Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password and email addresses stolen from my computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 JayoBayo

JayoBayo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 29 August 2012 - 07:44 AM

I've had two suspicious things happen to my computer and need help to check if I have keylogger/malware running: (Windows 7 Professional 64 bit, sp1)

1) A month ago, I received a spam mail addressed to me with 8 accurate addresses of my domain, and no phoney ones. One of those addresses is unusual and is not listed anywhere outside my system, and i never use it, so I'm afraid someone managed to take these addresses from my computer.

2) Three days ago, someone managed to logon to my website (different domain than the email addresses) and changed the control panel password, and it wasn't brute force because there were no login failures. This password was in plain text on my computer (I missed to erase it), so I am afraid it may have been stolen if someone else has access to my computer.

Because of these two occurences, I would greatly appreciate if someone can help me to check if there is anything malicious running on my computer.

Thank you very, very much,

Jonathan

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by csc at 14:20:41 on 2012-08-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4030.2752 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = res://iesetup.dll/SoftAdmin.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 10.101.10.3
TCP: Interfaces\{DC695193-FD74-42B5-BA5C-EBF138AFFC55} : DhcpNameServer = 10.101.10.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120823.013\BHDrvx64.sys [2012-8-28 1161376]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [?]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-6 250056]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-09 10:19:49 -------- d-----w- C:\Users\csc\AppData\Local\Secunia PSI
2012-08-08 11:54:48 -------- d-----w- C:\Softland
2012-08-07 09:39:21 98816 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAW.DLL
2012-08-07 09:39:21 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAW.DLL
2012-08-07 09:39:21 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\3_CNMPDAW.DLL
2012-08-07 09:39:21 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\2_CNMPDAW.DLL
2012-08-07 09:39:21 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_CNMPDAW.DLL
2012-08-01 08:52:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-08-01 08:52:26 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-08-01 08:52:26 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-01 08:52:26 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-01 08:52:26 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-01 08:52:26 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-08-01 08:51:47 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-08-01 08:51:47 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-08-01 08:51:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-08-01 08:51:47 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-08-01 08:51:47 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-08-01 08:51:47 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-08-01 08:51:46 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-08-01 08:51:46 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-08-01 08:51:46 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
.
==================== Find3M ====================
.
2012-08-15 15:39:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 15:39:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 08:06:57 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 08:06:57 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-12 08:06:57 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-13 17:42:24 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-13 17:42:24 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-31 13:25:35 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
.
============= FINISH: 14:21:08.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 02 September 2012 - 01:41 PM

Greetings JayoBayo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2: If you prefer I call you something other than your screen name I would be pleased to do so.


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 02 September 2012 - 02:11 PM

Greetings JayoBayo,

We need to take a deeper look into your computer. Please perform the following for me.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 JayoBayo

JayoBayo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 02 September 2012 - 03:45 PM

Dear Gary,

Thank you so much for your clear and detailed instructions. The care you are offering is amazing.

I ran TDSSKiller and nothing was found.

Sincerely,

Jonathan

Here is the aswMBR log contents:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 22:20:50
-----------------------------
22:20:50.933 OS Version: Windows x64 6.1.7601 Service Pack 1
22:20:50.933 Number of processors: 2 586 0xF06
22:20:50.933 ComputerName: HUM-28 UserName: csc
22:20:51.673 Initialize success
22:21:58.198 AVAST engine defs: 12090201
22:24:04.747 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
22:24:04.757 Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 11
22:24:04.767 Disk 0 MBR read successfully
22:24:04.767 Disk 0 MBR scan
22:24:04.777 Disk 0 Windows 7 default MBR code
22:24:04.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 69999 MB offset 2048
22:24:04.797 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 27392 MB offset 143360000
22:24:04.817 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50001 MB offset 199458816
22:24:04.837 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 5192 MB offset 301861350
22:24:04.887 Disk 0 scanning C:\Windows\system32\drivers
22:24:16.040 Service scanning
22:24:44.663 Modules scanning
22:24:44.663 Disk 0 trace - called modules:
22:24:44.693 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:24:44.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800457d790]
22:24:44.703 3 CLASSPNP.SYS[fffff88001b7d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa800400d060]
22:24:44.983 AVAST engine scan C:\Windows
22:24:46.473 AVAST engine scan C:\Windows\system32
22:28:54.969 AVAST engine scan C:\Windows\system32\drivers
22:29:12.673 AVAST engine scan C:\Users\csc
22:33:26.292 AVAST engine scan C:\ProgramData
22:34:27.322 Scan finished successfully
22:39:35.701 Disk 0 MBR has been saved successfully to "C:\Users\csc\Desktop\MBR.dat"
22:39:35.701 The log file has been saved successfully to "C:\Users\csc\Desktop\aswMBR.txt"

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 02 September 2012 - 04:35 PM

Greetings JayoBayo,


Thank you for your kind words. :blush:

Can you tell me if you have experienced any browser redirects? Going to one site but ending up at another?

We are going to run TDSSKiller again but with a little different twist. Please perform the following.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Verify Driver Digital Signature and Detect TDLFS file system
  • Click OK


    Posted Image

  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • Any redirects?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 JayoBayo

JayoBayo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 03 September 2012 - 09:21 PM

Dear Gary,

I ran the TDSSKiller, but the options available were slightly different than your screenshot showed. I attached a screenshot of how I set it. There were no threats found.

Attached File  TDSKiller.jpg   51.26KB   1 downloads

I have not experienced any browser redirects. In the past it would sometimes happen that I would click on a link and nothing would happen until I clicked again, but that hasn't happened for a couple months.

