54:18.0601 19888 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:54:18.0601 19888 arcsas - ok
14:54:18.0725 19888 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:54:18.0803 19888 aspnet_state - ok
14:54:18.0819 19888 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:54:18.0835 19888 AsyncMac - ok
14:54:18.0850 19888 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
14:54:18.0850 19888 atapi - ok
14:54:18.0944 19888 [ cc406da84e7dd3fa3ad20340dbc66cf2 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:54:19.0053 19888 athr - ok
14:54:19.0147 19888 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:54:19.0162 19888 AtiHDAudioService - ok
14:54:19.0225 19888 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:54:19.0240 19888 AudioEndpointBuilder - ok
14:54:19.0256 19888 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:54:19.0256 19888 AudioSrv - ok
14:54:19.0303 19888 [ 96b4456f1dca4eda506ed31c7d2d6b05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:54:19.0334 19888 Avgfwfd - ok
14:54:19.0474 19888 [ bd5d11cedbcde4fa97d2387e7069b1ff ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
14:54:19.0521 19888 avgfws - ok
14:54:19.0677 19888 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:54:19.0771 19888 AVGIDSAgent - ok
14:54:19.0833 19888 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:54:19.0864 19888 AVGIDSDriver - ok
14:54:19.0895 19888 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:54:19.0895 19888 AVGIDSFilter - ok
14:54:19.0895 19888 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
14:54:19.0911 19888 AVGIDSHA - ok
14:54:19.0942 19888 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
14:54:19.0942 19888 Avgldx64 - ok
14:54:19.0989 19888 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
14:54:19.0989 19888 Avgmfx64 - ok
14:54:20.0020 19888 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
14:54:20.0036 19888 Avgrkx64 - ok
14:54:20.0083 19888 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
14:54:20.0098 19888 Avgtdia - ok
14:54:20.0129 19888 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:54:20.0145 19888 avgwd - ok
14:54:20.0192 19888 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:54:20.0192 19888 AxInstSV - ok
14:54:20.0239 19888 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:54:20.0239 19888 b06bdrv - ok
14:54:20.0270 19888 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:54:20.0270 19888 b57nd60a - ok
14:54:20.0332 19888 [ 93ee7d9c35ae7e9ffda148d7805f1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:54:20.0332 19888 BBSvc - ok
14:54:20.0379 19888 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:54:20.0395 19888 BDESVC - ok
14:54:20.0395 19888 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:54:20.0395 19888 Beep - ok
14:54:20.0426 19888 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
14:54:20.0441 19888 BFE - ok
14:54:20.0597 19888 [ 5b1fe9d351c284701c8051da2aa81df6 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
14:54:20.0691 19888 BHDrvx64 - ok
14:54:20.0738 19888 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:54:20.0738 19888 blbdrive - ok
14:54:20.0800 19888 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:54:20.0831 19888 Bonjour Service - ok
14:54:20.0878 19888 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:54:20.0909 19888 bowser - ok
14:54:20.0956 19888 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:54:20.0956 19888 BrFiltLo - ok
14:54:20.0956 19888 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:54:20.0956 19888 BrFiltUp - ok
14:54:20.0972 19888 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:54:20.0972 19888 BridgeMP - ok
14:54:21.0019 19888 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
14:54:21.0019 19888 Browser - ok
14:54:21.0034 19888 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:54:21.0034 19888 Brserid - ok
14:54:21.0034 19888 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:54:21.0050 19888 BrSerWdm - ok
14:54:21.0050 19888 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:54:21.0050 19888 BrUsbMdm - ok
14:54:21.0050 19888 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:54:21.0065 19888 BrUsbSer - ok
14:54:21.0065 19888 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:54:21.0065 19888 BTHMODEM - ok
14:54:21.0081 19888 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
14:54:21.0081 19888 bthserv - ok
14:54:21.0128 19888 catchme - ok
14:54:21.0159 19888 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:54:21.0159 19888 cdfs - ok
14:54:21.0190 19888 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:54:21.0190 19888 cdrom - ok
14:54:21.0237 19888 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
14:54:21.0237 19888 CertPropSvc - ok
14:54:21.0237 19888 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
14:54:21.0237 19888 circlass - ok
14:54:21.0268 19888 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
14:54:21.0268 19888 CLFS - ok
14:54:21.0331 19888 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:54:21.0346 19888 clr_optimization_v2.0.50727_32 - ok
14:54:21.0393 19888 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:54:21.0393 19888 clr_optimization_v2.0.50727_64 - ok
14:54:21.0455 19888 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:54:21.0502 19888 clr_optimization_v4.0.30319_32 - ok
14:54:21.0533 19888 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:54:21.0533 19888 clr_optimization_v4.0.30319_64 - ok
14:54:21.0549 19888 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:54:21.0549 19888 CmBatt - ok
14:54:21.0580 19888 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:54:21.0580 19888 cmdide - ok
14:54:21.0627 19888 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
14:54:21.0643 19888 CNG - ok
14:54:21.0658 19888 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:54:21.0674 19888 Compbatt - ok
14:54:21.0674 19888 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:54:21.0674 19888 CompositeBus - ok
14:54:21.0689 19888 COMSysApp - ok
14:54:21.0705 19888 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:54:21.0705 19888 crcdisk - ok
14:54:21.0752 19888 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:54:21.0752 19888 CryptSvc - ok
14:54:21.0892 19888 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:54:21.0923 19888 cvhsvc - ok
14:54:21.0970 19888 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:54:22.0001 19888 DcomLaunch - ok
14:54:22.0033 19888 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
14:54:22.0033 19888 defragsvc - ok
14:54:22.0064 19888 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:54:22.0064 19888 DfsC - ok
14:54:22.0111 19888 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
14:54:22.0111 19888 Dhcp - ok
14:54:22.0142 19888 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
14:54:22.0142 19888 discache - ok
14:54:22.0173 19888 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
14:54:22.0173 19888 Disk - ok
14:54:22.0220 19888 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:54:22.0220 19888 Dnscache - ok
14:54:22.0235 19888 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:54:22.0251 19888 dot3svc - ok
14:54:22.0251 19888 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
14:54:22.0251 19888 DPS - ok
14:54:22.0282 19888 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:54:22.0298 19888 drmkaud - ok
14:54:22.0360 19888 [ 32c2cd16dc801aef9edaafea0dbd769e ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:54:22.0391 19888 DsiWMIService - ok
14:54:22.0454 19888 [ 400582b09e0bb557d0ec28a945150eeb ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:54:22.0485 19888 dtsoftbus01 - ok
14:54:22.0547 19888 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:54:22.0563 19888 DXGKrnl - ok
14:54:22.0610 19888 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:54:22.0625 19888 EapHost - ok
14:54:22.0719 19888 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:54:22.0781 19888 ebdrv - ok
14:54:22.0844 19888 [ 0c3f9eff8ddd9f9eb56d754b4620155f ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:54:22.0859 19888 eeCtrl - ok
14:54:22.0891 19888 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
14:54:22.0922 19888 EFS - ok
14:54:23.0015 19888 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:54:23.0062 19888 ehRecvr - ok
14:54:23.0093 19888 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
14:54:23.0109 19888 ehSched - ok
14:54:23.0171 19888 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:54:23.0171 19888 elxstor - ok
14:54:23.0265 19888 [ eb1c213a8550f066b2ccc29c9f41e2ae ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
14:54:23.0296 19888 ePowerSvc - ok
14:54:23.0359 19888 [ 8c0f9b877bc0b7ffd327ef55f9efb642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:54:23.0405 19888 EraserUtilRebootDrv - ok
14:54:23.0405 19888 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:54:23.0421 19888 ErrDev - ok
14:54:23.0483 19888 [ dbaa0c650c9549dc5c599d1e81dedaad ] ETD C:\Windows\system32\DRIVERS\ETD.sys
14:54:23.0499 19888 ETD - ok
14:54:23.0546 19888 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
14:54:23.0546 19888 EventSystem - ok
14:54:23.0577 19888 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
14:54:23.0577 19888 exfat - ok
14:54:23.0593 19888 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:54:23.0608 19888 fastfat - ok
14:54:23.0639 19888 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
14:54:23.0655 19888 Fax - ok
14:54:23.0671 19888 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
14:54:23.0671 19888 fdc - ok
14:54:23.0702 19888 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:54:23.0702 19888 fdPHost - ok
14:54:23.0702 19888 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:54:23.0702 19888 FDResPub - ok
14:54:23.0733 19888 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:54:23.0733 19888 FileInfo - ok
14:54:23.0749 19888 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:54:23.0749 19888 Filetrace - ok
14:54:23.0811 19888 [ bb0667b0171b632b97ea759515476f07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:54:23.0827 19888 FLEXnet Licensing Service - ok
14:54:23.0827 19888 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:54:23.0827 19888 flpydisk - ok
14:54:23.0858 19888 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:54:23.0858 19888 FltMgr - ok
14:54:23.0889 19888 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
14:54:23.0920 19888 FontCache - ok
14:54:23.0983 19888 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:54:23.0983 19888 FontCache3.0.0.0 - ok
14:54:23.0998 19888 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:54:23.0998 19888 FsDepends - ok
14:54:24.0045 19888 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:54:24.0061 19888 Fs_Rec - ok
14:54:24.0092 19888 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:54:24.0092 19888 fvevol - ok
14:54:24.0107 19888 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:54:24.0107 19888 gagp30kx - ok
14:54:24.0201 19888 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:54:24.0232 19888 GamesAppService - ok
14:54:24.0263 19888 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:54:24.0295 19888 GEARAspiWDM - ok
14:54:24.0357 19888 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
14:54:24.0388 19888 gpsvc - ok
14:54:24.0451 19888 [ 0191dee9b9eb7902af2cf4f67301095d ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
14:54:24.0482 19888 GREGService - ok
14:54:24.0513 19888 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:54:24.0529 19888 hcw85cir - ok
14:54:24.0544 19888 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:54:24.0544 19888 HdAudAddService - ok
14:54:24.0591 19888 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:54:24.0591 19888 HDAudBus - ok
14:54:24.0591 19888 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:54:24.0591 19888 HidBatt - ok
14:54:24.0607 19888 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:54:24.0622 19888 HidBth - ok
14:54:24.0622 19888 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:54:24.0638 19888 HidIr - ok
14:54:24.0638 19888 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
14:54:24.0638 19888 hidserv - ok
14:54:24.0653 19888 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:54:24.0653 19888 HidUsb - ok
14:54:24.0653 19888 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:54:24.0669 19888 hkmsvc - ok
14:54:24.0669 19888 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:54:24.0669 19888 HomeGroupListener - ok
