Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another winrscmde infection


  • Please log in to reply
8 replies to this topic

#1 G Bennett

G Bennett

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 03 October 2012 - 12:24 PM

I saw in another post that the first step was to run some programs and post the logs to try to get rid of this pesky trojan, so here they are :)

Checkup

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Treasure Seekers: Follow the Ghosts
Java™ 6 Update 29
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


FSS

Farbar Service Scanner Version: 19-09-2012
Ran by Jerry (administrator) on 03-10-2012 at 12:08:23
Running from "C:\Users\Jerry\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2011-07-30 04:04] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 13:08] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 00:58] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 05:53] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2011-07-30 04:04] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2011-07-30 04:04] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2011-07-30 04:02] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2011-07-30 04:02] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2011-07-30 04:02] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2011-07-30 04:04] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2011-07-30 04:04] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 03:30] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-07-30 04:04] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****


Mini tool box

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jerry (administrator) on 03-10-2012 at 12:11:04
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= IP Configuration: ================================

Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Disconnected)
Realtek 8185 Extensible Wireless Device = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.101 metric=1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jerry-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : buffalo.rr.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : buffalo.rr.com
Description . . . . . . . . . . . : Realtek 8185 Extensible Wireless Device
Physical Address. . . . . . . . . : 00-06-4F-80-B5-9F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a4d6:9e3a:a186:ebee%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 03, 2012 10:39:38 AM
Lease Expires . . . . . . . . . . : Thursday, October 04, 2012 10:39:38 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167773775
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-C2-C0-46-00-22-68-67-EA-04
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : buffalo.rr.com
Description . . . . . . . . . . . : isatap.buffalo.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4004:801::100e
74.125.228.67
74.125.228.68
74.125.228.69
74.125.228.70
74.125.228.71
74.125.228.72
74.125.228.73
74.125.228.78
74.125.228.64
74.125.228.65
74.125.228.66


Pinging google.com [74.125.228.64] with 32 bytes of data:
Reply from 74.125.228.64: bytes=32 time=38ms TTL=50
Reply from 74.125.228.64: bytes=32 time=38ms TTL=50

Ping statistics for 74.125.228.64:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 38ms, Average = 38ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1263ms TTL=52
Request timed out.

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 1263ms, Maximum = 1263ms, Average = 1263ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10 ...00 06 4f 80 b5 9f ...... Realtek 8185 Extensible Wireless Device
1 ........................... Software Loopback Interface 1
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.buffalo.rr.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.120 26
192.168.1.0 255.255.255.0 On-link 192.168.1.120 281
192.168.1.120 255.255.255.255 On-link 192.168.1.120 281
192.168.1.255 255.255.255.255 On-link 192.168.1.120 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.101 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::a4d6:9e3a:a186:ebee/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/03/2012 00:11:20 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x1598, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:11:07 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x11c8, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:10:54 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x120, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:10:40 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x16a4, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:10:26 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0xdbc, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:10:12 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0xaa8, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:09:59 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x141c, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:09:46 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x4b4, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:09:32 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x1410, application start time 0xsvchost.exe0.

Error: (10/03/2012 00:09:18 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x1464, application start time 0xsvchost.exe0.


System errors:
=============
Error: (10/03/2012 11:31:55 AM) (Source: DCOM) (User: )
Description: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (10/03/2012 10:40:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/03/2012 10:39:33 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Quicken PDF Printer with shared resource name Quicken PDF Printer. Error 2114. The printer cannot be used by others on the network.

Error: (10/03/2012 04:20:32 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/03/2012 03:11:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/02/2012 01:23:18 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/02/2012 00:07:39 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/02/2012 04:35:31 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/02/2012 04:04:14 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/01/2012 01:19:20 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Agent2Client
AMD APP SDK Runtime (Version: 2.5.684.213)
AMD Fuel (Version: 2011.0707.2346.40825)
Apple Mobile Device Support (Version: 6.0.0.59)
ATI Catalyst Install Manager (Version: 3.0.833.0)
Bonjour (Version: 3.0.0.10)
Canon MP620 series MP Drivers
ccc-utility64 (Version: 2011.0707.2346.40825)
Dropbox (Version: 1.4.7)
Google Chrome (Version: 22.0.1229.79)
iTunes (Version: 10.7.0.21)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
NVIDIA Drivers
SmartFTP Client (Version: 3.0.1039.0)
ToolkitCMA
Web Optimizer (Version: 2.0.0.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057) (Version: 03/21/2009 6.0.64.0057)

========================= Devices: ================================

Name: isatap.{69205E55-BF50-4A15-A512-6D8AEE36DD8D}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 7934.26 MB
Available physical RAM: 5309.4 MB
Total Pagefile: 16065.02 MB
Available Pagefile: 13348.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.3 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:704.9 GB) NTFS
2 Drive d: () (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JERRY-PC

Administrator Guest Jerry


**** End of log ****


Mbam

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jerry :: JERRY-PC [administrator]

Protection: Enabled

10/3/2012 12:15:51 PM
mbam-log-2012-10-03 (12-15-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213529
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4732 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7472076-FF9D-4325-8EAF-613572008758} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


and finally ASW

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-03 12:29:16
-----------------------------
12:29:16.619 OS Version: Windows x64 6.0.6002 Service Pack 2
12:29:16.619 Number of processors: 4 586 0x203
12:29:16.619 ComputerName: JERRY-PC UserName: Jerry
12:29:20.160 Initialize success
12:30:43.151 AVAST engine defs: 12100301
12:30:56.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:30:56.364 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
12:30:56.364 Device \Driver\atapi -> MajorFunction fffffa8009cfd5e8
12:30:56.380 Disk 0 MBR read successfully
12:30:56.380 Disk 0 MBR scan
12:30:56.380 Disk 0 unknown MBR code
12:30:56.380 Disk 0 MBR hidden
12:30:56.395 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE 0 MB offset 40
12:30:56.395 Disk 0 Partition 1 **INFECTED** MBR:Pihar-D [Rtk]
12:30:56.411 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
12:30:56.426 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938861 MB offset 30734336
12:30:56.458 Disk 0 scanning C:\Windows\system32\drivers
12:31:05.381 Service scanning
12:31:32.790 Modules scanning
12:31:32.790 Disk 0 trace - called modules:
12:31:32.790 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8009cfd5e8]<<hal.dll
12:31:32.806 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b7f790]
12:31:32.806 3 CLASSPNP.SYS[fffffa6000fc9c33] -> nt!IofCallDriver -> [0xfffffa8007bb7520]
12:31:32.806 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007bb3940]
12:31:32.806 \Driver\atapi[0xfffffa80069f7db0] -> IRP_MJ_CREATE -> 0xfffffa8009cfd5e8
12:31:35.660 AVAST engine scan C:\Windows
12:31:43.398 AVAST engine scan C:\Windows\system32
12:38:47.235 AVAST engine scan C:\Windows\system32\drivers
12:41:05.499 AVAST engine scan C:\Users\Jerry
12:54:58.279 AVAST engine scan C:\ProgramData
13:00:12.074 File: C:\ProgramData\Microsoft\Windows\DRM\63C8.tmp.dat **INFECTED** Win32:Alureon-AUY [Trj]
13:00:12.136 File: C:\ProgramData\Microsoft\Windows\DRM\8574.tmp.dat **INFECTED** Win32:Alureon-AUQ [Trj]
13:03:42.799 Scan finished successfully
13:04:05.372 Disk 0 MBR has been saved successfully to "C:\Users\Jerry\Desktop\MBR.dat"
13:04:05.372 The log file has been saved successfully to "C:\Users\Jerry\Desktop\aswMBR.txt"