TDSSKiller Log:

04:08:40.0308 9992 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
04:08:40.0408 9992 ============================================================
04:08:40.0408 9992 Current date / time: 2012/09/04 04:08:40.0408
04:08:40.0408 9992 SystemInfo:
04:08:40.0408 9992
04:08:40.0408 9992 OS Version: 6.1.7601 ServicePack: 1.0
04:08:40.0408 9992 Product type: Workstation
04:08:40.0408 9992 ComputerName: HUM-28
04:08:40.0408 9992 UserName: csc
04:08:40.0408 9992 Windows directory: C:\Windows
04:08:40.0408 9992 System windows directory: C:\Windows
04:08:40.0408 9992 Running under WOW64
04:08:40.0408 9992 Processor architecture: Intel x64
04:08:40.0408 9992 Number of processors: 2
04:08:40.0408 9992 Page size: 0x1000
04:08:40.0408 9992 Boot type: Normal boot
04:08:40.0408 9992 ============================================================
04:08:41.0068 9992 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:08:41.0078 9992 ============================================================
04:08:41.0078 9992 \Device\Harddisk0\DR0:
04:08:41.0078 9992 MBR partitions:
04:08:41.0078 9992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x88B7800
04:08:41.0078 9992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B8000, BlocksNum 0x3580000
04:08:41.0078 9992 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xBE38000, BlocksNum 0x61A89E6
04:08:41.0078 9992 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x11FE09E6, BlocksNum 0xA24716
04:08:41.0078 9992 ============================================================
04:08:41.0088 9992 C: <-> \Device\Harddisk0\DR0\Partition1
04:08:41.0108 9992 D: <-> \Device\Harddisk0\DR0\Partition2
04:08:41.0128 9992 E: <-> \Device\Harddisk0\DR0\Partition3
04:08:41.0148 9992 X: <-> \Device\Harddisk0\DR0\Partition4
04:08:41.0148 9992 ============================================================
04:08:41.0148 9992 Initialize success
04:08:41.0148 9992 ============================================================
04:10:37.0596 4340 ============================================================
04:10:37.0596 4340 Scan started
04:10:37.0596 4340 Mode: Manual; SigCheck; TDLFS;
04:10:37.0596 4340 ============================================================
04:10:38.0276 4340 ================ Scan system memory ========================
04:10:38.0276 4340 System memory - ok
04:10:38.0276 4340 ================ Scan services =============================
04:10:38.0406 4340 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
04:10:38.0526 4340 1394ohci - ok
04:10:38.0546 4340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:10:38.0566 4340 ACPI - ok
04:10:38.0596 4340 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:10:38.0646 4340 AcpiPmi - ok
04:10:38.0727 4340 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:10:38.0737 4340 AdobeARMservice - ok
04:10:38.0807 4340 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:10:38.0817 4340 AdobeFlashPlayerUpdateSvc - ok
04:10:38.0857 4340 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
04:10:38.0897 4340 adp94xx - ok
04:10:38.0927 4340 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
04:10:38.0947 4340 adpahci - ok
04:10:38.0957 4340 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
04:10:38.0977 4340 adpu320 - ok
04:10:38.0997 4340 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:10:39.0137 4340 AeLookupSvc - ok
04:10:39.0177 4340 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
04:10:39.0257 4340 AFD - ok
04:10:39.0287 4340 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:10:39.0297 4340 agp440 - ok
04:10:39.0327 4340 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:10:39.0357 4340 ALG - ok
04:10:39.0377 4340 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
04:10:39.0387 4340 aliide - ok
04:10:39.0407 4340 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
04:10:39.0417 4340 amdide - ok
04:10:39.0437 4340 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
04:10:39.0467 4340 AmdK8 - ok
04:10:39.0487 4340 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
04:10:39.0507 4340 AmdPPM - ok
04:10:39.0547 4340 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:10:39.0567 4340 amdsata - ok
04:10:39.0587 4340 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
04:10:39.0607 4340 amdsbs - ok
04:10:39.0627 4340 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:10:39.0637 4340 amdxata - ok
04:10:39.0657 4340 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
04:10:39.0817 4340 AppID - ok
04:10:39.0847 4340 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:10:39.0897 4340 AppIDSvc - ok
04:10:39.0927 4340 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
04:10:39.0967 4340 Appinfo - ok
04:10:40.0027 4340 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:10:40.0037 4340 Apple Mobile Device - ok
04:10:40.0077 4340 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
04:10:40.0127 4340 AppMgmt - ok
04:10:40.0157 4340 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
04:10:40.0177 4340 arc - ok
04:10:40.0187 4340 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
04:10:40.0207 4340 arcsas - ok
04:10:40.0287 4340 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:10:40.0297 4340 aspnet_state - ok
04:10:40.0327 4340 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:10:40.0397 4340 AsyncMac - ok
04:10:40.0417 4340 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
04:10:40.0427 4340 atapi - ok
04:10:40.0477 4340 ATICDSDr - ok
04:10:40.0497 4340 AtiDCM - ok
04:10:40.0627 4340 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
04:10:40.0787 4340 atikmdag - ok
04:10:40.0827 4340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:10:40.0897 4340 AudioEndpointBuilder - ok
04:10:40.0917 4340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:10:40.0957 4340 AudioSrv - ok
04:10:40.0987 4340 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:10:41.0057 4340 AxInstSV - ok
04:10:41.0097 4340 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
04:10:41.0177 4340 b06bdrv - ok
04:10:41.0227 4340 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:10:41.0277 4340 b57nd60a - ok
04:10:41.0317 4340 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:10:41.0367 4340 BDESVC - ok
04:10:41.0427 4340 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:10:42.0017 4340 Beep - ok
04:10:42.0067 4340 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
04:10:42.0127 4340 BFE - ok
04:10:42.0367 4340 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120823.013\BHDrvx64.sys
04:10:42.0447 4340 BHDrvx64 - ok
04:10:42.0497 4340 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
04:10:42.0607 4340 BITS - ok
04:10:42.0627 4340 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:10:42.0657 4340 blbdrive - ok
04:10:42.0727 4340 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:10:42.0747 4340 Bonjour Service - ok
04:10:42.0767 4340 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:10:42.0877 4340 bowser - ok
04:10:42.0907 4340 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
04:10:42.0937 4340 BrFiltLo - ok
04:10:42.0957 4340 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
04:10:43.0057 4340 BrFiltUp - ok
04:10:43.0087 4340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
04:10:43.0127 4340 Browser - ok
04:10:43.0157 4340 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:10:43.0247 4340 Brserid - ok
04:10:43.0257 4340 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:10:43.0307 4340 BrSerWdm - ok
04:10:43.0357 4340 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:10:43.0387 4340 BrUsbMdm - ok
04:10:43.0407 4340 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:10:43.0437 4340 BrUsbSer - ok
04:10:43.0457 4340 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
04:10:43.0497 4340 BTHMODEM - ok
04:10:43.0527 4340 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:10:43.0597 4340 bthserv - ok
04:10:43.0617 4340 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:10:43.0657 4340 cdfs - ok
04:10:43.0697 4340 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:10:43.0727 4340 cdrom - ok