14:54:24.0700 19888 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:54:24.0731 19888 HomeGroupProvider - ok
14:54:24.0763 19888 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:54:24.0763 19888 HpSAMD - ok
14:54:24.0809 19888 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:54:24.0809 19888 HTTP - ok
14:54:24.0825 19888 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:54:24.0825 19888 hwpolicy - ok
14:54:24.0841 19888 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:54:24.0841 19888 i8042prt - ok
14:54:24.0887 19888 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:54:24.0903 19888 iaStorV - ok
14:54:24.0965 19888 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:54:24.0997 19888 idsvc - ok
14:54:25.0075 19888 [ 18c40c3f368323b203ace403cb430db1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120420.001\IDSvia64.sys
14:54:25.0090 19888 IDSVia64 - ok
14:54:25.0137 19888 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:54:25.0137 19888 iirsp - ok
14:54:25.0199 19888 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
14:54:25.0231 19888 IKEEXT - ok
14:54:25.0355 19888 [ 7d24e44761ee029680bd8da23fab8fb4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:54:25.0433 19888 IntcAzAudAddService - ok
14:54:25.0449 19888 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
14:54:25.0449 19888 intelide - ok
14:54:25.0465 19888 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:54:25.0465 19888 intelppm - ok
14:54:25.0558 19888 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:54:25.0574 19888 IntuitUpdateServiceV4 - ok
14:54:25.0605 19888 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:54:25.0605 19888 IPBusEnum - ok
14:54:25.0605 19888 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:54:25.0621 19888 IpFilterDriver - ok
14:54:25.0652 19888 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:54:25.0652 19888 iphlpsvc - ok
14:54:25.0652 19888 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:54:25.0667 19888 IPMIDRV - ok
14:54:25.0683 19888 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:54:25.0683 19888 IPNAT - ok
14:54:25.0730 19888 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:54:25.0745 19888 iPod Service - ok
14:54:25.0777 19888 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:54:25.0777 19888 IRENUM - ok
14:54:25.0777 19888 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:54:25.0777 19888 isapnp - ok
14:54:25.0808 19888 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:54:25.0808 19888 iScsiPrt - ok
14:54:25.0823 19888 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:54:25.0823 19888 kbdclass - ok
14:54:25.0839 19888 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:54:25.0839 19888 kbdhid - ok
14:54:25.0855 19888 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
14:54:25.0855 19888 KeyIso - ok
14:54:25.0901 19888 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:54:25.0901 19888 KSecDD - ok
14:54:25.0933 19888 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:54:25.0933 19888 KSecPkg - ok
14:54:25.0933 19888 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:54:25.0948 19888 ksthunk - ok
14:54:25.0979 19888 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
14:54:25.0979 19888 KtmRm - ok
14:54:26.0011 19888 [ 6dd5383c9413aae3113faf89e345663d ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
14:54:26.0042 19888 L1C - ok
14:54:26.0089 19888 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:54:26.0104 19888 LanmanServer - ok
14:54:26.0135 19888 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:54:26.0135 19888 LanmanWorkstation - ok
14:54:26.0198 19888 [ 6bcee9c766815bfff89de7d81af34ce1 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
14:54:26.0213 19888 Live Updater Service - ok
14:54:26.0229 19888 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:54:26.0245 19888 lltdio - ok
14:54:26.0291 19888 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:54:26.0307 19888 lltdsvc - ok
14:54:26.0323 19888 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:54:26.0323 19888 lmhosts - ok
14:54:26.0369 19888 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:54:26.0369 19888 LSI_FC - ok
14:54:26.0369 19888 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:54:26.0369 19888 LSI_SAS - ok
14:54:26.0385 19888 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:54:26.0385 19888 LSI_SAS2 - ok
14:54:26.0385 19888 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:54:26.0401 19888 LSI_SCSI - ok
14:54:26.0401 19888 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
14:54:26.0401 19888 luafv - ok
14:54:26.0432 19888 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:54:26.0432 19888 Mcx2Svc - ok
14:54:26.0447 19888 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:54:26.0447 19888 megasas - ok
14:54:26.0447 19888 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:54:26.0463 19888 MegaSR - ok
14:54:26.0479 19888 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
14:54:26.0479 19888 MMCSS - ok
14:54:26.0494 19888 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:54:26.0494 19888 Modem - ok
14:54:26.0525 19888 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:54:26.0525 19888 monitor - ok
14:54:26.0541 19888 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:54:26.0557 19888 mouclass - ok
14:54:26.0572 19888 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:54:26.0572 19888 mouhid - ok
14:54:26.0588 19888 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:54:26.0588 19888 mountmgr - ok
14:54:26.0650 19888 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:54:26.0666 19888 MozillaMaintenance - ok
14:54:26.0681 19888 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:54:26.0681 19888 mpio - ok
14:54:26.0681 19888 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:54:26.0697 19888 mpsdrv - ok
14:54:26.0697 19888 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:54:26.0697 19888 MRxDAV - ok
14:54:26.0728 19888 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:54:26.0744 19888 mrxsmb - ok
14:54:26.0759 19888 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:54:26.0759 19888 mrxsmb10 - ok
14:54:26.0791 19888 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:54:26.0791 19888 mrxsmb20 - ok
14:54:26.0806 19888 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:54:26.0806 19888 msahci - ok
14:54:26.0822 19888 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:54:26.0837 19888 msdsm - ok
14:54:26.0853 19888 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
14:54:26.0869 19888 MSDTC - ok
14:54:26.0900 19888 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:54:26.0900 19888 Msfs - ok
14:54:26.0915 19888 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:54:26.0915 19888 mshidkmdf - ok
14:54:26.0931 19888 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:54:26.0931 19888 msisadrv - ok
14:54:26.0978 19888 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:54:26.0978 19888 MSiSCSI - ok
14:54:26.0978 19888 msiserver - ok
14:54:26.0993 19888 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:54:26.0993 19888 MSKSSRV - ok
14:54:27.0009 19888 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:54:27.0009 19888 MSPCLOCK - ok
14:54:27.0025 19888 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:54:27.0025 19888 MSPQM - ok
14:54:27.0040 19888 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:54:27.0040 19888 MsRPC - ok
14:54:27.0071 19888 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:54:27.0071 19888 mssmbios - ok
14:54:27.0087 19888 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:54:27.0087 19888 MSTEE - ok
14:54:27.0118 19888 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:54:27.0118 19888 MTConfig - ok
14:54:27.0118 19888 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:54:27.0118 19888 Mup - ok
14:54:27.0149 19888 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
14:54:27.0165 19888 napagent - ok
14:54:27.0212 19888 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:54:27.0212 19888 NativeWifiP - ok
14:54:27.0290 19888 [ 9d1cce440552500ded3a62f9d779cdb4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
14:54:27.0305 19888 NAUpdate - ok
14:54:27.0399 19888 [ 2dbe90210de76be6e1653bb20ec70ec2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120420.032\ENG64.SYS
14:54:27.0415 19888 NAVENG - ok
14:54:27.0493 19888 [ 346da70e203b8e2c850277713de8f71b ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120420.032\EX64.SYS
14:54:27.0555 19888 NAVEX15 - ok
14:54:27.0586 19888 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:54:27.0602 19888 NDIS - ok
14:54:27.0633 19888 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:54:27.0633 19888 NdisCap - ok
14:54:27.0664 19888 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:54:27.0664 19888 NdisTapi - ok
14:54:27.0680 19888 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:54:27.0680 19888 Ndisuio - ok
14:54:27.0680 19888 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:54:27.0695 19888 NdisWan - ok
14:54:27.0695 19888 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:54:27.0695 19888 NDProxy - ok
14:54:27.0695 19888 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:54:27.0711 19888 NetBIOS - ok
14:54:27.0711 19888 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:54:27.0711 19888 NetBT - ok
14:54:27.0727 19888 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
14:54:27.0727 19888 Netlogon - ok
14:54:27.0773 19888 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
14:54:27.0773 19888 Netman - ok
14:54:27.0820 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0820 19888 NetMsmqActivator - ok
14:54:27.0820 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0836 19888 NetPipeActivator - ok
14:54:27.0851 19888 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
14:54:27.0867 19888 netprofm - ok
14:54:27.0883 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0883 19888 NetTcpActivator - ok
14:54:27.0883 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0883 19888 NetTcpPortSharing - ok
14:54:27.0914 19888 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:54:27.0914 19888 nfrd960 - ok
14:54:28.0039 19888 [ e78a365cc3e0fbfc018a33dce01909f8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
14:54:28.0039 19888 NIS - ok
14:54:28.0085 19888 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:54:28.0085 19888 NlaSvc - ok
14:54:28.0179 19888 [ 5839a8027d6d324a7cd494051a96628c ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:54:28.0226 19888 NOBU - ok
14:54:28.0257 19888 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:54:28.0273 19888 Npfs - ok
14:54:28.0273 19888 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:54:28.0273 19888 nsi - ok
14:54:28.0288 19888 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:54:28.0288 19888 nsiproxy - ok
14:54:28.0351 19888 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:54:28.0429 19888 Ntfs - ok
14:54:28.0538 19888 [ 6cc09d2f0ba4a09babc3c41b8fd888f7 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
14:54:28.0616 19888 NTI IScheduleSvc - ok
14:54:28.0663 19888 [ 64ddd0dee976302f4bd93e5efcc2f013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:54:28.0663 19888 NTIDrvr - ok
14:54:28.0694 19888 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
14:54:28.0694 19888 Null - ok
14:54:28.0725 19888 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:54:28.0741 19888 nvraid - ok
14:54:28.0756 19888 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:54:28.0772 19888 nvstor - ok
14:54:28.0787 19888 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:54:28.0803 19888 nv_agp - ok
14:54:28.0803 19888 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:54:28.0803 19888 ohci1394 - ok
14:54:28.0881 19888 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:54:28.0881 19888 ose - ok
14:54:29.0021 19888 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:54:29.0131 19888 osppsvc - ok
14:54:29.0162 19888 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:54:29.0162 19888 p2pimsvc - ok
14:54:29.0209 19888 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:54:29.0209 19888 p2psvc - ok
14:54:29.0240 19888 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:54:29.0240 19888 Parport - ok
14:54:29.0271 19888 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:54:29.0271 19888 partmgr - ok
14:54:29.0271 19888 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:54:29.0287 19888 PcaSvc - ok
14:54:29.0302 19888 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