Those are long :P

Thanks in advance for help with removing this.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:59 AM

Posted 03 October 2012 - 01:14 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 G Bennett

G Bennett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 04 October 2012 - 09:40 AM

ESET

:\ProgramData\Microsoft\Windows\DRM\63C8.tmp.dat a variant of Win32/Kryptik.AJUZ trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\8574.tmp.dat Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_02.57.25\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_02.57.25\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.10.2012_02.57.25\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbgddddidigcgbdhddgcdedbdade\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbgddddidigcgbdhddgcdedbdade\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Jerry\AppData\LocalLow\DictionaryBossEI\Installr\Cache\001A7609.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined


TDSSkiller

03:08:55.0053 3824 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
03:08:55.0319 3824 ============================================================
03:08:55.0319 3824 Current date / time: 2012/10/04 03:08:55.0319
03:08:55.0319 3824 SystemInfo:
03:08:55.0319 3824
03:08:55.0319 3824 OS Version: 6.0.6002 ServicePack: 2.0
03:08:55.0319 3824 Product type: Workstation
03:08:55.0319 3824 ComputerName: JERRY-PC
03:08:55.0319 3824 UserName: Jerry
03:08:55.0319 3824 Windows directory: C:\Windows
03:08:55.0319 3824 System windows directory: C:\Windows
03:08:55.0319 3824 Running under WOW64
03:08:55.0319 3824 Processor architecture: Intel x64
03:08:55.0319 3824 Number of processors: 4
03:08:55.0319 3824 Page size: 0x1000
03:08:55.0319 3824 Boot type: Normal boot
03:08:55.0319 3824 ============================================================
03:08:59.0827 3824 BG loaded
03:09:00.0217 3824 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:09:00.0248 3824 ============================================================
03:09:00.0248 3824 \Device\Harddisk0\DR0:
03:09:00.0248 3824 MBR partitions:
03:09:00.0248 3824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x729B6800
03:09:00.0248 3824 ============================================================
03:09:00.0264 3824 C: <-> \Device\Harddisk0\DR0\Partition1
03:09:00.0264 3824 ============================================================
03:09:00.0264 3824 Initialize success
03:09:00.0264 3824 ============================================================
03:09:05.0960 3448 ============================================================
03:09:05.0960 3448 Scan started
03:09:05.0960 3448 Mode: Manual;
03:09:05.0960 3448 ============================================================
03:09:06.0974 3448 ================ Scan system memory ========================
03:09:06.0974 3448 System memory - ok
03:09:06.0974 3448 ================ Scan services =============================
03:09:07.0442 3448 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
03:09:07.0489 3448 ACPI - ok
03:09:07.0833 3448 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
03:09:07.0833 3448 AdobeActiveFileMonitor5.0 - ok
03:09:07.0958 3448 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
03:09:07.0958 3448 AdobeActiveFileMonitor7.0 - ok
03:09:08.0441 3448 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:09:08.0472 3448 AdobeFlashPlayerUpdateSvc - ok
03:09:08.0738 3448 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:09:08.0769 3448 adp94xx - ok
03:09:08.0785 3448 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:09:08.0832 3448 adpahci - ok
03:09:08.0863 3448 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
03:09:08.0863 3448 adpu160m - ok
03:09:08.0973 3448 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:09:08.0988 3448 adpu320 - ok
03:09:09.0066 3448 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:09:09.0066 3448 AeLookupSvc - ok
03:09:09.0253 3448 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
03:09:09.0253 3448 AFD - ok
03:09:09.0316 3448 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
03:09:09.0316 3448 AgereModemAudio - ok
03:09:09.0519 3448 [ 385471F8147E1BD6A08C031E3AAD3910 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
03:09:09.0534 3448 AgereSoftModem - ok
03:09:09.0628 3448 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:09:09.0643 3448 agp440 - ok
03:09:09.0831 3448 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
03:09:09.0877 3448 ahcix64s - ok
03:09:09.0971 3448 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
03:09:09.0971 3448 aic78xx - ok
03:09:10.0018 3448 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
03:09:10.0642 3448 ALG - ok
03:09:10.0767 3448 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
03:09:10.0782 3448 aliide - ok
03:09:10.0907 3448 [ 0BDE3222789749571C3D706F0181203D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:09:10.0907 3448 AMD External Events Utility - ok
03:09:11.0157 3448 AMD FUEL Service - ok
03:09:11.0235 3448 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
03:09:11.0313 3448 amdide - ok
03:09:11.0422 3448 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
03:09:11.0422 3448 amdiox64 - ok
03:09:11.0515 3448 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:09:11.0562 3448 AmdK8 - ok
03:09:15.0181 3448 [ 75BBD04F450CE109031A215FD4EC667A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:09:15.0275 3448 amdkmdag - ok
03:09:15.0571 3448 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:09:15.0571 3448 amdkmdap - ok
03:09:15.0852 3448 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
03:09:15.0852 3448 Appinfo - ok
03:09:16.0398 3448 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:09:16.0492 3448 Apple Mobile Device - ok
03:09:16.0539 3448 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
03:09:16.0570 3448 arc - ok
03:09:16.0663 3448 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:09:16.0726 3448 arcsas - ok
03:09:16.0804 3448 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:09:16.0835 3448 AsyncMac - ok
03:09:16.0882 3448 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
03:09:16.0882 3448 atapi - ok
03:09:20.0797 3448 [ 75BBD04F450CE109031A215FD4EC667A ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:09:20.0891 3448 atikmdag - ok
03:09:20.0938 3448 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
03:09:20.0969 3448 AtiPcie - ok
03:09:21.0172 3448 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:09:21.0187 3448 AudioEndpointBuilder - ok
03:09:21.0234 3448 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:09:21.0250 3448 AudioSrv - ok
03:09:21.0390 3448 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
03:09:21.0390 3448 BFE - ok
03:09:22.0810 3448 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
03:09:22.0825 3448 BHDrvx64 - ok
03:09:23.0153 3448 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
03:09:25.0009 3448 BITS - ok
03:09:25.0025 3448 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
03:09:25.0041 3448 blbdrive - ok
03:09:25.0259 3448 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:09:25.0259 3448 Bonjour Service - ok
03:09:25.0306 3448 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:09:25.0306 3448 bowser - ok