04:10:43.0757 4340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
04:10:43.0817 4340 CertPropSvc - ok
04:10:43.0857 4340 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
04:10:43.0887 4340 circlass - ok
04:10:43.0927 4340 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:10:43.0947 4340 CLFS - ok
04:10:43.0997 4340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:10:44.0007 4340 clr_optimization_v2.0.50727_32 - ok
04:10:44.0047 4340 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:10:44.0057 4340 clr_optimization_v2.0.50727_64 - ok
04:10:44.0127 4340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:10:44.0147 4340 clr_optimization_v4.0.30319_32 - ok
04:10:44.0167 4340 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:10:44.0187 4340 clr_optimization_v4.0.30319_64 - ok
04:10:44.0207 4340 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
04:10:44.0247 4340 CmBatt - ok
04:10:44.0267 4340 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:10:44.0277 4340 cmdide - ok
04:10:44.0317 4340 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
04:10:44.0367 4340 CNG - ok
04:10:44.0377 4340 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
04:10:44.0387 4340 Compbatt - ok
04:10:44.0407 4340 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
04:10:44.0437 4340 CompositeBus - ok
04:10:44.0457 4340 COMSysApp - ok
04:10:44.0467 4340 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
04:10:44.0487 4340 crcdisk - ok
04:10:44.0507 4340 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:10:44.0557 4340 CryptSvc - ok
04:10:44.0577 4340 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
04:10:44.0647 4340 CSC - ok
04:10:44.0687 4340 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
04:10:44.0747 4340 CscService - ok
04:10:44.0787 4340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:10:44.0847 4340 DcomLaunch - ok
04:10:44.0877 4340 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:10:44.0927 4340 defragsvc - ok
04:10:44.0957 4340 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:10:45.0047 4340 DfsC - ok
04:10:45.0097 4340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
04:10:45.0237 4340 Dhcp - ok
04:10:45.0267 4340 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:10:45.0367 4340 discache - ok
04:10:45.0397 4340 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
04:10:45.0417 4340 Disk - ok
04:10:45.0437 4340 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
04:10:45.0487 4340 dmvsc - ok
04:10:45.0517 4340 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:10:45.0567 4340 Dnscache - ok
04:10:45.0587 4340 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:10:45.0637 4340 dot3svc - ok
04:10:45.0657 4340 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
04:10:45.0697 4340 DPS - ok
04:10:45.0727 4340 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:10:45.0757 4340 drmkaud - ok
04:10:45.0797 4340 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:10:45.0847 4340 DXGKrnl - ok
04:10:45.0857 4340 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:10:45.0917 4340 EapHost - ok
04:10:45.0997 4340 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
04:10:46.0097 4340 ebdrv - ok
04:10:46.0147 4340 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
04:10:46.0167 4340 eeCtrl - ok
04:10:46.0207 4340 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
04:10:46.0247 4340 EFS - ok
04:10:46.0327 4340 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:10:46.0407 4340 ehRecvr - ok
04:10:46.0417 4340 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:10:46.0437 4340 ehSched - ok
04:10:46.0477 4340 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
04:10:46.0507 4340 elxstor - ok
04:10:46.0537 4340 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:10:46.0547 4340 EraserUtilRebootDrv - ok
04:10:46.0567 4340 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:10:46.0587 4340 ErrDev - ok
04:10:46.0627 4340 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:10:46.0677 4340 EventSystem - ok
04:10:46.0698 4340 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:10:46.0738 4340 exfat - ok
04:10:46.0768 4340 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:10:46.0818 4340 fastfat - ok
04:10:46.0858 4340 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
04:10:46.0938 4340 Fax - ok
04:10:46.0958 4340 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
04:10:46.0978 4340 fdc - ok
04:10:47.0008 4340 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:10:47.0058 4340 fdPHost - ok
04:10:47.0078 4340 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:10:47.0138 4340 FDResPub - ok
04:10:47.0158 4340 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:10:47.0178 4340 FileInfo - ok
04:10:47.0188 4340 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:10:47.0228 4340 Filetrace - ok
04:10:47.0238 4340 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
04:10:47.0258 4340 flpydisk - ok
04:10:47.0278 4340 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:10:47.0298 4340 FltMgr - ok
04:10:47.0388 4340 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
04:10:47.0518 4340 FontCache - ok
04:10:47.0548 4340 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:10:47.0558 4340 FontCache3.0.0.0 - ok
04:10:47.0578 4340 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:10:47.0588 4340 FsDepends - ok
04:10:47.0608 4340 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:10:47.0628 4340 Fs_Rec - ok
04:10:47.0658 4340 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:10:47.0678 4340 fvevol - ok
04:10:47.0708 4340 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
04:10:47.0718 4340 gagp30kx - ok
04:10:47.0748 4340 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:10:47.0758 4340 GEARAspiWDM - ok
04:10:47.0788 4340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
04:10:47.0848 4340 gpsvc - ok
04:10:47.0868 4340 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:10:47.0918 4340 hcw85cir - ok
04:10:47.0958 4340 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:10:47.0998 4340 HdAudAddService - ok
04:10:48.0028 4340 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:10:48.0058 4340 HDAudBus - ok
04:10:48.0088 4340 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
04:10:48.0118 4340 HidBatt - ok
04:10:48.0138 4340 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
04:10:48.0168 4340 HidBth - ok
04:10:48.0188 4340 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
04:10:48.0208 4340 HidIr - ok
04:10:48.0228 4340 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
04:10:48.0278 4340 hidserv - ok
04:10:48.0338 4340 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:10:48.0348 4340 HidUsb - ok
04:10:48.0368 4340 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:10:48.0428 4340 hkmsvc - ok
04:10:48.0448 4340 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:10:48.0508 4340 HomeGroupListener - ok
04:10:48.0528 4340 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:10:48.0568 4340 HomeGroupProvider - ok
04:10:48.0598 4340 [ 5E626EA93C77825C56E6FBC2FD5E5DE5 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
04:10:48.0618 4340 hotcore3 - ok
04:10:48.0648 4340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:10:48.0668 4340 HpSAMD - ok
04:10:48.0688 4340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:10:48.0768 4340 HTTP - ok
04:10:48.0788 4340 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:10:48.0798 4340 hwpolicy - ok
04:10:48.0828 4340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:10:48.0848 4340 i8042prt - ok
04:10:48.0878 4340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:10:48.0898 4340 iaStorV - ok
04:10:48.0948 4340 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:10:48.0978 4340 idsvc - ok
04:10:49.0008 4340 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
04:10:49.0018 4340 iirsp - ok
04:10:49.0058 4340 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
04:10:49.0118 4340 IKEEXT - ok
04:10:49.0138 4340 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