14:54:29.0302 19888 pci - ok
14:54:29.0302 19888 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
14:54:29.0318 19888 pciide - ok
14:54:29.0333 19888 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:54:29.0333 19888 pcmcia - ok
14:54:29.0333 19888 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:54:29.0333 19888 pcw - ok
14:54:29.0349 19888 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:54:29.0365 19888 PEAUTH - ok
14:54:29.0474 19888 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:54:29.0489 19888 PerfHost - ok
14:54:29.0692 19888 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
14:54:29.0723 19888 pla - ok
14:54:29.0833 19888 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:54:29.0848 19888 PlugPlay - ok
14:54:29.0864 19888 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:54:29.0864 19888 PNRPAutoReg - ok
14:54:29.0879 19888 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:54:29.0879 19888 PNRPsvc - ok
14:54:29.0911 19888 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:54:29.0926 19888 PolicyAgent - ok
14:54:29.0957 19888 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
14:54:29.0957 19888 Power - ok
14:54:29.0989 19888 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:54:30.0004 19888 PptpMiniport - ok
14:54:30.0035 19888 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
14:54:30.0035 19888 Processor - ok
14:54:30.0067 19888 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:54:30.0082 19888 ProfSvc - ok
14:54:30.0098 19888 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:54:30.0098 19888 ProtectedStorage - ok
14:54:30.0129 19888 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:54:30.0129 19888 Psched - ok
14:54:30.0176 19888 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:54:30.0207 19888 ql2300 - ok
14:54:30.0207 19888 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:54:30.0207 19888 ql40xx - ok
14:54:30.0254 19888 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:54:30.0254 19888 QWAVE - ok
14:54:30.0269 19888 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:54:30.0269 19888 QWAVEdrv - ok
14:54:30.0269 19888 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:54:30.0285 19888 RasAcd - ok
14:54:30.0316 19888 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:54:30.0316 19888 RasAgileVpn - ok
14:54:30.0332 19888 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:54:30.0332 19888 RasAuto - ok
14:54:30.0332 19888 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:54:30.0332 19888 Rasl2tp - ok
14:54:30.0379 19888 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
14:54:30.0379 19888 RasMan - ok
14:54:30.0394 19888 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:54:30.0394 19888 RasPppoe - ok
14:54:30.0394 19888 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:54:30.0410 19888 RasSstp - ok
14:54:30.0410 19888 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:54:30.0410 19888 rdbss - ok
14:54:30.0457 19888 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:54:30.0457 19888 rdpbus - ok
14:54:30.0472 19888 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:54:30.0472 19888 RDPCDD - ok
14:54:30.0488 19888 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:54:30.0488 19888 RDPENCDD - ok
14:54:30.0503 19888 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:54:30.0503 19888 RDPREFMP - ok
14:54:30.0550 19888 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:54:30.0597 19888 RDPWD - ok
14:54:30.0597 19888 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:54:30.0597 19888 rdyboost - ok
14:54:30.0628 19888 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:54:30.0644 19888 RemoteAccess - ok
14:54:30.0659 19888 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:54:30.0675 19888 RemoteRegistry - ok
14:54:30.0722 19888 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:54:30.0722 19888 RimUsb - ok
14:54:30.0737 19888 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:54:30.0737 19888 RpcEptMapper - ok
14:54:30.0769 19888 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:54:30.0769 19888 RpcLocator - ok
14:54:30.0800 19888 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
14:54:30.0800 19888 RpcSs - ok
14:54:30.0831 19888 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:54:30.0831 19888 rspndr - ok
14:54:30.0909 19888 [ 135a64530d7699ad48f29d73a658dd11 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
14:54:30.0909 19888 RSUSBSTOR - ok
14:54:30.0956 19888 [ fa088015155c4c6dab5d1d9e68eb9d6b ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
14:54:30.0987 19888 RTL8192Ce - ok
14:54:31.0018 19888 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
14:54:31.0018 19888 SamSs - ok
14:54:31.0034 19888 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:54:31.0034 19888 sbp2port - ok
14:54:31.0065 19888 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:54:31.0065 19888 SCardSvr - ok
14:54:31.0096 19888 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:54:31.0096 19888 scfilter - ok
14:54:31.0127 19888 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
14:54:31.0174 19888 Schedule - ok
14:54:31.0190 19888 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:54:31.0190 19888 SCPolicySvc - ok
14:54:31.0205 19888 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:54:31.0205 19888 SDRSVC - ok
14:54:31.0283 19888 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:54:31.0283 19888 SeaPort - ok
14:54:31.0330 19888 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:54:31.0330 19888 secdrv - ok
14:54:31.0361 19888 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
14:54:31.0361 19888 seclogon - ok
14:54:31.0393 19888 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
14:54:31.0393 19888 SENS - ok
14:54:31.0408 19888 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:54:31.0408 19888 SensrSvc - ok
14:54:31.0424 19888 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
14:54:31.0424 19888 Serenum - ok
14:54:31.0439 19888 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
14:54:31.0439 19888 Serial - ok
14:54:31.0455 19888 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:54:31.0455 19888 sermouse - ok
14:54:31.0471 19888 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:54:31.0486 19888 SessionEnv - ok
14:54:31.0486 19888 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:54:31.0486 19888 sffdisk - ok
14:54:31.0502 19888 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:54:31.0502 19888 sffp_mmc - ok
14:54:31.0502 19888 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:54:31.0502 19888 sffp_sd - ok
14:54:31.0502 19888 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:54:31.0517 19888 sfloppy - ok
14:54:31.0580 19888 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:54:31.0611 19888 Sftfs - ok
14:54:32.0032 19888 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:54:32.0063 19888 sftlist - ok
14:54:32.0266 19888 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:54:32.0329 19888 Sftplay - ok
14:54:32.0687 19888 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:54:32.0719 19888 Sftredir - ok
14:54:32.0750 19888 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:54:32.0750 19888 Sftvol - ok
14:54:32.0890 19888 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:54:32.0890 19888 sftvsa - ok
14:54:32.0953 19888 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:54:32.0953 19888 SharedAccess - ok
14:54:32.0984 19888 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:54:32.0999 19888 ShellHWDetection - ok
14:54:33.0031 19888 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:54:33.0031 19888 SiSRaid2 - ok
14:54:33.0031 19888 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:54:33.0046 19888 SiSRaid4 - ok
14:54:33.0062 19888 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:54:33.0062 19888 Smb - ok
14:54:33.0093 19888 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:54:33.0093 19888 SNMPTRAP - ok
14:54:33.0109 19888 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:54:33.0109 19888 spldr - ok
14:54:33.0140 19888 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
14:54:33.0155 19888 Spooler - ok
14:54:33.0218 19888 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
14:54:33.0311 19888 sppsvc - ok
14:54:33.0327 19888 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:54:33.0343 19888 sppuinotify - ok
14:54:33.0436 19888 [ 90ef30c3867bcde4579c01a6d6e75a7a ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
14:54:33.0467 19888 SRTSP - ok
14:54:33.0483 19888 [ c513e8a5e7978da49077f5484344ee1b ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
14:54:33.0499 19888 SRTSPX - ok
14:54:33.0530 19888 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
14:54:33.0530 19888 srv - ok
14:54:33.0561 19888 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:54:33.0577 19888 srv2 - ok
14:54:33.0608 19888 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:54:33.0608 19888 srvnet - ok
14:54:33.0670 19888 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:54:33.0670 19888 SSDPSRV - ok
14:54:33.0670 19888 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:54:33.0686 19888 SstpSvc - ok
14:54:33.0717 19888 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:54:33.0717 19888 stexstor - ok
14:54:33.0764 19888 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
14:54:33.0795 19888 stisvc - ok
14:54:33.0842 19888 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:54:33.0842 19888 swenum - ok
14:54:33.0857 19888 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:54:33.0873 19888 swprv - ok
14:54:33.0889 19888 [ 6160145c7a87fc7672e8e3b886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
14:54:33.0904 19888 SymDS - ok
14:54:33.0935 19888 [ 96aeed40d4d3521568b42027687e69e0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
14:54:33.0951 19888 SymEFA - ok
14:54:33.0998 19888 [ 21a1c2d694c3cf962d31f5e873ab3d6f ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:54:33.0998 19888 SymEvent - ok
14:54:34.0029 19888 [ bd0d711d8cbfcaa19ca123306eaf53a5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
14:54:34.0045 19888 SymIRON - ok
14:54:34.0060 19888 [ a6adb3d83023f8daa0f7b6fda785d83b ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
14:54:34.0060 19888 SymNetS - ok
14:54:34.0123 19888 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
14:54:34.0154 19888 SysMain - ok
14:54:34.0169 19888 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:34.0169 19888 TabletInputService - ok
14:54:34.0169 19888 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:34.0185 19888 TapiSrv - ok
14:54:34.0201 19888 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:54:34.0201 19888 TBS - ok
14:54:34.0263 19888 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:34.0325 19888 Tcpip - ok
14:54:34.0372 19888 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:34.0388 19888 TCPIP6 - ok
14:54:34.0419 19888 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:34.0419 19888 tcpipreg - ok
14:54:34.0435 19888 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:34.0450 19888 TDPIPE - ok
14:54:34.0466 19888 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:34.0466 19888 TDTCP - ok
14:54:34.0513 19888 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:34.0513 19888 tdx - ok
14:54:34.0513 19888 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:54:34.0528 19888 TermDD - ok
14:54:34.0559 19888 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
14:54:34.0575 19888 TermService - ok
14:54:34.0575 19888 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:54:34.0575 19888 Themes - ok
14:54:34.0591 19888 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:34.0606 19888 THREADORDER - ok
14:54:34.0606 19888 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:54:34.0622 19888 TrkWks - ok
14:54:34.0669 19888 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:34.0669 19888 TrustedInstaller - ok
14:54:34.0700 19888 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:34.0700 19888 tssecsrv - ok
14:54:34.0747 19888 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:54:34.0747 19888 TsUsbFlt - ok
14:54:34.0762 19888 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:54:34.0778 19888 TsUsbGD - ok
14:54:34.0871 19888 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:54:34.0871 19888 tunnel - ok
14:54:34.0887 19888 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:54:34.0887 19888 uagp35 - ok