03:09:25.0368 3448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
03:09:25.0384 3448 BrFiltLo - ok
03:09:25.0415 3448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
03:09:25.0431 3448 BrFiltUp - ok
03:09:25.0509 3448 [ 71142FA02068CB93C9319417737C915D ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
03:09:25.0524 3448 Bridge - ok
03:09:25.0587 3448 [ 71142FA02068CB93C9319417737C915D ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
03:09:25.0587 3448 BridgeMP - ok
03:09:25.0665 3448 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
03:09:25.0680 3448 Browser - ok
03:09:25.0743 3448 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
03:09:25.0774 3448 Brserid - ok
03:09:25.0821 3448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
03:09:25.0852 3448 BrSerWdm - ok
03:09:25.0883 3448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
03:09:25.0899 3448 BrUsbMdm - ok
03:09:25.0914 3448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
03:09:25.0930 3448 BrUsbSer - ok
03:09:25.0992 3448 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:09:26.0023 3448 BTHMODEM - ok
03:09:26.0289 3448 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
03:09:26.0289 3448 ccSet_NIS - ok
03:09:26.0320 3448 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:09:26.0320 3448 cdfs - ok
03:09:26.0398 3448 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:09:26.0398 3448 cdrom - ok
03:09:26.0476 3448 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
03:09:26.0476 3448 CertPropSvc - ok
03:09:26.0507 3448 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
03:09:26.0507 3448 circlass - ok
03:09:26.0569 3448 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
03:09:26.0585 3448 CLFS - ok
03:09:26.0757 3448 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:09:26.0803 3448 clr_optimization_v2.0.50727_32 - ok
03:09:26.0975 3448 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:09:26.0991 3448 clr_optimization_v2.0.50727_64 - ok
03:09:27.0303 3448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:09:27.0739 3448 clr_optimization_v4.0.30319_32 - ok
03:09:28.0285 3448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:09:28.0426 3448 clr_optimization_v4.0.30319_64 - ok
03:09:28.0488 3448 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:09:28.0504 3448 cmdide - ok
03:09:28.0504 3448 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:09:28.0519 3448 Compbatt - ok
03:09:28.0519 3448 COMSysApp - ok
03:09:28.0551 3448 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:09:28.0597 3448 crcdisk - ok
03:09:28.0707 3448 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:09:29.0409 3448 CryptSvc - ok
03:09:29.0627 3448 [ 53C879266EFA8D2FA54B99841392DFAF ] cxpl_mhd C:\Windows\system32\drivers\y_cx88x.sys
03:09:29.0643 3448 cxpl_mhd - ok
03:09:29.0845 3448 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
03:09:29.0845 3448 DcomLaunch - ok
03:09:30.0001 3448 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:09:30.0001 3448 DfsC - ok
03:09:30.0750 3448 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
03:09:32.0092 3448 DFSR - ok
03:09:32.0373 3448 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
03:09:32.0373 3448 Dhcp - ok
03:09:32.0435 3448 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
03:09:32.0497 3448 disk - ok
03:09:32.0591 3448 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:09:32.0591 3448 Dnscache - ok
03:09:32.0653 3448 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
03:09:32.0653 3448 dot3svc - ok
03:09:32.0778 3448 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
03:09:32.0778 3448 DPS - ok
03:09:32.0950 3448 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:09:33.0043 3448 drmkaud - ok
03:09:33.0371 3448 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:09:33.0387 3448 DXGKrnl - ok
03:09:33.0543 3448 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
03:09:33.0621 3448 E1G60 - ok
03:09:33.0745 3448 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
03:09:33.0745 3448 EapHost - ok
03:09:33.0901 3448 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
03:09:34.0026 3448 Ecache - ok
03:09:34.0338 3448 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
03:09:34.0338 3448 eeCtrl - ok
03:09:34.0447 3448 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:09:34.0447 3448 ehRecvr - ok
03:09:34.0479 3448 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
03:09:34.0479 3448 ehSched - ok
03:09:34.0525 3448 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
03:09:34.0525 3448 ehstart - ok
03:09:34.0557 3448 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:09:34.0572 3448 elxstor - ok
03:09:34.0697 3448 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
03:09:34.0697 3448 EMDMgmt - ok
03:09:34.0806 3448 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:09:34.0806 3448 EraserUtilRebootDrv - ok
03:09:34.0931 3448 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:09:34.0962 3448 ErrDev - ok
03:09:35.0056 3448 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
03:09:35.0056 3448 EventSystem - ok
03:09:35.0118 3448 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
03:09:35.0134 3448 exfat - ok
03:09:35.0212 3448 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:09:35.0337 3448 fastfat - ok
03:09:35.0368 3448 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:09:35.0399 3448 fdc - ok
03:09:35.0477 3448 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
03:09:35.0477 3448 fdPHost - ok
03:09:35.0524 3448 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
03:09:35.0524 3448 FDResPub - ok
03:09:35.0539 3448 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:09:35.0555 3448 FileInfo - ok
03:09:35.0586 3448 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:09:35.0617 3448 Filetrace - ok
03:09:35.0898 3448 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:09:36.0539 3448 FLEXnet Licensing Service - ok
03:09:36.0601 3448 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:09:36.0664 3448 flpydisk - ok
03:09:36.0773 3448 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:09:36.0788 3448 FltMgr - ok
03:09:37.0303 3448 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
03:09:38.0130 3448 FontCache - ok
03:09:38.0317 3448 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:09:38.0333 3448 FontCache3.0.0.0 - ok
03:09:38.0520 3448 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:09:38.0520 3448 Fs_Rec - ok
03:09:38.0582 3448 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:09:38.0660 3448 gagp30kx - ok
03:09:39.0066 3448 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
03:09:39.0347 3448 GameConsoleService - ok
03:09:39.0425 3448 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:09:39.0425 3448 GEARAspiWDM - ok
03:09:39.0737 3448 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
03:09:39.0752 3448 gpsvc - ok
03:09:39.0986 3448 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:09:39.0986 3448 gupdate - ok
03:09:40.0220 3448 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:09:40.0220 3448 gupdatem - ok
03:09:40.0517 3448 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:09:40.0844 3448 gusvc - ok