04:10:49.0158 4340 intelide - ok
04:10:49.0188 4340 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:10:49.0218 4340 intelppm - ok
04:10:49.0238 4340 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:10:49.0288 4340 IPBusEnum - ok
04:10:49.0308 4340 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:10:49.0338 4340 IpFilterDriver - ok
04:10:49.0368 4340 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:10:49.0418 4340 iphlpsvc - ok
04:10:49.0458 4340 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:10:49.0478 4340 IPMIDRV - ok
04:10:49.0488 4340 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:10:49.0528 4340 IPNAT - ok
04:10:49.0568 4340 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:10:49.0598 4340 iPod Service - ok
04:10:49.0618 4340 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:10:49.0638 4340 IRENUM - ok
04:10:49.0658 4340 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:10:49.0668 4340 isapnp - ok
04:10:49.0698 4340 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:10:49.0718 4340 iScsiPrt - ok
04:10:49.0738 4340 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:10:49.0748 4340 kbdclass - ok
04:10:49.0768 4340 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:10:49.0798 4340 kbdhid - ok
04:10:49.0808 4340 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
04:10:49.0828 4340 KeyIso - ok
04:10:49.0848 4340 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:10:49.0868 4340 KSecDD - ok
04:10:49.0888 4340 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:10:49.0908 4340 KSecPkg - ok
04:10:49.0928 4340 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:10:49.0978 4340 ksthunk - ok
04:10:50.0018 4340 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:10:50.0068 4340 KtmRm - ok
04:10:50.0098 4340 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
04:10:50.0148 4340 LanmanServer - ok
04:10:50.0178 4340 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:10:50.0238 4340 LanmanWorkstation - ok
04:10:50.0268 4340 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:10:50.0308 4340 lltdio - ok
04:10:50.0328 4340 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:10:50.0388 4340 lltdsvc - ok
04:10:50.0398 4340 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:10:50.0438 4340 lmhosts - ok
04:10:50.0488 4340 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
04:10:50.0498 4340 LMIGuardianSvc - ok
04:10:50.0508 4340 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
04:10:50.0518 4340 LMIInfo - ok
04:10:50.0538 4340 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
04:10:50.0558 4340 LMIMaint - ok
04:10:50.0568 4340 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
04:10:50.0578 4340 lmimirr - ok
04:10:50.0608 4340 LMIRfsClientNP - ok
04:10:50.0628 4340 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
04:10:50.0638 4340 LMIRfsDriver - ok
04:10:50.0658 4340 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
04:10:50.0688 4340 LogMeIn - ok
04:10:50.0718 4340 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
04:10:50.0738 4340 LSI_FC - ok
04:10:50.0748 4340 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
04:10:50.0768 4340 LSI_SAS - ok
04:10:50.0778 4340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
04:10:50.0798 4340 LSI_SAS2 - ok
04:10:50.0808 4340 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
04:10:50.0828 4340 LSI_SCSI - ok
04:10:50.0848 4340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:10:50.0898 4340 luafv - ok
04:10:50.0938 4340 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:10:50.0948 4340 Mcx2Svc - ok
04:10:50.0958 4340 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
04:10:50.0978 4340 megasas - ok
04:10:51.0008 4340 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
04:10:51.0028 4340 MegaSR - ok
04:10:51.0068 4340 Microsoft SharePoint Workspace Audit Service - ok
04:10:51.0098 4340 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:10:51.0138 4340 MMCSS - ok
04:10:51.0158 4340 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:10:51.0198 4340 Modem - ok
04:10:51.0228 4340 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:10:51.0258 4340 monitor - ok
04:10:51.0278 4340 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:10:51.0298 4340 mouclass - ok
04:10:51.0318 4340 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:10:51.0348 4340 mouhid - ok
04:10:51.0378 4340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:10:51.0388 4340 mountmgr - ok
04:10:51.0418 4340 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
04:10:51.0438 4340 mpio - ok
04:10:51.0458 4340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:10:51.0508 4340 mpsdrv - ok
04:10:51.0548 4340 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
04:10:51.0638 4340 MpsSvc - ok
04:10:51.0678 4340 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:10:51.0718 4340 MRxDAV - ok
04:10:51.0748 4340 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:10:51.0808 4340 mrxsmb - ok
04:10:51.0828 4340 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:10:51.0848 4340 mrxsmb10 - ok
04:10:51.0858 4340 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:10:51.0878 4340 mrxsmb20 - ok
04:10:51.0908 4340 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
04:10:51.0928 4340 msahci - ok
04:10:51.0948 4340 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:10:51.0958 4340 msdsm - ok
04:10:51.0978 4340 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:10:52.0018 4340 MSDTC - ok
04:10:52.0048 4340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:10:52.0078 4340 Msfs - ok
04:10:52.0098 4340 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:10:52.0128 4340 mshidkmdf - ok
04:10:52.0148 4340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:10:52.0158 4340 msisadrv - ok
04:10:52.0198 4340 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:10:52.0258 4340 MSiSCSI - ok
04:10:52.0258 4340 msiserver - ok
04:10:52.0288 4340 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:10:52.0328 4340 MSKSSRV - ok
04:10:52.0358 4340 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:10:52.0458 4340 MSPCLOCK - ok
04:10:52.0488 4340 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:10:52.0548 4340 MSPQM - ok
04:10:52.0568 4340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:10:52.0588 4340 MsRPC - ok
04:10:52.0628 4340 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
04:10:52.0638 4340 mssmbios - ok
04:10:52.0658 4340 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:10:52.0708 4340 MSTEE - ok
04:10:52.0709 4340 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
04:10:52.0759 4340 MTConfig - ok
04:10:52.0779 4340 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:10:52.0789 4340 Mup - ok
04:10:52.0819 4340 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
04:10:52.0869 4340 napagent - ok
04:10:52.0899 4340 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:10:52.0939 4340 NativeWifiP - ok
04:10:53.0019 4340 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120903.017\ENG64.SYS
04:10:53.0039 4340 NAVENG - ok
04:10:53.0109 4340 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120903.017\EX64.SYS
04:10:53.0189 4340 NAVEX15 - ok
04:10:53.0229 4340 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
04:10:53.0279 4340 NDIS - ok
04:10:53.0299 4340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:10:53.0349 4340 NdisCap - ok
04:10:53.0399 4340 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:10:53.0469 4340 NdisTapi - ok
04:10:53.0479 4340 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:10:53.0519 4340 Ndisuio - ok
04:10:53.0549 4340 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:10:53.0599 4340 NdisWan - ok
04:10:53.0619 4340 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:10:53.0659 4340 NDProxy - ok
04:10:53.0679 4340 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:10:53.0729 4340 NetBIOS - ok
04:10:53.0749 4340 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:10:53.0789 4340 NetBT - ok
04:10:53.0799 4340 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