14:54:34.0903 19888 [ 2e22c1fd397a5a9ffef55e9d1fc96c00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:54:34.0903 19888 UBHelper - ok
14:54:34.0934 19888 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:54:34.0934 19888 udfs - ok
14:54:34.0965 19888 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:54:34.0965 19888 UI0Detect - ok
14:54:34.0996 19888 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:54:35.0012 19888 uliagpkx - ok
14:54:35.0012 19888 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:54:35.0012 19888 umbus - ok
14:54:35.0012 19888 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
14:54:35.0027 19888 UmPass - ok
14:54:35.0059 19888 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:54:35.0059 19888 upnphost - ok
14:54:35.0090 19888 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:54:35.0105 19888 USBAAPL64 - ok
14:54:35.0137 19888 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:35.0137 19888 usbccgp - ok
14:54:35.0137 19888 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:54:35.0137 19888 usbcir - ok
14:54:35.0152 19888 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:54:35.0152 19888 usbehci - ok
14:54:35.0199 19888 [ 573d192e268f0c5b486b7e96f661e538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:54:35.0199 19888 usbfilter - ok
14:54:35.0215 19888 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:54:35.0215 19888 usbhub - ok
14:54:35.0246 19888 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:54:35.0277 19888 usbohci - ok
14:54:35.0293 19888 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:54:35.0308 19888 usbprint - ok
14:54:35.0324 19888 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:54:35.0339 19888 USBSTOR - ok
14:54:35.0355 19888 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:54:35.0355 19888 usbuhci - ok
14:54:35.0386 19888 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:54:35.0386 19888 usbvideo - ok
14:54:35.0417 19888 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:54:35.0417 19888 UxSms - ok
14:54:35.0433 19888 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
14:54:35.0433 19888 VaultSvc - ok
14:54:35.0433 19888 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:54:35.0449 19888 vdrvroot - ok
14:54:35.0464 19888 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
14:54:35.0480 19888 vds - ok
14:54:35.0495 19888 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:35.0495 19888 vga - ok
14:54:35.0511 19888 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:54:35.0511 19888 VgaSave - ok
14:54:35.0511 19888 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:54:35.0527 19888 vhdmp - ok
14:54:35.0542 19888 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:54:35.0542 19888 viaide - ok
14:54:35.0558 19888 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:54:35.0558 19888 volmgr - ok
14:54:35.0558 19888 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:54:35.0573 19888 volmgrx - ok
14:54:35.0573 19888 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:54:35.0589 19888 volsnap - ok
14:54:35.0620 19888 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:54:35.0620 19888 vsmraid - ok
14:54:35.0667 19888 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
14:54:35.0729 19888 VSS - ok
14:54:35.0745 19888 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:54:35.0745 19888 vwifibus - ok
14:54:35.0761 19888 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:54:35.0761 19888 vwififlt - ok
14:54:35.0776 19888 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:54:35.0776 19888 W32Time - ok
14:54:35.0792 19888 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:54:35.0792 19888 WacomPen - ok
14:54:35.0807 19888 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:54:35.0807 19888 WANARP - ok
14:54:35.0807 19888 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:54:35.0807 19888 Wanarpv6 - ok
14:54:35.0885 19888 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:54:35.0932 19888 WatAdminSvc - ok
14:54:35.0995 19888 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
14:54:36.0041 19888 wbengine - ok
14:54:36.0041 19888 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:54:36.0041 19888 WbioSrvc - ok
14:54:36.0057 19888 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:54:36.0057 19888 wcncsvc - ok
14:54:36.0073 19888 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:54:36.0073 19888 WcsPlugInService - ok
14:54:36.0104 19888 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
14:54:36.0104 19888 Wd - ok
14:54:36.0119 19888 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:54:36.0135 19888 Wdf01000 - ok
14:54:36.0135 19888 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:54:36.0151 19888 WdiServiceHost - ok
14:54:36.0151 19888 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:54:36.0151 19888 WdiSystemHost - ok
14:54:36.0166 19888 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:54:36.0166 19888 WebClient - ok
14:54:36.0182 19888 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:54:36.0197 19888 Wecsvc - ok
14:54:36.0197 19888 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:54:36.0197 19888 wercplsupport - ok
14:54:36.0213 19888 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:54:36.0229 19888 WerSvc - ok
14:54:36.0229 19888 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:54:36.0229 19888 WfpLwf - ok
14:54:36.0244 19888 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:54:36.0244 19888 WIMMount - ok
14:54:36.0291 19888 WinDefend - ok
14:54:36.0307 19888 WinHttpAutoProxySvc - ok
14:54:36.0353 19888 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:54:36.0369 19888 Winmgmt - ok
14:54:36.0416 19888 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
14:54:36.0463 19888 WinRM - ok
14:54:36.0541 19888 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:54:36.0541 19888 WinUsb - ok
14:54:36.0587 19888 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:54:36.0603 19888 Wlansvc - ok
14:54:36.0681 19888 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:54:36.0681 19888 wlcrasvc - ok
14:54:36.0759 19888 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:54:36.0790 19888 wlidsvc - ok
14:54:36.0821 19888 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:54:36.0821 19888 WmiAcpi - ok
14:54:36.0853 19888 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:54:36.0868 19888 wmiApSrv - ok
14:54:36.0899 19888 WMPNetworkSvc - ok
14:54:36.0931 19888 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:54:36.0931 19888 WPCSvc - ok
14:54:36.0946 19888 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:54:36.0946 19888 WPDBusEnum - ok
14:54:36.0977 19888 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:54:36.0977 19888 ws2ifsl - ok
14:54:36.0993 19888 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
14:54:36.0993 19888 wscsvc - ok
14:54:36.0993 19888 WSearch - ok
14:54:37.0087 19888 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:54:37.0149 19888 wuauserv - ok
14:54:37.0165 19888 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:54:37.0180 19888 WudfPf - ok
14:54:37.0211 19888 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:37.0211 19888 WUDFRd - ok
14:54:37.0243 19888 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:54:37.0243 19888 wudfsvc - ok
14:54:37.0243 19888 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:54:37.0258 19888 WwanSvc - ok
14:54:37.0274 19888 ================ Scan global ===============================
14:54:37.0321 19888 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:54:37.0352 19888 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:54:37.0367 19888 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:54:37.0383 19888 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:54:37.0430 19888 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:54:37.0430 19888 [Global] - ok
14:54:37.0430 19888 ================ Scan MBR ==================================
14:54:37.0445 19888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:54:38.0147 19888 \Device\Harddisk0\DR0 - ok
14:54:38.0147 19888 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
14:54:38.0163 19888 \Device\Harddisk1\DR2 - ok
14:54:38.0163 19888 ================ Scan VBR ==================================
14:54:38.0179 19888 Boot (0x1200) (9682fe85ee6b5b6e002cd05d69fa50b8) \Device\Harddisk0\DR0\Partition1
14:54:38.0179 19888 \Device\Harddisk0\DR0\Partition1 - ok
14:54:38.0194 19888 Boot (0x1200) (bec7251efc8121aebe0438b52f8c0e90) \Device\Harddisk0\DR0\Partition2
14:54:38.0194 19888 \Device\Harddisk0\DR0\Partition2 - ok
14:54:38.0194 19888 Boot (0x1200) (c77d34e89ed0f45c4b4c95aecb6bb5cb) \Device\Harddisk1\DR2\Partition1
14:54:38.0210 19888 \Device\Harddisk1\DR2\Partition1 - ok
14:54:38.0210 19888 ============================================================
14:54:38.0210 19888 Scan finished
14:54:38.0210 19888 ============================================================
14:54:38.0225 19432 Detected object count: 0
14:54:38.0225 19432 Actual detected object count: 0
14:53:57.0695 1376 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:53:58.0765 1376 ============================================================
14:53:58.0765 1376 Current date / time: 2012/08/19 14:53:58.0765
14:53:58.0765 1376 SystemInfo:
14:53:58.0765 1376
14:53:58.0765 1376 OS Version: 6.1.7601 ServicePack: 1.0
14:53:58.0765 1376 Product type: Workstation
14:53:58.0765 1376 ComputerName: BERTRAND-PC
14:53:58.0765 1376 UserName: Bertrand
14:53:58.0765 1376 Windows directory: C:\Windows
14:53:58.0765 1376 System windows directory: C:\Windows
14:53:58.0765 1376 Running under WOW64
14:53:58.0765 1376 Processor architecture: Intel x64
14:53:58.0765 1376 Number of processors: 4
14:53:58.0765 1376 Page size: 0x1000
14:53:58.0765 1376 Boot type: Normal boot
14:53:58.0775 1376 ============================================================
14:54:00.0333 1376 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:54:00.0349 1376 Drive \Device\Harddisk1\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:54:00.0380 1376 ============================================================
14:54:00.0380 1376 \Device\Harddisk0\DR0:
14:54:00.0380 1376 MBR partitions:
14:54:00.0380 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
14:54:00.0380 1376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x48825000
14:54:00.0380 1376 \Device\Harddisk1\DR2:
14:54:00.0380 1376 MBR partitions:
14:54:00.0380 1376 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
14:54:00.0380 1376 ============================================================
14:54:00.0427 1376 C: <-> \Device\Harddisk0\DR0\Partition2
14:54:00.0427 1376 ============================================================
14:54:00.0427 1376 Initialize success
14:54:00.0427 1376 ============================================================
14:54:15.0699 19888 ============================================================
14:54:15.0699 19888 Scan started
14:54:15.0699 19888 Mode: Manual;
14:54:15.0699 19888 ============================================================
14:54:16.0635 19888 ================ Scan services =============================
14:54:16.0885 19888 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:54:16.0900 19888 1394ohci - ok
14:54:16.0931 19888 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:54:16.0947 19888 ACPI - ok
14:54:16.0947 19888 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:54:16.0947 19888 AcpiPmi - ok
14:54:17.0056 19888 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:54:17.0072 19888 AdobeFlashPlayerUpdateSvc - ok
14:54:17.0181 19888 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:54:17.0197 19888 adp94xx - ok
14:54:17.0243 19888 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:54:17.0243 19888 adpahci - ok
14:54:17.0243 19888 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:54:17.0259 19888 adpu320 - ok
14:54:17.0290 19888 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:54:17.0290 19888 AeLookupSvc - ok
14:54:17.0384 19888 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:54:17.0446 19888 AFD - ok
14:54:17.0540 19888 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:54:17.0571 19888 agp440 - ok
14:54:17.0587 19888 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
14:54:17.0587 19888 ALG - ok
14:54:17.0618 19888 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:54:17.0618 19888 aliide - ok
14:54:17.0665 19888 [ e57b43acd7e14f59cc8b733fe589854c ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:54:17.0665 19888 AMD External Events Utility - ok