03:09:41.0063 3448 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:09:41.0234 3448 HdAudAddService - ok
03:09:41.0437 3448 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:09:41.0453 3448 HDAudBus - ok
03:09:41.0500 3448 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:09:41.0546 3448 HidBth - ok
03:09:41.0609 3448 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
03:09:41.0609 3448 HidIr - ok
03:09:41.0656 3448 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
03:09:41.0656 3448 hidserv - ok
03:09:41.0671 3448 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:09:41.0671 3448 HidUsb - ok
03:09:41.0734 3448 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
03:09:41.0734 3448 hkmsvc - ok
03:09:41.0827 3448 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
03:09:41.0843 3448 HpCISSs - ok
03:09:42.0108 3448 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:09:42.0124 3448 HTTP - ok
03:09:42.0155 3448 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
03:09:42.0170 3448 i2omp - ok
03:09:42.0280 3448 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:09:42.0280 3448 i8042prt - ok
03:09:42.0373 3448 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
03:09:42.0420 3448 iaStorV - ok
03:09:42.0982 3448 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:09:43.0200 3448 idsvc - ok
03:09:43.0434 3448 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121002.001\IDSvia64.sys
03:09:43.0434 3448 IDSVia64 - ok
03:09:43.0481 3448 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:09:43.0496 3448 iirsp - ok
03:09:43.0621 3448 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
03:09:43.0637 3448 IKEEXT - ok
03:09:44.0230 3448 [ 88798B4381FD58FAE2DA07880C177C5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:09:44.0261 3448 IntcAzAudAddService - ok
03:09:44.0292 3448 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
03:09:44.0308 3448 intelide - ok
03:09:44.0339 3448 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:09:44.0339 3448 intelppm - ok
03:09:44.0432 3448 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:09:44.0432 3448 IPBusEnum - ok
03:09:44.0448 3448 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:09:44.0464 3448 IpFilterDriver - ok
03:09:44.0495 3448 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:09:44.0495 3448 iphlpsvc - ok
03:09:44.0510 3448 IpInIp - ok
03:09:44.0557 3448 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
03:09:44.0557 3448 IPMIDRV - ok
03:09:44.0588 3448 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
03:09:44.0620 3448 IPNAT - ok
03:09:44.0744 3448 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:09:44.0760 3448 iPod Service - ok
03:09:44.0776 3448 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:09:44.0776 3448 IRENUM - ok
03:09:44.0854 3448 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:09:44.0854 3448 isapnp - ok
03:09:44.0978 3448 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:09:44.0978 3448 iScsiPrt - ok
03:09:45.0025 3448 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
03:09:45.0025 3448 iteatapi - ok
03:09:45.0072 3448 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
03:09:45.0103 3448 iteraid - ok
03:09:45.0134 3448 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:09:45.0134 3448 kbdclass - ok
03:09:45.0197 3448 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:09:45.0197 3448 kbdhid - ok
03:09:45.0212 3448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
03:09:45.0212 3448 KeyIso - ok
03:09:45.0244 3448 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:09:45.0259 3448 KSecDD - ok
03:09:45.0322 3448 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:09:45.0322 3448 ksthunk - ok
03:09:45.0415 3448 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
03:09:45.0899 3448 KtmRm - ok
03:09:46.0102 3448 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
03:09:46.0117 3448 LanmanServer - ok
03:09:46.0320 3448 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:09:46.0320 3448 LanmanWorkstation - ok
03:09:46.0351 3448 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:09:46.0351 3448 lltdio - ok
03:09:46.0445 3448 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:09:46.0570 3448 lltdsvc - ok
03:09:46.0648 3448 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:09:46.0648 3448 lmhosts - ok
03:09:46.0710 3448 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:09:46.0741 3448 LSI_FC - ok
03:09:46.0772 3448 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:09:46.0866 3448 LSI_SAS - ok
03:09:46.0897 3448 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:09:46.0928 3448 LSI_SCSI - ok
03:09:46.0960 3448 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
03:09:46.0960 3448 luafv - ok
03:09:47.0147 3448 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:09:47.0147 3448 MBAMProtector - ok
03:09:47.0443 3448 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:09:47.0443 3448 MBAMScheduler - ok
03:09:47.0740 3448 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:09:47.0740 3448 MBAMService - ok
03:09:48.0176 3448 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:09:48.0395 3448 McComponentHostService - ok
03:09:48.0473 3448 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:09:48.0504 3448 Mcx2Svc - ok
03:09:48.0598 3448 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
03:09:48.0644 3448 megasas - ok
03:09:48.0863 3448 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
03:09:49.0019 3448 MegaSR - ok
03:09:49.0066 3448 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
03:09:49.0066 3448 MMCSS - ok
03:09:49.0081 3448 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
03:09:49.0081 3448 Modem - ok
03:09:49.0144 3448 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:09:49.0144 3448 monitor - ok
03:09:49.0378 3448 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
03:09:49.0378 3448 MotoHelper - ok
03:09:49.0424 3448 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:09:49.0424 3448 mouclass - ok
03:09:49.0518 3448 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:09:49.0518 3448 mouhid - ok
03:09:49.0596 3448 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
03:09:49.0658 3448 MountMgr - ok
03:09:49.0783 3448 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:09:49.0799 3448 MozillaMaintenance - ok
03:09:49.0924 3448 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
03:09:49.0970 3448 mpio - ok
03:09:49.0986 3448 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:09:49.0986 3448 mpsdrv - ok
03:09:50.0173 3448 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
03:09:50.0189 3448 MpsSvc - ok
03:09:50.0236 3448 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
03:09:50.0314 3448 Mraid35x - ok
03:09:50.0392 3448 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:09:50.0392 3448 MRxDAV - ok
03:09:50.0470 3448 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:09:50.0470 3448 mrxsmb - ok
03:09:50.0548 3448 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:09:50.0548 3448 mrxsmb10 - ok
03:09:50.0594 3448 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:09:50.0594 3448 mrxsmb20 - ok
03:09:50.0626 3448 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
03:09:50.0641 3448 msahci - ok