04:10:53.0809 4340 Netlogon - ok
04:10:53.0849 4340 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:10:53.0909 4340 Netman - ok
04:10:53.0939 4340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:53.0969 4340 NetMsmqActivator - ok
04:10:53.0979 4340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:53.0989 4340 NetPipeActivator - ok
04:10:54.0029 4340 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:10:54.0099 4340 netprofm - ok
04:10:54.0119 4340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:54.0129 4340 NetTcpActivator - ok
04:10:54.0139 4340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:54.0149 4340 NetTcpPortSharing - ok
04:10:54.0179 4340 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
04:10:54.0199 4340 nfrd960 - ok
04:10:54.0229 4340 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:10:54.0289 4340 NlaSvc - ok
04:10:54.0299 4340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:10:54.0339 4340 Npfs - ok
04:10:54.0349 4340 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:10:54.0409 4340 nsi - ok
04:10:54.0429 4340 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:10:54.0459 4340 nsiproxy - ok
04:10:54.0529 4340 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:10:54.0589 4340 Ntfs - ok
04:10:54.0609 4340 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:10:54.0649 4340 Null - ok
04:10:54.0669 4340 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:10:54.0679 4340 nvraid - ok
04:10:54.0709 4340 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:10:54.0729 4340 nvstor - ok
04:10:54.0749 4340 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:10:54.0769 4340 nv_agp - ok
04:10:54.0769 4340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:10:54.0789 4340 ohci1394 - ok
04:10:54.0829 4340 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:10:54.0849 4340 ose - ok
04:10:54.0989 4340 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
04:10:55.0139 4340 osppsvc - ok
04:10:55.0179 4340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:10:55.0239 4340 p2pimsvc - ok
04:10:55.0259 4340 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:10:55.0279 4340 p2psvc - ok
04:10:55.0309 4340 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:10:55.0329 4340 Parport - ok
04:10:55.0349 4340 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:10:55.0369 4340 partmgr - ok
04:10:55.0389 4340 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:10:55.0429 4340 PcaSvc - ok
04:10:55.0449 4340 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
04:10:55.0469 4340 pci - ok
04:10:55.0479 4340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
04:10:55.0489 4340 pciide - ok
04:10:55.0509 4340 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
04:10:55.0529 4340 pcmcia - ok
04:10:55.0549 4340 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:10:55.0559 4340 pcw - ok
04:10:55.0589 4340 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:10:55.0659 4340 PEAUTH - ok
04:10:55.0709 4340 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
04:10:55.0799 4340 PeerDistSvc - ok
04:10:55.0849 4340 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:10:55.0869 4340 PerfHost - ok
04:10:55.0919 4340 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
04:10:56.0029 4340 pla - ok
04:10:56.0069 4340 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:10:56.0129 4340 PlugPlay - ok
04:10:56.0149 4340 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:10:56.0179 4340 PNRPAutoReg - ok
04:10:56.0199 4340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:10:56.0209 4340 PNRPsvc - ok
04:10:56.0239 4340 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:10:56.0299 4340 PolicyAgent - ok
04:10:56.0319 4340 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:10:56.0379 4340 Power - ok
04:10:56.0409 4340 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:10:56.0449 4340 PptpMiniport - ok
04:10:56.0469 4340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
04:10:56.0499 4340 Processor - ok
04:10:56.0529 4340 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
04:10:56.0599 4340 ProfSvc - ok
04:10:56.0619 4340 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:10:56.0639 4340 ProtectedStorage - ok
04:10:56.0659 4340 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:10:56.0709 4340 Psched - ok
04:10:56.0739 4340 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
04:10:56.0759 4340 PSI - ok
04:10:56.0809 4340 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
04:10:56.0869 4340 ql2300 - ok
04:10:56.0889 4340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
04:10:56.0899 4340 ql40xx - ok
04:10:56.0929 4340 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:10:56.0949 4340 QWAVE - ok
04:10:56.0959 4340 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:10:56.0989 4340 QWAVEdrv - ok
04:10:57.0019 4340 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:10:57.0069 4340 RasAcd - ok
04:10:57.0099 4340 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:10:57.0149 4340 RasAgileVpn - ok
04:10:57.0179 4340 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:10:57.0229 4340 RasAuto - ok
04:10:57.0259 4340 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:10:57.0309 4340 Rasl2tp - ok
04:10:57.0339 4340 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
04:10:57.0419 4340 RasMan - ok
04:10:57.0449 4340 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:10:57.0499 4340 RasPppoe - ok
04:10:57.0609 4340 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:10:57.0679 4340 RasSstp - ok
04:10:57.0709 4340 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:10:57.0770 4340 rdbss - ok
04:10:57.0790 4340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:10:57.0820 4340 rdpbus - ok
04:10:57.0830 4340 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:10:57.0870 4340 RDPCDD - ok
04:10:57.0900 4340 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
04:10:57.0980 4340 RDPDR - ok
04:10:57.0990 4340 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:10:58.0040 4340 RDPENCDD - ok
04:10:58.0070 4340 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:10:58.0110 4340 RDPREFMP - ok
04:10:58.0130 4340 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:10:58.0160 4340 RDPWD - ok
04:10:58.0190 4340 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:10:58.0210 4340 rdyboost - ok
04:10:58.0230 4340 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:10:58.0280 4340 RemoteAccess - ok
04:10:58.0310 4340 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:10:58.0350 4340 RemoteRegistry - ok
04:10:58.0380 4340 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
04:10:58.0400 4340 Revoflt - ok
04:10:58.0420 4340 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:10:58.0480 4340 RpcEptMapper - ok
04:10:58.0500 4340 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:10:58.0510 4340 RpcLocator - ok
04:10:58.0530 4340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
04:10:58.0570 4340 RpcSs - ok
04:10:58.0600 4340 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:10:58.0650 4340 rspndr - ok
04:10:58.0680 4340 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
04:10:58.0710 4340 s3cap - ok
04:10:58.0730 4340 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
04:10:58.0740 4340 SamSs - ok
04:10:58.0760 4340 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:10:58.0780 4340 sbp2port - ok
04:10:58.0800 4340 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:10:58.0840 4340 SCardSvr - ok
04:10:58.0870 4340 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:10:58.0920 4340 scfilter - ok
04:10:58.0950 4340 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
04:10:59.0020 4340 Schedule - ok
04:10:59.0050 4340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:10:59.0080 4340 SCPolicySvc - ok
04:10:59.0100 4340 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:10:59.0150 4340 SDRSVC - ok
04:10:59.0170 4340 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:10:59.0220 4340 secdrv - ok