14:54:17.0680 19888 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
14:54:17.0680 19888 amdide - ok
14:54:17.0696 19888 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:54:17.0696 19888 AmdK8 - ok
14:54:17.0914 19888 [ f99dfeb934c18fcf96cd589e6681629c ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:54:18.0117 19888 amdkmdag - ok
14:54:18.0148 19888 [ 2d964e526cd067d5aafd46bfd19b3749 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:54:18.0164 19888 amdkmdap - ok
14:54:18.0179 19888 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:54:18.0179 19888 AmdPPM - ok
14:54:18.0211 19888 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:54:18.0211 19888 amdsata - ok
14:54:18.0257 19888 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:54:18.0257 19888 amdsbs - ok
14:54:18.0273 19888 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:54:18.0289 19888 amdxata - ok
14:54:18.0304 19888 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
14:54:18.0304 19888 AppID - ok
14:54:18.0335 19888 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:54:18.0335 19888 AppIDSvc - ok
14:54:18.0335 19888 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:54:18.0351 19888 Appinfo - ok
14:54:18.0445 19888 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:54:18.0460 19888 Apple Mobile Device - ok
14:54:18.0523 19888 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
14:54:18.0569 19888 arc - ok
14:54:18.0601 19888 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:54:18.0601 19888 arcsas - ok
14:54:18.0725 19888 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:54:18.0803 19888 aspnet_state - ok
14:54:18.0819 19888 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:54:18.0835 19888 AsyncMac - ok
14:54:18.0850 19888 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
14:54:18.0850 19888 atapi - ok
14:54:18.0944 19888 [ cc406da84e7dd3fa3ad20340dbc66cf2 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:54:19.0053 19888 athr - ok
14:54:19.0147 19888 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:54:19.0162 19888 AtiHDAudioService - ok
14:54:19.0225 19888 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:54:19.0240 19888 AudioEndpointBuilder - ok
14:54:19.0256 19888 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:54:19.0256 19888 AudioSrv - ok
14:54:19.0303 19888 [ 96b4456f1dca4eda506ed31c7d2d6b05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:54:19.0334 19888 Avgfwfd - ok
14:54:19.0474 19888 [ bd5d11cedbcde4fa97d2387e7069b1ff ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
14:54:19.0521 19888 avgfws - ok
14:54:19.0677 19888 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:54:19.0771 19888 AVGIDSAgent - ok
14:54:19.0833 19888 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:54:19.0864 19888 AVGIDSDriver - ok
14:54:19.0895 19888 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:54:19.0895 19888 AVGIDSFilter - ok
14:54:19.0895 19888 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
14:54:19.0911 19888 AVGIDSHA - ok
14:54:19.0942 19888 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
14:54:19.0942 19888 Avgldx64 - ok
14:54:19.0989 19888 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
14:54:19.0989 19888 Avgmfx64 - ok
14:54:20.0020 19888 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
14:54:20.0036 19888 Avgrkx64 - ok
14:54:20.0083 19888 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
14:54:20.0098 19888 Avgtdia - ok
14:54:20.0129 19888 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:54:20.0145 19888 avgwd - ok
14:54:20.0192 19888 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:54:20.0192 19888 AxInstSV - ok
14:54:20.0239 19888 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:54:20.0239 19888 b06bdrv - ok
14:54:20.0270 19888 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:54:20.0270 19888 b57nd60a - ok
14:54:20.0332 19888 [ 93ee7d9c35ae7e9ffda148d7805f1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:54:20.0332 19888 BBSvc - ok
14:54:20.0379 19888 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:54:20.0395 19888 BDESVC - ok
14:54:20.0395 19888 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:54:20.0395 19888 Beep - ok
14:54:20.0426 19888 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
14:54:20.0441 19888 BFE - ok
14:54:20.0597 19888 [ 5b1fe9d351c284701c8051da2aa81df6 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
14:54:20.0691 19888 BHDrvx64 - ok
14:54:20.0738 19888 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:54:20.0738 19888 blbdrive - ok
14:54:20.0800 19888 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:54:20.0831 19888 Bonjour Service - ok
14:54:20.0878 19888 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:54:20.0909 19888 bowser - ok
14:54:20.0956 19888 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:54:20.0956 19888 BrFiltLo - ok
14:54:20.0956 19888 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:54:20.0956 19888 BrFiltUp - ok
14:54:20.0972 19888 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:54:20.0972 19888 BridgeMP - ok
14:54:21.0019 19888 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
14:54:21.0019 19888 Browser - ok
14:54:21.0034 19888 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:54:21.0034 19888 Brserid - ok
14:54:21.0034 19888 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:54:21.0050 19888 BrSerWdm - ok
14:54:21.0050 19888 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:54:21.0050 19888 BrUsbMdm - ok
14:54:21.0050 19888 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:54:21.0065 19888 BrUsbSer - ok
14:54:21.0065 19888 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:54:21.0065 19888 BTHMODEM - ok
14:54:21.0081 19888 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
14:54:21.0081 19888 bthserv - ok
14:54:21.0128 19888 catchme - ok
14:54:21.0159 19888 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:54:21.0159 19888 cdfs - ok
14:54:21.0190 19888 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:54:21.0190 19888 cdrom - ok
14:54:21.0237 19888 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
14:54:21.0237 19888 CertPropSvc - ok
14:54:21.0237 19888 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
14:54:21.0237 19888 circlass - ok
14:54:21.0268 19888 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
14:54:21.0268 19888 CLFS - ok
14:54:21.0331 19888 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:54:21.0346 19888 clr_optimization_v2.0.50727_32 - ok
14:54:21.0393 19888 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:54:21.0393 19888 clr_optimization_v2.0.50727_64 - ok
14:54:21.0455 19888 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:54:21.0502 19888 clr_optimization_v4.0.30319_32 - ok
14:54:21.0533 19888 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:54:21.0533 19888 clr_optimization_v4.0.30319_64 - ok
14:54:21.0549 19888 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:54:21.0549 19888 CmBatt - ok
14:54:21.0580 19888 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:54:21.0580 19888 cmdide - ok
14:54:21.0627 19888 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
14:54:21.0643 19888 CNG - ok
14:54:21.0658 19888 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:54:21.0674 19888 Compbatt - ok
14:54:21.0674 19888 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:54:21.0674 19888 CompositeBus - ok
14:54:21.0689 19888 COMSysApp - ok
14:54:21.0705 19888 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:54:21.0705 19888 crcdisk - ok
14:54:21.0752 19888 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:54:21.0752 19888 CryptSvc - ok
14:54:21.0892 19888 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:54:21.0923 19888 cvhsvc - ok
14:54:21.0970 19888 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:54:22.0001 19888 DcomLaunch - ok
14:54:22.0033 19888 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
14:54:22.0033 19888 defragsvc - ok
14:54:22.0064 19888 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:54:22.0064 19888 DfsC - ok
14:54:22.0111 19888 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
14:54:22.0111 19888 Dhcp - ok
14:54:22.0142 19888 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
14:54:22.0142 19888 discache - ok
14:54:22.0173 19888 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
14:54:22.0173 19888 Disk - ok
14:54:22.0220 19888 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:54:22.0220 19888 Dnscache - ok
14:54:22.0235 19888 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:54:22.0251 19888 dot3svc - ok
14:54:22.0251 19888 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
14:54:22.0251 19888 DPS - ok
14:54:22.0282 19888 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:54:22.0298 19888 drmkaud - ok
14:54:22.0360 19888 [ 32c2cd16dc801aef9edaafea0dbd769e ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:54:22.0391 19888 DsiWMIService - ok
14:54:22.0454 19888 [ 400582b09e0bb557d0ec28a945150eeb ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:54:22.0485 19888 dtsoftbus01 - ok
14:54:22.0547 19888 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:54:22.0563 19888 DXGKrnl - ok
14:54:22.0610 19888 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:54:22.0625 19888 EapHost - ok
14:54:22.0719 19888 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:54:22.0781 19888 ebdrv - ok
14:54:22.0844 19888 [ 0c3f9eff8ddd9f9eb56d754b4620155f ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:54:22.0859 19888 eeCtrl - ok
14:54:22.0891 19888 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
14:54:22.0922 19888 EFS - ok
14:54:23.0015 19888 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:54:23.0062 19888 ehRecvr - ok
14:54:23.0093 19888 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
14:54:23.0109 19888 ehSched - ok
14:54:23.0171 19888 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:54:23.0171 19888 elxstor - ok
14:54:23.0265 19888 [ eb1c213a8550f066b2ccc29c9f41e2ae ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
14:54:23.0296 19888 ePowerSvc - ok
14:54:23.0359 19888 [ 8c0f9b877bc0b7ffd327ef55f9efb642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:54:23.0405 19888 EraserUtilRebootDrv - ok
14:54:23.0405 19888 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:54:23.0421 19888 ErrDev - ok
14:54:23.0483 19888 [ dbaa0c650c9549dc5c599d1e81dedaad ] ETD C:\Windows\system32\DRIVERS\ETD.sys
14:54:23.0499 19888 ETD - ok
14:54:23.0546 19888 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
14:54:23.0546 19888 EventSystem - ok
14:54:23.0577 19888 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
14:54:23.0577 19888 exfat - ok
14:54:23.0593 19888 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:54:23.0608 19888 fastfat - ok
14:54:23.0639 19888 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
14:54:23.0655 19888 Fax - ok
14:54:23.0671 19888 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
14:54:23.0671 19888 fdc - ok
14:54:23.0702 19888 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:54:23.0702 19888 fdPHost - ok
14:54:23.0702 19888 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:54:23.0702 19888 FDResPub - ok
14:54:23.0733 19888 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:54:23.0733 19888 FileInfo - ok
14:54:23.0749 19888 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:54:23.0749 19888 Filetrace - ok
14:54:23.0811 19888 [ bb0667b0171b632b97ea759515476f07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:54:23.0827 19888 FLEXnet Licensing Service - ok
14:54:23.0827 19888 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:54:23.0827 19888 flpydisk - ok
14:54:23.0858 19888 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:54:23.0858 19888 FltMgr - ok
14:54:23.0889 19888 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
14:54:23.0920 19888 FontCache - ok
14:54:23.0983 19888 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:54:23.0983 19888 FontCache3.0.0.0 - ok
14:54:23.0998 19888 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:54:23.0998 19888 FsDepends - ok
14:54:24.0045 19888 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:54:24.0061 19888 Fs_Rec - ok
14:54:24.0092 19888 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:54:24.0092 19888 fvevol - ok
14:54:24.0107 19888 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:54:24.0107 19888 gagp30kx - ok
14:54:24.0201 19888 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:54:24.0232 19888 GamesAppService - ok