03:09:50.0657 3448 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:09:50.0672 3448 msdsm - ok
03:09:50.0704 3448 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
03:09:50.0719 3448 MSDTC - ok
03:09:50.0750 3448 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:09:50.0750 3448 Msfs - ok
03:09:50.0813 3448 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:09:50.0813 3448 msisadrv - ok
03:09:50.0875 3448 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:09:50.0906 3448 MSiSCSI - ok
03:09:50.0906 3448 msiserver - ok
03:09:50.0984 3448 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:09:51.0000 3448 MSKSSRV - ok
03:09:51.0031 3448 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:09:51.0031 3448 MSPCLOCK - ok
03:09:51.0062 3448 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:09:51.0062 3448 MSPQM - ok
03:09:51.0094 3448 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:09:51.0109 3448 MsRPC - ok
03:09:51.0125 3448 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:09:51.0125 3448 mssmbios - ok
03:09:51.0140 3448 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:09:51.0156 3448 MSTEE - ok
03:09:51.0172 3448 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
03:09:51.0187 3448 Mup - ok
03:09:51.0218 3448 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
03:09:51.0218 3448 napagent - ok
03:09:51.0343 3448 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:09:51.0343 3448 NativeWifiP - ok
03:09:51.0499 3448 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121002.025\ENG64.SYS
03:09:51.0515 3448 NAVENG - ok
03:09:52.0092 3448 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121002.025\EX64.SYS
03:09:52.0373 3448 NAVEX15 - ok
03:09:52.0482 3448 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:09:52.0498 3448 NDIS - ok
03:09:52.0544 3448 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:09:52.0544 3448 NdisTapi - ok
03:09:52.0560 3448 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:09:52.0560 3448 Ndisuio - ok
03:09:52.0638 3448 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:09:52.0638 3448 NdisWan - ok
03:09:52.0685 3448 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:09:52.0685 3448 NDProxy - ok
03:09:52.0716 3448 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:09:52.0716 3448 NetBIOS - ok
03:09:52.0825 3448 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
03:09:52.0825 3448 netbt - ok
03:09:52.0856 3448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
03:09:52.0856 3448 Netlogon - ok
03:09:52.0966 3448 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
03:09:52.0981 3448 Netman - ok
03:09:53.0168 3448 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
03:09:53.0168 3448 netprofm - ok
03:09:53.0278 3448 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:09:53.0356 3448 NetTcpPortSharing - ok
03:09:53.0402 3448 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:09:53.0418 3448 nfrd960 - ok
03:09:54.0245 3448 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
03:09:54.0292 3448 NIS - ok
03:09:54.0697 3448 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
03:09:55.0586 3448 NlaSvc - ok
03:09:55.0633 3448 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:09:55.0633 3448 Npfs - ok
03:09:55.0649 3448 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
03:09:55.0649 3448 nsi - ok
03:09:55.0696 3448 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:09:55.0696 3448 nsiproxy - ok
03:09:55.0867 3448 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:09:55.0930 3448 Ntfs - ok
03:09:55.0945 3448 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
03:09:55.0945 3448 Null - ok
03:09:55.0976 3448 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:09:55.0992 3448 nvraid - ok
03:09:56.0023 3448 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:09:56.0039 3448 nvstor - ok
03:09:56.0086 3448 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:09:56.0117 3448 nv_agp - ok
03:09:56.0117 3448 NwlnkFlt - ok
03:09:56.0132 3448 NwlnkFwd - ok
03:09:56.0507 3448 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:09:56.0663 3448 odserv - ok
03:09:56.0756 3448 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
03:09:56.0756 3448 ohci1394 - ok
03:09:56.0803 3448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:09:56.0819 3448 ose - ok
03:09:57.0365 3448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
03:09:57.0396 3448 p2pimsvc - ok
03:09:57.0692 3448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
03:09:59.0923 3448 p2psvc - ok
03:10:00.0032 3448 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
03:10:00.0110 3448 Parport - ok
03:10:00.0188 3448 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:10:00.0220 3448 partmgr - ok
03:10:00.0266 3448 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
03:10:00.0266 3448 PcaSvc - ok
03:10:00.0329 3448 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
03:10:00.0344 3448 pci - ok
03:10:00.0407 3448 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
03:10:00.0500 3448 pciide - ok
03:10:00.0641 3448 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:10:00.0719 3448 pcmcia - ok
03:10:00.0766 3448 PCTINDIS5X64 - ok
03:10:00.0844 3448 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:10:00.0844 3448 PEAUTH - ok
03:10:01.0795 3448 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:10:01.0795 3448 PerfHost - ok
03:10:01.0967 3448 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
03:10:01.0982 3448 pla - ok
03:10:02.0170 3448 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:10:02.0170 3448 PlugPlay - ok
03:10:02.0372 3448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
03:10:02.0388 3448 PNRPAutoReg - ok
03:10:02.0450 3448 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
03:10:02.0466 3448 PNRPsvc - ok
03:10:02.0528 3448 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:10:02.0544 3448 PolicyAgent - ok
03:10:02.0591 3448 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:10:02.0591 3448 PptpMiniport - ok
03:10:02.0606 3448 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
03:10:02.0606 3448 Processor - ok
03:10:02.0669 3448 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
03:10:02.0669 3448 ProfSvc - ok
03:10:02.0684 3448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
03:10:02.0684 3448 ProtectedStorage - ok
03:10:02.0794 3448 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
03:10:02.0794 3448 PSched - ok
03:10:02.0903 3448 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
03:10:02.0934 3448 PxHlpa64 - ok
03:10:03.0418 3448 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:10:03.0527 3448 ql2300 - ok
03:10:03.0589 3448 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:10:03.0683 3448 ql40xx - ok
03:10:03.0745 3448 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
03:10:03.0745 3448 QWAVE - ok
03:10:03.0761 3448 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:10:03.0761 3448 QWAVEdrv - ok
03:10:03.0792 3448 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:10:03.0792 3448 RasAcd - ok
03:10:03.0870 3448 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
03:10:03.0870 3448 RasAuto - ok
03:10:03.0932 3448 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:10:03.0932 3448 Rasl2tp - ok