04:10:59.0240 4340 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
04:10:59.0280 4340 seclogon - ok
04:10:59.0310 4340 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
04:10:59.0370 4340 Secunia PSI Agent - ok
04:10:59.0390 4340 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
04:10:59.0430 4340 Secunia Update Agent - ok
04:10:59.0460 4340 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
04:10:59.0510 4340 SENS - ok
04:10:59.0520 4340 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:10:59.0640 4340 SensrSvc - ok
04:10:59.0700 4340 [ 74885BDFF62E537F268EBF8E8CEC24BB ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
04:10:59.0710 4340 SepMasterService - ok
04:10:59.0720 4340 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:10:59.0740 4340 Serenum - ok
04:10:59.0770 4340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:10:59.0800 4340 Serial - ok
04:10:59.0820 4340 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
04:10:59.0850 4340 sermouse - ok
04:10:59.0890 4340 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
04:10:59.0930 4340 SessionEnv - ok
04:10:59.0970 4340 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:10:59.0990 4340 sffdisk - ok
04:11:00.0010 4340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:11:00.0040 4340 sffp_mmc - ok
04:11:00.0060 4340 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:11:00.0090 4340 sffp_sd - ok
04:11:00.0110 4340 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
04:11:00.0140 4340 sfloppy - ok
04:11:00.0160 4340 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:11:00.0200 4340 SharedAccess - ok
04:11:00.0220 4340 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:11:00.0280 4340 ShellHWDetection - ok
04:11:00.0310 4340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
04:11:00.0330 4340 SiSRaid2 - ok
04:11:00.0340 4340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
04:11:00.0350 4340 SiSRaid4 - ok
04:11:00.0380 4340 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
04:11:00.0400 4340 SkypeUpdate - ok
04:11:00.0420 4340 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:11:00.0470 4340 Smb - ok
04:11:00.0550 4340 [ B8EF6F1FAFBE89E24E152907605E7A25 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
04:11:00.0650 4340 SmcService - ok
04:11:00.0680 4340 [ 89733DCC3817455FBC3AB4A3C19EE765 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
04:11:00.0690 4340 SNAC - ok
04:11:00.0710 4340 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:11:00.0750 4340 SNMPTRAP - ok
04:11:00.0760 4340 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:11:00.0770 4340 spldr - ok
04:11:00.0800 4340 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
04:11:00.0850 4340 Spooler - ok
04:11:00.0930 4340 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
04:11:01.0070 4340 sppsvc - ok
04:11:01.0090 4340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:11:01.0130 4340 sppuinotify - ok
04:11:01.0180 4340 [ 48FD53FED3C81726001E438A2201E9FF ] SRTSP C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS
04:11:01.0200 4340 SRTSP - ok
04:11:01.0210 4340 [ 63199A936D9BDEA578DFB8F5E9A40095 ] SRTSPX C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS
04:11:01.0230 4340 SRTSPX - ok
04:11:01.0260 4340 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
04:11:01.0320 4340 srv - ok
04:11:01.0340 4340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:11:01.0370 4340 srv2 - ok
04:11:01.0400 4340 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:11:01.0420 4340 srvnet - ok
04:11:01.0440 4340 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:11:01.0490 4340 SSDPSRV - ok
04:11:01.0510 4340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:11:01.0550 4340 SstpSvc - ok
04:11:01.0570 4340 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
04:11:01.0580 4340 stexstor - ok
04:11:01.0620 4340 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
04:11:01.0650 4340 stisvc - ok
04:11:01.0680 4340 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
04:11:01.0700 4340 storflt - ok
04:11:01.0720 4340 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
04:11:01.0770 4340 StorSvc - ok
04:11:01.0790 4340 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
04:11:01.0810 4340 storvsc - ok
04:11:01.0820 4340 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
04:11:01.0840 4340 swenum - ok
04:11:01.0860 4340 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:11:01.0950 4340 swprv - ok
04:11:01.0980 4340 [ F017987B177F7BBC989318D59309D091 ] SymDS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS
04:11:02.0010 4340 SymDS - ok
04:11:02.0040 4340 [ E7F25D768EE0CDF69D8B752398C262BB ] SymEFA C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS
04:11:02.0080 4340 SymEFA - ok
04:11:02.0120 4340 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
04:11:02.0140 4340 SymEvent - ok
04:11:02.0150 4340 [ 1611FA7A95A48387DF22757FA81B46A9 ] SymIRON C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS
04:11:02.0170 4340 SymIRON - ok
04:11:02.0190 4340 [ D41557715C1C792D1391DB5AA81A00DF ] SYMNETS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS
04:11:02.0210 4340 SYMNETS - ok
04:11:02.0260 4340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
04:11:02.0340 4340 SysMain - ok
04:11:02.0370 4340 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:11:02.0390 4340 TabletInputService - ok
04:11:02.0410 4340 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:11:02.0470 4340 TapiSrv - ok
04:11:02.0490 4340 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:11:02.0530 4340 TBS - ok
04:11:02.0580 4340 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:11:02.0650 4340 Tcpip - ok
04:11:02.0770 4340 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:11:02.0810 4340 TCPIP6 - ok
04:11:02.0820 4340 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:11:02.0880 4340 tcpipreg - ok
04:11:02.0900 4340 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:11:02.0920 4340 TDPIPE - ok
04:11:02.0930 4340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:11:02.0960 4340 TDTCP - ok
04:11:02.0990 4340 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:11:03.0030 4340 tdx - ok
04:11:03.0040 4340 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
04:11:03.0060 4340 TermDD - ok
04:11:03.0090 4340 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
04:11:03.0150 4340 TermService - ok
04:11:03.0170 4340 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:11:03.0190 4340 Themes - ok
04:11:03.0210 4340 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:11:03.0250 4340 THREADORDER - ok
04:11:03.0280 4340 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:11:03.0330 4340 TrkWks - ok
04:11:03.0370 4340 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
04:11:03.0390 4340 truecrypt - ok
04:11:03.0440 4340 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:11:03.0490 4340 TrustedInstaller - ok
04:11:03.0510 4340 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:11:03.0560 4340 tssecsrv - ok
04:11:03.0610 4340 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:11:03.0640 4340 TsUsbFlt - ok
04:11:03.0650 4340 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
04:11:03.0660 4340 TsUsbGD - ok
04:11:03.0680 4340 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:11:03.0730 4340 tunnel - ok
04:11:03.0740 4340 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
04:11:03.0760 4340 uagp35 - ok
04:11:03.0780 4340 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:11:03.0830 4340 udfs - ok
04:11:03.0860 4340 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:11:03.0880 4340 UI0Detect - ok
04:11:03.0920 4340 [ 70771E2B8EB3CDE389906463BCD5E675 ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
04:11:03.0940 4340 UimBus - ok
04:11:03.0950 4340 [ 5D5988D94378C92F0365BF505E7C5475 ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
04:11:03.0980 4340 Uim_IM - ok
04:11:04.0000 4340 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:11:04.0020 4340 uliagpkx - ok
04:11:04.0040 4340 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:11:04.0070 4340 umbus - ok