14:54:24.0263 19888 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:54:24.0295 19888 GEARAspiWDM - ok
14:54:24.0357 19888 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
14:54:24.0388 19888 gpsvc - ok
14:54:24.0451 19888 [ 0191dee9b9eb7902af2cf4f67301095d ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
14:54:24.0482 19888 GREGService - ok
14:54:24.0513 19888 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:54:24.0529 19888 hcw85cir - ok
14:54:24.0544 19888 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:54:24.0544 19888 HdAudAddService - ok
14:54:24.0591 19888 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:54:24.0591 19888 HDAudBus - ok
14:54:24.0591 19888 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:54:24.0591 19888 HidBatt - ok
14:54:24.0607 19888 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:54:24.0622 19888 HidBth - ok
14:54:24.0622 19888 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:54:24.0638 19888 HidIr - ok
14:54:24.0638 19888 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
14:54:24.0638 19888 hidserv - ok
14:54:24.0653 19888 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:54:24.0653 19888 HidUsb - ok
14:54:24.0653 19888 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:54:24.0669 19888 hkmsvc - ok
14:54:24.0669 19888 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:54:24.0669 19888 HomeGroupListener - ok
14:54:24.0700 19888 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:54:24.0731 19888 HomeGroupProvider - ok
14:54:24.0763 19888 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:54:24.0763 19888 HpSAMD - ok
14:54:24.0809 19888 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:54:24.0809 19888 HTTP - ok
14:54:24.0825 19888 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:54:24.0825 19888 hwpolicy - ok
14:54:24.0841 19888 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:54:24.0841 19888 i8042prt - ok
14:54:24.0887 19888 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:54:24.0903 19888 iaStorV - ok
14:54:24.0965 19888 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:54:24.0997 19888 idsvc - ok
14:54:25.0075 19888 [ 18c40c3f368323b203ace403cb430db1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120420.001\IDSvia64.sys
14:54:25.0090 19888 IDSVia64 - ok
14:54:25.0137 19888 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:54:25.0137 19888 iirsp - ok
14:54:25.0199 19888 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
14:54:25.0231 19888 IKEEXT - ok
14:54:25.0355 19888 [ 7d24e44761ee029680bd8da23fab8fb4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:54:25.0433 19888 IntcAzAudAddService - ok
14:54:25.0449 19888 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
14:54:25.0449 19888 intelide - ok
14:54:25.0465 19888 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:54:25.0465 19888 intelppm - ok
14:54:25.0558 19888 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:54:25.0574 19888 IntuitUpdateServiceV4 - ok
14:54:25.0605 19888 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:54:25.0605 19888 IPBusEnum - ok
14:54:25.0605 19888 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:54:25.0621 19888 IpFilterDriver - ok
14:54:25.0652 19888 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:54:25.0652 19888 iphlpsvc - ok
14:54:25.0652 19888 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:54:25.0667 19888 IPMIDRV - ok
14:54:25.0683 19888 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:54:25.0683 19888 IPNAT - ok
14:54:25.0730 19888 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:54:25.0745 19888 iPod Service - ok
14:54:25.0777 19888 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:54:25.0777 19888 IRENUM - ok
14:54:25.0777 19888 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:54:25.0777 19888 isapnp - ok
14:54:25.0808 19888 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:54:25.0808 19888 iScsiPrt - ok
14:54:25.0823 19888 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:54:25.0823 19888 kbdclass - ok
14:54:25.0839 19888 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:54:25.0839 19888 kbdhid - ok
14:54:25.0855 19888 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
14:54:25.0855 19888 KeyIso - ok
14:54:25.0901 19888 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:54:25.0901 19888 KSecDD - ok
14:54:25.0933 19888 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:54:25.0933 19888 KSecPkg - ok
14:54:25.0933 19888 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:54:25.0948 19888 ksthunk - ok
14:54:25.0979 19888 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
14:54:25.0979 19888 KtmRm - ok
14:54:26.0011 19888 [ 6dd5383c9413aae3113faf89e345663d ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
14:54:26.0042 19888 L1C - ok
14:54:26.0089 19888 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:54:26.0104 19888 LanmanServer - ok
14:54:26.0135 19888 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:54:26.0135 19888 LanmanWorkstation - ok
14:54:26.0198 19888 [ 6bcee9c766815bfff89de7d81af34ce1 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
14:54:26.0213 19888 Live Updater Service - ok
14:54:26.0229 19888 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:54:26.0245 19888 lltdio - ok
14:54:26.0291 19888 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:54:26.0307 19888 lltdsvc - ok
14:54:26.0323 19888 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:54:26.0323 19888 lmhosts - ok
14:54:26.0369 19888 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:54:26.0369 19888 LSI_FC - ok
14:54:26.0369 19888 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:54:26.0369 19888 LSI_SAS - ok
14:54:26.0385 19888 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:54:26.0385 19888 LSI_SAS2 - ok
14:54:26.0385 19888 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:54:26.0401 19888 LSI_SCSI - ok
14:54:26.0401 19888 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
14:54:26.0401 19888 luafv - ok
14:54:26.0432 19888 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:54:26.0432 19888 Mcx2Svc - ok
14:54:26.0447 19888 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:54:26.0447 19888 megasas - ok
14:54:26.0447 19888 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:54:26.0463 19888 MegaSR - ok
14:54:26.0479 19888 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
14:54:26.0479 19888 MMCSS - ok
14:54:26.0494 19888 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:54:26.0494 19888 Modem - ok
14:54:26.0525 19888 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:54:26.0525 19888 monitor - ok
14:54:26.0541 19888 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:54:26.0557 19888 mouclass - ok
14:54:26.0572 19888 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:54:26.0572 19888 mouhid - ok
14:54:26.0588 19888 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:54:26.0588 19888 mountmgr - ok
14:54:26.0650 19888 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:54:26.0666 19888 MozillaMaintenance - ok
14:54:26.0681 19888 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:54:26.0681 19888 mpio - ok
14:54:26.0681 19888 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:54:26.0697 19888 mpsdrv - ok
14:54:26.0697 19888 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:54:26.0697 19888 MRxDAV - ok
14:54:26.0728 19888 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:54:26.0744 19888 mrxsmb - ok
14:54:26.0759 19888 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:54:26.0759 19888 mrxsmb10 - ok
14:54:26.0791 19888 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:54:26.0791 19888 mrxsmb20 - ok
14:54:26.0806 19888 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:54:26.0806 19888 msahci - ok
14:54:26.0822 19888 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:54:26.0837 19888 msdsm - ok
14:54:26.0853 19888 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
14:54:26.0869 19888 MSDTC - ok
14:54:26.0900 19888 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:54:26.0900 19888 Msfs - ok
14:54:26.0915 19888 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:54:26.0915 19888 mshidkmdf - ok
14:54:26.0931 19888 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:54:26.0931 19888 msisadrv - ok
14:54:26.0978 19888 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:54:26.0978 19888 MSiSCSI - ok
14:54:26.0978 19888 msiserver - ok
14:54:26.0993 19888 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:54:26.0993 19888 MSKSSRV - ok
14:54:27.0009 19888 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:54:27.0009 19888 MSPCLOCK - ok
14:54:27.0025 19888 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:54:27.0025 19888 MSPQM - ok
14:54:27.0040 19888 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:54:27.0040 19888 MsRPC - ok
14:54:27.0071 19888 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:54:27.0071 19888 mssmbios - ok
14:54:27.0087 19888 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:54:27.0087 19888 MSTEE - ok
14:54:27.0118 19888 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:54:27.0118 19888 MTConfig - ok
14:54:27.0118 19888 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:54:27.0118 19888 Mup - ok
14:54:27.0149 19888 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
14:54:27.0165 19888 napagent - ok
14:54:27.0212 19888 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:54:27.0212 19888 NativeWifiP - ok
14:54:27.0290 19888 [ 9d1cce440552500ded3a62f9d779cdb4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
14:54:27.0305 19888 NAUpdate - ok
14:54:27.0399 19888 [ 2dbe90210de76be6e1653bb20ec70ec2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120420.032\ENG64.SYS
14:54:27.0415 19888 NAVENG - ok
14:54:27.0493 19888 [ 346da70e203b8e2c850277713de8f71b ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120420.032\EX64.SYS
14:54:27.0555 19888 NAVEX15 - ok
14:54:27.0586 19888 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:54:27.0602 19888 NDIS - ok
14:54:27.0633 19888 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:54:27.0633 19888 NdisCap - ok
14:54:27.0664 19888 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:54:27.0664 19888 NdisTapi - ok
14:54:27.0680 19888 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:54:27.0680 19888 Ndisuio - ok
14:54:27.0680 19888 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:54:27.0695 19888 NdisWan - ok
14:54:27.0695 19888 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:54:27.0695 19888 NDProxy - ok
14:54:27.0695 19888 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:54:27.0711 19888 NetBIOS - ok
14:54:27.0711 19888 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:54:27.0711 19888 NetBT - ok
14:54:27.0727 19888 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
14:54:27.0727 19888 Netlogon - ok
14:54:27.0773 19888 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
14:54:27.0773 19888 Netman - ok
14:54:27.0820 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0820 19888 NetMsmqActivator - ok
14:54:27.0820 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0836 19888 NetPipeActivator - ok
14:54:27.0851 19888 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
14:54:27.0867 19888 netprofm - ok
14:54:27.0883 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0883 19888 NetTcpActivator - ok
14:54:27.0883 19888 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:54:27.0883 19888 NetTcpPortSharing - ok
14:54:27.0914 19888 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:54:27.0914 19888 nfrd960 - ok
14:54:28.0039 19888 [ e78a365cc3e0fbfc018a33dce01909f8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
14:54:28.0039 19888 NIS - ok
14:54:28.0085 19888 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:54:28.0085 19888 NlaSvc - ok
14:54:28.0179 19888 [ 5839a8027d6d324a7cd494051a96628c ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:54:28.0226 19888 NOBU - ok
14:54:28.0257 19888 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:54:28.0273 19888 Npfs - ok
14:54:28.0273 19888 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:54:28.0273 19888 nsi - ok
14:54:28.0288 19888 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:54:28.0288 19888 nsiproxy - ok
14:54:28.0351 19888 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:54:28.0429 19888 Ntfs - ok
14:54:28.0538 19888 [ 6cc09d2f0ba4a09babc3c41b8fd888f7 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