03:10:03.0979 3448 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
03:10:03.0979 3448 RasMan - ok
03:10:04.0010 3448 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:10:04.0010 3448 RasPppoe - ok
03:10:04.0042 3448 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:10:04.0042 3448 RasSstp - ok
03:10:04.0166 3448 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:10:04.0182 3448 rdbss - ok
03:10:04.0198 3448 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:10:04.0198 3448 RDPCDD - ok
03:10:04.0291 3448 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
03:10:04.0307 3448 rdpdr - ok
03:10:04.0338 3448 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:10:04.0338 3448 RDPENCDD - ok
03:10:04.0447 3448 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:10:04.0478 3448 RDPWD - ok
03:10:04.0494 3448 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:10:04.0494 3448 RemoteAccess - ok
03:10:04.0556 3448 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:10:04.0556 3448 RemoteRegistry - ok
03:10:04.0588 3448 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
03:10:04.0588 3448 RimVSerPort - ok
03:10:04.0603 3448 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
03:10:04.0619 3448 ROOTMODEM - ok
03:10:04.0650 3448 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
03:10:04.0650 3448 RpcLocator - ok
03:10:04.0759 3448 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
03:10:04.0775 3448 RpcSs - ok
03:10:04.0806 3448 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:10:04.0806 3448 rspndr - ok
03:10:04.0993 3448 [ 67C7695D3B18682ADDF8419EDA4BBFB8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
03:10:04.0993 3448 RTHDMIAzAudService - ok
03:10:05.0118 3448 [ CDE8878421B2CDBDCBA4B267ABAFC8F8 ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
03:10:05.0118 3448 RTL85n64 - ok
03:10:05.0165 3448 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
03:10:05.0165 3448 SamSs - ok
03:10:05.0227 3448 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:10:05.0305 3448 sbp2port - ok
03:10:05.0383 3448 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:10:05.0383 3448 SCardSvr - ok
03:10:05.0492 3448 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
03:10:05.0508 3448 Schedule - ok
03:10:05.0539 3448 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
03:10:05.0539 3448 SCPolicySvc - ok
03:10:05.0602 3448 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:10:05.0602 3448 SDRSVC - ok
03:10:05.0664 3448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:10:05.0664 3448 secdrv - ok
03:10:05.0680 3448 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
03:10:05.0680 3448 seclogon - ok
03:10:05.0711 3448 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
03:10:05.0711 3448 SENS - ok
03:10:05.0804 3448 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
03:10:05.0851 3448 Serenum - ok
03:10:05.0867 3448 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
03:10:05.0882 3448 Serial - ok
03:10:05.0898 3448 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:10:05.0898 3448 sermouse - ok
03:10:05.0945 3448 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
03:10:05.0960 3448 SessionEnv - ok
03:10:05.0976 3448 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:10:05.0976 3448 sffdisk - ok
03:10:05.0976 3448 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:10:06.0007 3448 sffp_mmc - ok
03:10:06.0023 3448 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:10:06.0038 3448 sffp_sd - ok
03:10:06.0085 3448 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:10:06.0101 3448 sfloppy - ok
03:10:06.0148 3448 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:10:06.0148 3448 SharedAccess - ok
03:10:06.0335 3448 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:10:06.0335 3448 ShellHWDetection - ok
03:10:06.0413 3448 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
03:10:06.0428 3448 SiSRaid2 - ok
03:10:06.0491 3448 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:10:06.0506 3448 SiSRaid4 - ok
03:10:07.0255 3448 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
03:10:07.0474 3448 slsvc - ok
03:10:07.0505 3448 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
03:10:07.0505 3448 SLUINotify - ok
03:10:07.0536 3448 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:10:07.0536 3448 Smb - ok
03:10:07.0598 3448 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:10:07.0598 3448 SNMPTRAP - ok
03:10:07.0645 3448 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
03:10:07.0645 3448 spldr - ok
03:10:07.0692 3448 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
03:10:07.0692 3448 Spooler - ok
03:10:08.0035 3448 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
03:10:08.0207 3448 SRTSP - ok
03:10:08.0269 3448 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
03:10:08.0269 3448 SRTSPX - ok
03:10:08.0456 3448 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
03:10:08.0472 3448 srv - ok
03:10:08.0519 3448 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:10:08.0519 3448 srv2 - ok
03:10:08.0566 3448 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:10:08.0566 3448 srvnet - ok
03:10:08.0628 3448 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:10:08.0628 3448 SSDPSRV - ok
03:10:08.0722 3448 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:10:08.0722 3448 SstpSvc - ok
03:10:08.0800 3448 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
03:10:08.0800 3448 StillCam - ok
03:10:09.0002 3448 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
03:10:09.0002 3448 stisvc - ok
03:10:09.0112 3448 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:10:09.0112 3448 swenum - ok
03:10:09.0127 3448 swmsflt - ok
03:10:09.0205 3448 [ 6A7174F929B326CBFAE9227AA13652C2 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
03:10:09.0268 3448 SWNC8UA3 - ok
03:10:09.0470 3448 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
03:10:09.0486 3448 swprv - ok
03:10:09.0626 3448 [ 6149B0691BEB390A0BDA3A8E90787FD4 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
03:10:09.0736 3448 SWUMXA3 - ok
03:10:09.0782 3448 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
03:10:09.0798 3448 Symc8xx - ok
03:10:09.0845 3448 SYMDNS - ok
03:10:10.0032 3448 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
03:10:10.0094 3448 SymDS - ok
03:10:10.0219 3448 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
03:10:10.0672 3448 SymEFA - ok
03:10:10.0750 3448 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
03:10:10.0750 3448 SymEvent - ok
03:10:10.0828 3448 SYMFW - ok
03:10:10.0968 3448 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
03:10:10.0968 3448 SymIM - ok
03:10:11.0062 3448 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
03:10:11.0062 3448 SymIRON - ok
03:10:11.0062 3448 SYMNDISV - ok
03:10:11.0108 3448 SYMREDRV - ok
03:10:11.0249 3448 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS
03:10:11.0249 3448 SYMTDIv - ok
03:10:11.0264 3448 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
03:10:11.0296 3448 Sym_hi - ok
03:10:11.0389 3448 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
03:10:11.0420 3448 Sym_u3 - ok
03:10:11.0779 3448 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
03:10:11.0779 3448 SysMain - ok