04:11:04.0090 4340 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
04:11:04.0110 4340 UmPass - ok
04:11:04.0140 4340 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
04:11:04.0170 4340 UmRdpService - ok
04:11:04.0210 4340 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:11:04.0280 4340 upnphost - ok
04:11:04.0320 4340 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
04:11:04.0350 4340 usbaudio - ok
04:11:04.0380 4340 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:11:04.0430 4340 usbccgp - ok
04:11:04.0470 4340 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:11:04.0480 4340 usbcir - ok
04:11:04.0500 4340 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:11:04.0530 4340 usbehci - ok
04:11:04.0560 4340 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:11:04.0590 4340 usbhub - ok
04:11:04.0610 4340 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:11:04.0640 4340 usbohci - ok
04:11:04.0670 4340 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
04:11:04.0700 4340 usbprint - ok
04:11:04.0720 4340 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:11:04.0760 4340 USBSTOR - ok
04:11:04.0780 4340 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:11:04.0810 4340 usbuhci - ok
04:11:04.0830 4340 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
04:11:04.0890 4340 UxSms - ok
04:11:04.0900 4340 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
04:11:04.0920 4340 VaultSvc - ok
04:11:04.0950 4340 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
04:11:04.0960 4340 vdrvroot - ok
04:11:04.0980 4340 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
04:11:05.0040 4340 vds - ok
04:11:05.0070 4340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:11:05.0080 4340 vga - ok
04:11:05.0100 4340 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
04:11:05.0150 4340 VgaSave - ok
04:11:05.0170 4340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
04:11:05.0190 4340 vhdmp - ok
04:11:05.0210 4340 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
04:11:05.0230 4340 viaide - ok
04:11:05.0240 4340 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
04:11:05.0260 4340 vmbus - ok
04:11:05.0270 4340 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
04:11:05.0300 4340 VMBusHID - ok
04:11:05.0310 4340 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:11:05.0330 4340 volmgr - ok
04:11:05.0340 4340 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:11:05.0360 4340 volmgrx - ok
04:11:05.0390 4340 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:11:05.0410 4340 volsnap - ok
04:11:05.0430 4340 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
04:11:05.0440 4340 vsmraid - ok
04:11:05.0490 4340 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
04:11:05.0580 4340 VSS - ok
04:11:05.0600 4340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
04:11:05.0630 4340 vwifibus - ok
04:11:05.0660 4340 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
04:11:05.0710 4340 W32Time - ok
04:11:05.0730 4340 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
04:11:05.0760 4340 WacomPen - ok
04:11:05.0800 4340 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:11:05.0850 4340 WANARP - ok
04:11:05.0850 4340 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:11:05.0890 4340 Wanarpv6 - ok
04:11:05.0970 4340 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
04:11:06.0010 4340 WatAdminSvc - ok
04:11:06.0050 4340 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
04:11:06.0150 4340 wbengine - ok
04:11:06.0160 4340 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:11:06.0190 4340 WbioSrvc - ok
04:11:06.0200 4340 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:11:06.0250 4340 wcncsvc - ok
04:11:06.0260 4340 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:11:06.0300 4340 WcsPlugInService - ok
04:11:06.0330 4340 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
04:11:06.0340 4340 Wd - ok
04:11:06.0360 4340 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:11:06.0400 4340 Wdf01000 - ok
04:11:06.0410 4340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:11:06.0490 4340 WdiServiceHost - ok
04:11:06.0500 4340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:11:06.0520 4340 WdiSystemHost - ok
04:11:06.0540 4340 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
04:11:06.0570 4340 WebClient - ok
04:11:06.0590 4340 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:11:06.0650 4340 Wecsvc - ok
04:11:06.0670 4340 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:11:06.0710 4340 wercplsupport - ok
04:11:06.0730 4340 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
04:11:06.0780 4340 WerSvc - ok
04:11:06.0810 4340 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:11:06.0840 4340 WfpLwf - ok
04:11:06.0860 4340 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:11:06.0870 4340 WIMMount - ok
04:11:06.0890 4340 WinDefend - ok
04:11:06.0900 4340 WinHttpAutoProxySvc - ok
04:11:06.0950 4340 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:11:07.0000 4340 Winmgmt - ok
04:11:07.0060 4340 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
04:11:07.0150 4340 WinRM - ok
04:11:07.0280 4340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
04:11:07.0330 4340 Wlansvc - ok
04:11:07.0360 4340 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
04:11:07.0390 4340 WmiAcpi - ok
04:11:07.0420 4340 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:11:07.0470 4340 wmiApSrv - ok
04:11:07.0500 4340 WMPNetworkSvc - ok
04:11:07.0520 4340 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:11:07.0540 4340 WPCSvc - ok
04:11:07.0590 4340 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:11:07.0630 4340 WPDBusEnum - ok
04:11:07.0660 4340 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:11:07.0720 4340 ws2ifsl - ok
04:11:07.0750 4340 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
04:11:07.0850 4340 wscsvc - ok
04:11:07.0850 4340 WSearch - ok
04:11:07.0930 4340 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:11:08.0040 4340 wuauserv - ok
04:11:08.0060 4340 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:11:08.0110 4340 WudfPf - ok
04:11:08.0140 4340 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:11:08.0180 4340 WUDFRd - ok
04:11:08.0200 4340 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:11:08.0230 4340 wudfsvc - ok
04:11:08.0240 4340 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
04:11:08.0280 4340 WwanSvc - ok
04:11:08.0300 4340 ================ Scan global ===============================
04:11:08.0320 4340 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:11:08.0340 4340 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
04:11:08.0350 4340 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
04:11:08.0370 4340 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:11:08.0390 4340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:11:08.0400 4340 [Global] - ok
04:11:08.0400 4340 ================ Scan MBR ==================================
04:11:08.0410 4340 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:11:08.0650 4340 \Device\Harddisk0\DR0 - ok
04:11:08.0650 4340 ================ Scan VBR ==================================
04:11:08.0670 4340 [ 215A37C4C4160C2E2F6E3055ABAA0F55 ] \Device\Harddisk0\DR0\Partition1
04:11:08.0670 4340 \Device\Harddisk0\DR0\Partition1 - ok
04:11:08.0690 4340 [ 05F484B9822AF15667F78980B537C5D9 ] \Device\Harddisk0\DR0\Partition2
04:11:08.0700 4340 \Device\Harddisk0\DR0\Partition2 - ok
04:11:08.0710 4340 [ 814FCC26D50EF4007B063AA42D270B04 ] \Device\Harddisk0\DR0\Partition3
04:11:08.0720 4340 \Device\Harddisk0\DR0\Partition3 - ok
04:11:08.0730 4340 [ 717F05E27B04ECA75E5346132EB5B94C ] \Device\Harddisk0\DR0\Partition4
04:11:08.0731 4340 \Device\Harddisk0\DR0\Partition4 - ok
04:11:08.0731 4340 ============================================================04:11:08.0731 4340 Scan finished
04:11:08.0731 4340 ============================================================
04:11:08.0751 6228 Detected object count: 0
04:11:08.0751 6228 Actual detected object count: 0