14:54:28.0616 19888 NTI IScheduleSvc - ok
14:54:28.0663 19888 [ 64ddd0dee976302f4bd93e5efcc2f013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:54:28.0663 19888 NTIDrvr - ok
14:54:28.0694 19888 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
14:54:28.0694 19888 Null - ok
14:54:28.0725 19888 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:54:28.0741 19888 nvraid - ok
14:54:28.0756 19888 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:54:28.0772 19888 nvstor - ok
14:54:28.0787 19888 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:54:28.0803 19888 nv_agp - ok
14:54:28.0803 19888 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:54:28.0803 19888 ohci1394 - ok
14:54:28.0881 19888 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:54:28.0881 19888 ose - ok
14:54:29.0021 19888 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:54:29.0131 19888 osppsvc - ok
14:54:29.0162 19888 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:54:29.0162 19888 p2pimsvc - ok
14:54:29.0209 19888 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:54:29.0209 19888 p2psvc - ok
14:54:29.0240 19888 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:54:29.0240 19888 Parport - ok
14:54:29.0271 19888 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:54:29.0271 19888 partmgr - ok
14:54:29.0271 19888 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:54:29.0287 19888 PcaSvc - ok
14:54:29.0302 19888 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
14:54:29.0302 19888 pci - ok
14:54:29.0302 19888 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
14:54:29.0318 19888 pciide - ok
14:54:29.0333 19888 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:54:29.0333 19888 pcmcia - ok
14:54:29.0333 19888 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:54:29.0333 19888 pcw - ok
14:54:29.0349 19888 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:54:29.0365 19888 PEAUTH - ok
14:54:29.0474 19888 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:54:29.0489 19888 PerfHost - ok
14:54:29.0692 19888 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
14:54:29.0723 19888 pla - ok
14:54:29.0833 19888 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:54:29.0848 19888 PlugPlay - ok
14:54:29.0864 19888 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:54:29.0864 19888 PNRPAutoReg - ok
14:54:29.0879 19888 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:54:29.0879 19888 PNRPsvc - ok
14:54:29.0911 19888 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:54:29.0926 19888 PolicyAgent - ok
14:54:29.0957 19888 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
14:54:29.0957 19888 Power - ok
14:54:29.0989 19888 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:54:30.0004 19888 PptpMiniport - ok
14:54:30.0035 19888 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
14:54:30.0035 19888 Processor - ok
14:54:30.0067 19888 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:54:30.0082 19888 ProfSvc - ok
14:54:30.0098 19888 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:54:30.0098 19888 ProtectedStorage - ok
14:54:30.0129 19888 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:54:30.0129 19888 Psched - ok
14:54:30.0176 19888 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:54:30.0207 19888 ql2300 - ok
14:54:30.0207 19888 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:54:30.0207 19888 ql40xx - ok
14:54:30.0254 19888 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:54:30.0254 19888 QWAVE - ok
14:54:30.0269 19888 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:54:30.0269 19888 QWAVEdrv - ok
14:54:30.0269 19888 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:54:30.0285 19888 RasAcd - ok
14:54:30.0316 19888 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:54:30.0316 19888 RasAgileVpn - ok
14:54:30.0332 19888 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:54:30.0332 19888 RasAuto - ok
14:54:30.0332 19888 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:54:30.0332 19888 Rasl2tp - ok
14:54:30.0379 19888 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
14:54:30.0379 19888 RasMan - ok
14:54:30.0394 19888 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:54:30.0394 19888 RasPppoe - ok
14:54:30.0394 19888 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:54:30.0410 19888 RasSstp - ok
14:54:30.0410 19888 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:54:30.0410 19888 rdbss - ok
14:54:30.0457 19888 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:54:30.0457 19888 rdpbus - ok
14:54:30.0472 19888 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:54:30.0472 19888 RDPCDD - ok
14:54:30.0488 19888 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:54:30.0488 19888 RDPENCDD - ok
14:54:30.0503 19888 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:54:30.0503 19888 RDPREFMP - ok
14:54:30.0550 19888 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:54:30.0597 19888 RDPWD - ok
14:54:30.0597 19888 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:54:30.0597 19888 rdyboost - ok
14:54:30.0628 19888 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:54:30.0644 19888 RemoteAccess - ok
14:54:30.0659 19888 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:54:30.0675 19888 RemoteRegistry - ok
14:54:30.0722 19888 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:54:30.0722 19888 RimUsb - ok
14:54:30.0737 19888 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:54:30.0737 19888 RpcEptMapper - ok
14:54:30.0769 19888 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:54:30.0769 19888 RpcLocator - ok
14:54:30.0800 19888 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
14:54:30.0800 19888 RpcSs - ok
14:54:30.0831 19888 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:54:30.0831 19888 rspndr - ok
14:54:30.0909 19888 [ 135a64530d7699ad48f29d73a658dd11 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
14:54:30.0909 19888 RSUSBSTOR - ok
14:54:30.0956 19888 [ fa088015155c4c6dab5d1d9e68eb9d6b ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
14:54:30.0987 19888 RTL8192Ce - ok
14:54:31.0018 19888 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
14:54:31.0018 19888 SamSs - ok
14:54:31.0034 19888 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:54:31.0034 19888 sbp2port - ok
14:54:31.0065 19888 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:54:31.0065 19888 SCardSvr - ok
14:54:31.0096 19888 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:54:31.0096 19888 scfilter - ok
14:54:31.0127 19888 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
14:54:31.0174 19888 Schedule - ok
14:54:31.0190 19888 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:54:31.0190 19888 SCPolicySvc - ok
14:54:31.0205 19888 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:54:31.0205 19888 SDRSVC - ok
14:54:31.0283 19888 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:54:31.0283 19888 SeaPort - ok
14:54:31.0330 19888 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:54:31.0330 19888 secdrv - ok
14:54:31.0361 19888 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
14:54:31.0361 19888 seclogon - ok
14:54:31.0393 19888 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
14:54:31.0393 19888 SENS - ok
14:54:31.0408 19888 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:54:31.0408 19888 SensrSvc - ok
14:54:31.0424 19888 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
14:54:31.0424 19888 Serenum - ok
14:54:31.0439 19888 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
14:54:31.0439 19888 Serial - ok
14:54:31.0455 19888 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:54:31.0455 19888 sermouse - ok
14:54:31.0471 19888 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:54:31.0486 19888 SessionEnv - ok
14:54:31.0486 19888 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:54:31.0486 19888 sffdisk - ok
14:54:31.0502 19888 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:54:31.0502 19888 sffp_mmc - ok
14:54:31.0502 19888 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:54:31.0502 19888 sffp_sd - ok
14:54:31.0502 19888 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:54:31.0517 19888 sfloppy - ok
14:54:31.0580 19888 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:54:31.0611 19888 Sftfs - ok
14:54:32.0032 19888 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:54:32.0063 19888 sftlist - ok
14:54:32.0266 19888 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:54:32.0329 19888 Sftplay - ok
14:54:32.0687 19888 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:54:32.0719 19888 Sftredir - ok
14:54:32.0750 19888 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:54:32.0750 19888 Sftvol - ok
14:54:32.0890 19888 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:54:32.0890 19888 sftvsa - ok
14:54:32.0953 19888 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:54:32.0953 19888 SharedAccess - ok
14:54:32.0984 19888 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:54:32.0999 19888 ShellHWDetection - ok
14:54:33.0031 19888 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:54:33.0031 19888 SiSRaid2 - ok
14:54:33.0031 19888 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:54:33.0046 19888 SiSRaid4 - ok
14:54:33.0062 19888 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:54:33.0062 19888 Smb - ok
14:54:33.0093 19888 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:54:33.0093 19888 SNMPTRAP - ok
14:54:33.0109 19888 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:54:33.0109 19888 spldr - ok
14:54:33.0140 19888 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
14:54:33.0155 19888 Spooler - ok
14:54:33.0218 19888 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
14:54:33.0311 19888 sppsvc - ok
14:54:33.0327 19888 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:54:33.0343 19888 sppuinotify - ok
14:54:33.0436 19888 [ 90ef30c3867bcde4579c01a6d6e75a7a ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
14:54:33.0467 19888 SRTSP - ok
14:54:33.0483 19888 [ c513e8a5e7978da49077f5484344ee1b ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
14:54:33.0499 19888 SRTSPX - ok
14:54:33.0530 19888 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
14:54:33.0530 19888 srv - ok
14:54:33.0561 19888 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:54:33.0577 19888 srv2 - ok
14:54:33.0608 19888 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:54:33.0608 19888 srvnet - ok
14:54:33.0670 19888 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:54:33.0670 19888 SSDPSRV - ok
14:54:33.0670 19888 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:54:33.0686 19888 SstpSvc - ok
14:54:33.0717 19888 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:54:33.0717 19888 stexstor - ok
14:54:33.0764 19888 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
14:54:33.0795 19888 stisvc - ok
14:54:33.0842 19888 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:54:33.0842 19888 swenum - ok
14:54:33.0857 19888 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:54:33.0873 19888 swprv - ok
14:54:33.0889 19888 [ 6160145c7a87fc7672e8e3b886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
14:54:33.0904 19888 SymDS - ok
14:54:33.0935 19888 [ 96aeed40d4d3521568b42027687e69e0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
14:54:33.0951 19888 SymEFA - ok
14:54:33.0998 19888 [ 21a1c2d694c3cf962d31f5e873ab3d6f ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:54:33.0998 19888 SymEvent - ok
14:54:34.0029 19888 [ bd0d711d8cbfcaa19ca123306eaf53a5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
14:54:34.0045 19888 SymIRON - ok
14:54:34.0060 19888 [ a6adb3d83023f8daa0f7b6fda785d83b ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
14:54:34.0060 19888 SymNetS - ok
14:54:34.0123 19888 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
14:54:34.0154 19888 SysMain - ok
14:54:34.0169 19888 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:34.0169 19888 TabletInputService - ok
14:54:34.0169 19888 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:34.0185 19888 TapiSrv - ok
14:54:34.0201 19888 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:54:34.0201 19888 TBS - ok
14:54:34.0263 19888 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:34.0325 19888 Tcpip - ok
14:54:34.0372 19888 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:34.0388 19888 TCPIP6 - ok
14:54:34.0419 19888 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:34.0419 19888 tcpipreg - ok