03:10:11.0842 3448 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:10:11.0857 3448 TabletInputService - ok
03:10:11.0951 3448 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:10:11.0951 3448 TapiSrv - ok
03:10:12.0076 3448 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
03:10:12.0091 3448 TBS - ok
03:10:12.0481 3448 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:10:12.0856 3448 Tcpip - ok
03:10:13.0090 3448 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
03:10:13.0105 3448 Tcpip6 - ok
03:10:13.0183 3448 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:10:13.0183 3448 tcpipreg - ok
03:10:13.0246 3448 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:10:13.0277 3448 TDPIPE - ok
03:10:13.0308 3448 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:10:13.0339 3448 TDTCP - ok
03:10:13.0417 3448 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:10:13.0417 3448 tdx - ok
03:10:13.0448 3448 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:10:13.0448 3448 TermDD - ok
03:10:13.0526 3448 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
03:10:13.0542 3448 TermService - ok
03:10:13.0589 3448 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
03:10:13.0604 3448 Themes - ok
03:10:13.0636 3448 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
03:10:13.0636 3448 THREADORDER - ok
03:10:13.0714 3448 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
03:10:13.0729 3448 TomTomHOMEService - ok
03:10:13.0792 3448 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
03:10:13.0792 3448 TrkWks - ok
03:10:13.0885 3448 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:10:13.0885 3448 TrustedInstaller - ok
03:10:13.0948 3448 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:10:13.0963 3448 tssecsrv - ok
03:10:13.0994 3448 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
03:10:13.0994 3448 tunmp - ok
03:10:14.0104 3448 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:10:14.0104 3448 tunnel - ok
03:10:14.0135 3448 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:10:14.0166 3448 uagp35 - ok
03:10:14.0275 3448 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:10:14.0353 3448 udfs - ok
03:10:14.0416 3448 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:10:14.0416 3448 UI0Detect - ok
03:10:14.0462 3448 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:10:14.0603 3448 uliagpkx - ok
03:10:14.0821 3448 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
03:10:15.0149 3448 uliahci - ok
03:10:15.0289 3448 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
03:10:15.0414 3448 UlSata - ok
03:10:15.0617 3448 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
03:10:15.0788 3448 ulsata2 - ok
03:10:15.0944 3448 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:10:15.0944 3448 umbus - ok
03:10:15.0991 3448 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
03:10:16.0069 3448 UMPass - ok
03:10:16.0272 3448 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
03:10:16.0288 3448 upnphost - ok
03:10:16.0334 3448 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
03:10:16.0412 3448 USBAAPL64 - ok
03:10:16.0615 3448 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
03:10:16.0787 3448 usbaudio - ok
03:10:16.0974 3448 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:10:16.0974 3448 usbccgp - ok
03:10:17.0068 3448 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
03:10:17.0068 3448 usbcir - ok
03:10:17.0255 3448 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:10:17.0255 3448 usbehci - ok
03:10:17.0504 3448 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:10:17.0520 3448 usbhub - ok
03:10:17.0567 3448 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
03:10:17.0582 3448 usbohci - ok
03:10:17.0598 3448 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
03:10:17.0660 3448 usbprint - ok
03:10:17.0707 3448 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:10:17.0723 3448 USBSTOR - ok
03:10:17.0816 3448 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
03:10:17.0832 3448 usbuhci - ok
03:10:17.0957 3448 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
03:10:17.0957 3448 UxSms - ok
03:10:18.0191 3448 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
03:10:18.0206 3448 vds - ok
03:10:18.0331 3448 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:10:18.0378 3448 vga - ok
03:10:18.0440 3448 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
03:10:18.0440 3448 VgaSave - ok
03:10:18.0534 3448 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
03:10:18.0534 3448 viaide - ok
03:10:18.0643 3448 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:10:18.0706 3448 volmgr - ok
03:10:18.0846 3448 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:10:19.0002 3448 volmgrx - ok
03:10:19.0080 3448 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:10:19.0252 3448 volsnap - ok
03:10:19.0361 3448 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:10:19.0454 3448 vsmraid - ok
03:10:20.0000 3448 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
03:10:20.0016 3448 VSS - ok
03:10:20.0173 3448 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
03:10:20.0189 3448 W32Time - ok
03:10:20.0267 3448 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:10:20.0329 3448 WacomPen - ok
03:10:20.0391 3448 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
03:10:20.0391 3448 Wanarp - ok
03:10:20.0423 3448 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:10:20.0423 3448 Wanarpv6 - ok
03:10:20.0797 3448 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:10:20.0813 3448 wcncsvc - ok
03:10:20.0891 3448 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:10:20.0906 3448 WcsPlugInService - ok
03:10:21.0000 3448 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
03:10:21.0079 3448 Wd - ok
03:10:21.0422 3448 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:10:22.0093 3448 Wdf01000 - ok
03:10:22.0171 3448 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:10:22.0768 3448 WdiServiceHost - ok
03:10:22.0843 3448 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:10:22.0847 3448 WdiSystemHost - ok
03:10:22.0991 3448 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
03:10:22.0996 3448 WebClient - ok
03:10:23.0351 3448 [ BA1F739B17583866448566BDBE8B79D3 ] WebOptimizer C:\Windows\system32\dmwu.exe
03:10:23.0366 3448 WebOptimizer - ok
03:10:23.0468 3448 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:10:23.0473 3448 Wecsvc - ok
03:10:23.0526 3448 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:10:23.0530 3448 wercplsupport - ok
03:10:23.0570 3448 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
03:10:23.0574 3448 WerSvc - ok
03:10:23.0599 3448 WinDefend - ok
03:10:23.0612 3448 WinHttpAutoProxySvc - ok
03:10:24.0006 3448 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:10:24.0020 3448 Winmgmt - ok
03:10:24.0918 3448 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
03:10:24.0942 3448 WinRM - ok
03:10:25.0193 3448 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
03:10:25.0202 3448 Wlansvc - ok
03:10:25.0260 3448 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:10:25.0261 3448 WmiAcpi - ok
03:10:25.0349 3448 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:10:25.0351 3448 wmiApSrv - ok