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 03 September 2012 - 09:33 PM

Greetings JayoBayo,

Thank you for the screen shot. It appears Kaspersky recently modified their program.

Thus far I am not finding any evidence of malicious software on your computer. Let's run Malwarebytes and ESET online scanner to see if anything is picked up.

Please do this.


===================================================


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • MBAM results
  • ESET results
  • Are you noticing any current issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 JayoBayo

JayoBayo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 04 September 2012 - 04:25 AM

Gary,

The ESET scan came up with no threats found, so I have no report.
The MBAM log is below.
I have no current issues.

MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
csc :: HUM-28 [administrator]

04/09/2012 5:01:05
mbam-log-2012-09-04 (05-01-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 434439
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 04 September 2012 - 09:04 AM

Greetings JayoBayo,

I can't tell you how it is that someone has obtained your personal information but what I can tell you there is no evidence on your computer it was obtained through conduit of malicious software.

Having said that and your reporting of no issues with your computer I am pleased to let you know the Good News!


===================================================


All Clean

--------------

Your machine appears to be clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Please read the following in order to prevent reinfecting your PC:

  • Install and update the following programs regularly:

    • Outbound firewall.
      If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!

    • I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    • Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well

    • Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine
    .
  • Stay up to date!

    • The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
    • In order to provide an example of these vulnerabilities it would be well worth your time to read an article and view a short video by Sophos Lab detailing how Adobe Acrobat can be compromised. This information provides a window into the complex nature of malicious software and the efforts to combat it. Your part is simply installing the hard work done by others to try to keep your computer clean.
Some more links you might find of interest:


We will leave this topic open for just a few days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. Posted Image
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 JayoBayo

JayoBayo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 04 September 2012 - 05:03 PM

Dear Gary,

Thank you so much for your help! With your incredible help, I know the computer is clean!!!!!!
If I can ever repay you in some way, just let me know.

Sincerely,

Jonathan

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 04 September 2012 - 07:18 PM

Jonathan,

Thank you for your kind words. That is more than sufficient payment. It was my pleasure to help you and I thank you for being a great partner!

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:50 AM

Posted 06 September 2012 - 02:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users