14:54:34.0435 19888 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:34.0450 19888 TDPIPE - ok
14:54:34.0466 19888 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:34.0466 19888 TDTCP - ok
14:54:34.0513 19888 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:34.0513 19888 tdx - ok
14:54:34.0513 19888 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:54:34.0528 19888 TermDD - ok
14:54:34.0559 19888 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
14:54:34.0575 19888 TermService - ok
14:54:34.0575 19888 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:54:34.0575 19888 Themes - ok
14:54:34.0591 19888 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:34.0606 19888 THREADORDER - ok
14:54:34.0606 19888 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:54:34.0622 19888 TrkWks - ok
14:54:34.0669 19888 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:34.0669 19888 TrustedInstaller - ok
14:54:34.0700 19888 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:34.0700 19888 tssecsrv - ok
14:54:34.0747 19888 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:54:34.0747 19888 TsUsbFlt - ok
14:54:34.0762 19888 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:54:34.0778 19888 TsUsbGD - ok
14:54:34.0871 19888 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:54:34.0871 19888 tunnel - ok
14:54:34.0887 19888 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:54:34.0887 19888 uagp35 - ok
14:54:34.0903 19888 [ 2e22c1fd397a5a9ffef55e9d1fc96c00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:54:34.0903 19888 UBHelper - ok
14:54:34.0934 19888 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:54:34.0934 19888 udfs - ok
14:54:34.0965 19888 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:54:34.0965 19888 UI0Detect - ok
14:54:34.0996 19888 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:54:35.0012 19888 uliagpkx - ok
14:54:35.0012 19888 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:54:35.0012 19888 umbus - ok
14:54:35.0012 19888 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
14:54:35.0027 19888 UmPass - ok
14:54:35.0059 19888 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:54:35.0059 19888 upnphost - ok
14:54:35.0090 19888 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:54:35.0105 19888 USBAAPL64 - ok
14:54:35.0137 19888 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:35.0137 19888 usbccgp - ok
14:54:35.0137 19888 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:54:35.0137 19888 usbcir - ok
14:54:35.0152 19888 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:54:35.0152 19888 usbehci - ok
14:54:35.0199 19888 [ 573d192e268f0c5b486b7e96f661e538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:54:35.0199 19888 usbfilter - ok
14:54:35.0215 19888 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:54:35.0215 19888 usbhub - ok
14:54:35.0246 19888 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:54:35.0277 19888 usbohci - ok
14:54:35.0293 19888 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:54:35.0308 19888 usbprint - ok
14:54:35.0324 19888 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:54:35.0339 19888 USBSTOR - ok
14:54:35.0355 19888 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:54:35.0355 19888 usbuhci - ok
14:54:35.0386 19888 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:54:35.0386 19888 usbvideo - ok
14:54:35.0417 19888 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:54:35.0417 19888 UxSms - ok
14:54:35.0433 19888 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
14:54:35.0433 19888 VaultSvc - ok
14:54:35.0433 19888 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:54:35.0449 19888 vdrvroot - ok
14:54:35.0464 19888 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
14:54:35.0480 19888 vds - ok
14:54:35.0495 19888 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:35.0495 19888 vga - ok
14:54:35.0511 19888 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:54:35.0511 19888 VgaSave - ok
14:54:35.0511 19888 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:54:35.0527 19888 vhdmp - ok
14:54:35.0542 19888 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:54:35.0542 19888 viaide - ok
14:54:35.0558 19888 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:54:35.0558 19888 volmgr - ok
14:54:35.0558 19888 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:54:35.0573 19888 volmgrx - ok
14:54:35.0573 19888 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:54:35.0589 19888 volsnap - ok
14:54:35.0620 19888 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:54:35.0620 19888 vsmraid - ok
14:54:35.0667 19888 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
14:54:35.0729 19888 VSS - ok
14:54:35.0745 19888 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:54:35.0745 19888 vwifibus - ok
14:54:35.0761 19888 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:54:35.0761 19888 vwififlt - ok
14:54:35.0776 19888 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:54:35.0776 19888 W32Time - ok
14:54:35.0792 19888 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:54:35.0792 19888 WacomPen - ok
14:54:35.0807 19888 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:54:35.0807 19888 WANARP - ok
14:54:35.0807 19888 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:54:35.0807 19888 Wanarpv6 - ok
14:54:35.0885 19888 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:54:35.0932 19888 WatAdminSvc - ok
14:54:35.0995 19888 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
14:54:36.0041 19888 wbengine - ok
14:54:36.0041 19888 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:54:36.0041 19888 WbioSrvc - ok
14:54:36.0057 19888 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:54:36.0057 19888 wcncsvc - ok
14:54:36.0073 19888 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:54:36.0073 19888 WcsPlugInService - ok
14:54:36.0104 19888 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
14:54:36.0104 19888 Wd - ok
14:54:36.0119 19888 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:54:36.0135 19888 Wdf01000 - ok
14:54:36.0135 19888 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:54:36.0151 19888 WdiServiceHost - ok
14:54:36.0151 19888 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:54:36.0151 19888 WdiSystemHost - ok
14:54:36.0166 19888 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:54:36.0166 19888 WebClient - ok
14:54:36.0182 19888 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:54:36.0197 19888 Wecsvc - ok
14:54:36.0197 19888 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:54:36.0197 19888 wercplsupport - ok
14:54:36.0213 19888 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:54:36.0229 19888 WerSvc - ok
14:54:36.0229 19888 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:54:36.0229 19888 WfpLwf - ok
14:54:36.0244 19888 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:54:36.0244 19888 WIMMount - ok
14:54:36.0291 19888 WinDefend - ok
14:54:36.0307 19888 WinHttpAutoProxySvc - ok
14:54:36.0353 19888 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:54:36.0369 19888 Winmgmt - ok
14:54:36.0416 19888 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
14:54:36.0463 19888 WinRM - ok
14:54:36.0541 19888 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:54:36.0541 19888 WinUsb - ok
14:54:36.0587 19888 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:54:36.0603 19888 Wlansvc - ok
14:54:36.0681 19888 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:54:36.0681 19888 wlcrasvc - ok
14:54:36.0759 19888 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:54:36.0790 19888 wlidsvc - ok
14:54:36.0821 19888 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:54:36.0821 19888 WmiAcpi - ok
14:54:36.0853 19888 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:54:36.0868 19888 wmiApSrv - ok
14:54:36.0899 19888 WMPNetworkSvc - ok
14:54:36.0931 19888 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:54:36.0931 19888 WPCSvc - ok
14:54:36.0946 19888 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:54:36.0946 19888 WPDBusEnum - ok
14:54:36.0977 19888 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:54:36.0977 19888 ws2ifsl - ok
14:54:36.0993 19888 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
14:54:36.0993 19888 wscsvc - ok
14:54:36.0993 19888 WSearch - ok
14:54:37.0087 19888 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:54:37.0149 19888 wuauserv - ok
14:54:37.0165 19888 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:54:37.0180 19888 WudfPf - ok
14:54:37.0211 19888 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:37.0211 19888 WUDFRd - ok
14:54:37.0243 19888 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:54:37.0243 19888 wudfsvc - ok
14:54:37.0243 19888 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:54:37.0258 19888 WwanSvc - ok
14:54:37.0274 19888 ================ Scan global ===============================
14:54:37.0321 19888 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:54:37.0352 19888 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:54:37.0367 19888 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:54:37.0383 19888 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:54:37.0430 19888 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:54:37.0430 19888 [Global] - ok
14:54:37.0430 19888 ================ Scan MBR ==================================
14:54:37.0445 19888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:54:38.0147 19888 \Device\Harddisk0\DR0 - ok
14:54:38.0147 19888 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
14:54:38.0163 19888 \Device\Harddisk1\DR2 - ok
14:54:38.0163 19888 ================ Scan VBR ==================================
14:54:38.0179 19888 Boot (0x1200) (9682fe85ee6b5b6e002cd05d69fa50b8) \Device\Harddisk0\DR0\Partition1
14:54:38.0179 19888 \Device\Harddisk0\DR0\Partition1 - ok
14:54:38.0194 19888 Boot (0x1200) (bec7251efc8121aebe0438b52f8c0e90) \Device\Harddisk0\DR0\Partition2
14:54:38.0194 19888 \Device\Harddisk0\DR0\Partition2 - ok
14:54:38.0194 19888 Boot (0x1200) (c77d34e89ed0f45c4b4c95aecb6bb5cb) \Device\Harddisk1\DR2\Partition1
14:54:38.0210 19888 \Device\Harddisk1\DR2\Partition1 - ok
14:54:38.0210 19888 ============================================================
14:54:38.0210 19888 Scan finished
14:54:38.0210 19888 ============================================================
14:54:38.0225 19432 Detected object count: 0
14:54:38.0225 19432 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 14:58:42
-----------------------------
14:58:42.659 OS Version: Windows x64 6.1.7601 Service Pack 1
14:58:42.659 Number of processors: 4 586 0x100
14:58:42.659 ComputerName: BERTRAND-PC UserName: Bertrand
14:58:45.499 Initialize success
14:59:30.267 AVAST engine download error: 0
14:59:53.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:59:53.885 Disk 0 Vendor: WDC_WD6400BPVT-22HXZT1 01.01A01 Size: 610480MB BusType: 11
14:59:53.916 Disk 0 MBR read successfully
14:59:53.916 Disk 0 MBR scan
14:59:53.932 Disk 0 Windows 7 default MBR code
14:59:53.932 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
14:59:53.963 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
14:59:53.979 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593994 MB offset 33761280
14:59:54.010 Disk 0 scanning C:\Windows\system32\drivers
14:59:59.283 Service scanning
15:00:16.350 Modules scanning
15:00:16.366 Disk 0 trace - called modules:
15:00:16.397 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:00:16.413 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046d5790]
15:00:16.413 3 CLASSPNP.SYS[fffff88001ba143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004086060]
15:00:16.428 Scan finished successfully
15:00:30.297 Disk 0 MBR has been saved successfully to "C:\Users\Bertrand\Desktop\MBR.dat"
15:00:30.297 The log file has been saved successfully to "C:\Users\Bertrand\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 19 August 2012 - 02:31 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 22 August 2012 - 04:59 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:34 AM

Posted 25 August 2012 - 05:42 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zindoz

zindoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 27 August 2012 - 08:18 PM

Hey gringo,
Sorryfor delay,am traveling for business without my computer
Will finish the procedure as instructed as soon as I come back on Tuesday
Cheers
Bertrand




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users