03:10:25.0393 3448 WMPNetworkSvc - ok
03:10:25.0466 3448 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:10:25.0471 3448 WPCSvc - ok
03:10:25.0546 3448 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:10:25.0550 3448 WPDBusEnum - ok
03:10:26.0319 3448 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:10:26.0347 3448 WPFFontCache_v0400 - ok
03:10:26.0392 3448 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:10:26.0418 3448 ws2ifsl - ok
03:10:26.0453 3448 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
03:10:26.0455 3448 wscsvc - ok
03:10:26.0538 3448 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
03:10:26.0578 3448 WSDPrintDevice - ok
03:10:26.0582 3448 WSearch - ok
03:10:27.0021 3448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:10:27.0047 3448 wuauserv - ok
03:10:27.0123 3448 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:10:27.0125 3448 WUDFRd - ok
03:10:27.0168 3448 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:10:27.0172 3448 wudfsvc - ok
03:10:27.0299 3448 [ D433F6726A727B0528F6E39F423FE1FD ] yksvc C:\Windows\System32\ykx64mpcoinst.dll
03:10:27.0307 3448 yksvc - ok
03:10:27.0537 3448 [ D34FAA40D8AF3DB716E67DE203EF62CA ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
03:10:27.0604 3448 yukonx64 - ok
03:10:27.0636 3448 ================ Scan global ===============================
03:10:27.0677 3448 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
03:10:27.0799 3448 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:10:27.0843 3448 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:10:27.0949 3448 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
03:10:27.0953 3448 [Global] - ok
03:10:27.0953 3448 ================ Scan MBR ==================================
03:10:27.0972 3448 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
03:10:30.0718 3448 \Device\Harddisk0\DR0 - ok
03:10:30.0718 3448 ================ Scan VBR ==================================
03:10:30.0758 3448 [ ECE26814405869B69FD7FC065969203C ] \Device\Harddisk0\DR0\Partition1
03:10:30.0849 3448 \Device\Harddisk0\DR0\Partition1 - ok
03:10:30.0850 3448 ============================================================
03:10:30.0850 3448 Scan finished
03:10:30.0850 3448 ============================================================
03:10:30.0866 3440 Detected object count: 0
03:10:30.0866 3440 Actual detected object count: 0
03:14:50.0087 5432 ============================================================
03:14:50.0087 5432 Scan started
03:14:50.0087 5432 Mode: Manual; TDLFS;
03:14:50.0087 5432 ============================================================
03:14:50.0664 5432 ================ Scan system memory ========================
03:14:50.0664 5432 System memory - ok
03:14:50.0664 5432 ================ Scan services =============================
03:14:50.0836 5432 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
03:14:50.0852 5432 ACPI - ok
03:14:51.0023 5432 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
03:14:51.0070 5432 AdobeActiveFileMonitor5.0 - ok
03:14:51.0195 5432 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
03:14:51.0195 5432 AdobeActiveFileMonitor7.0 - ok
03:14:51.0413 5432 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:14:51.0444 5432 AdobeFlashPlayerUpdateSvc - ok
03:14:51.0538 5432 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:14:51.0569 5432 adp94xx - ok
03:14:51.0694 5432 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:14:51.0694 5432 adpahci - ok
03:14:51.0741 5432 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
03:14:51.0741 5432 adpu160m - ok
03:14:51.0788 5432 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:14:51.0803 5432 adpu320 - ok
03:14:51.0819 5432 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:14:51.0819 5432 AeLookupSvc - ok
03:14:51.0912 5432 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
03:14:51.0912 5432 AFD - ok
03:14:51.0944 5432 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
03:14:51.0944 5432 AgereModemAudio - ok
03:14:52.0115 5432 [ 385471F8147E1BD6A08C031E3AAD3910 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
03:14:52.0131 5432 AgereSoftModem - ok
03:14:52.0162 5432 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:14:52.0162 5432 agp440 - ok
03:14:52.0256 5432 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
03:14:52.0256 5432 ahcix64s - ok
03:14:52.0287 5432 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
03:14:52.0302 5432 aic78xx - ok
03:14:52.0349 5432 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
03:14:52.0349 5432 ALG - ok
03:14:52.0380 5432 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
03:14:52.0380 5432 aliide - ok
03:14:52.0427 5432 [ 0BDE3222789749571C3D706F0181203D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:14:52.0443 5432 AMD External Events Utility - ok
03:14:52.0521 5432 AMD FUEL Service - ok
03:14:52.0536 5432 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
03:14:52.0536 5432 amdide - ok
03:14:52.0552 5432 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
03:14:52.0568 5432 amdiox64 - ok
03:14:52.0614 5432 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:14:52.0614 5432 AmdK8 - ok
03:14:53.0675 5432 [ 75BBD04F450CE109031A215FD4EC667A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:14:53.0753 5432 amdkmdag - ok
03:14:53.0831 5432 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:14:53.0831 5432 amdkmdap - ok
03:14:53.0894 5432 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
03:14:53.0894 5432 Appinfo - ok
03:14:53.0956 5432 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:14:53.0956 5432 Apple Mobile Device - ok
03:14:53.0987 5432 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
03:14:53.0987 5432 arc - ok
03:14:54.0034 5432 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:14:54.0050 5432 arcsas - ok
03:14:54.0065 5432 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:14:54.0081 5432 AsyncMac - ok
03:14:54.0081 5432 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
03:14:54.0081 5432 atapi - ok
03:14:54.0705 5432 [ 75BBD04F450CE109031A215FD4EC667A ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:14:54.0798 5432 atikmdag - ok
03:14:54.0845 5432 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
03:14:54.0845 5432 AtiPcie - ok
03:14:54.0939 5432 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:14:54.0939 5432 AudioEndpointBuilder - ok
03:14:55.0001 5432 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:14:55.0001 5432 AudioSrv - ok
03:14:55.0064 5432 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
03:14:55.0064 5432 BFE - ok
03:14:55.0376 5432 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
03:14:55.0391 5432 BHDrvx64 - ok
03:14:55.0469 5432 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
03:14:55.0485 5432 BITS - ok
03:14:55.0563 5432 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
03:14:55.0594 5432 blbdrive - ok
03:14:55.0641 5432 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:14:55.0641 5432 Bonjour Service - ok
03:14:55.0672 5432 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:14:55.0672 5432 bowser - ok
03:14:55.0688 5432 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
03:14:55.0688 5432 BrFiltLo - ok
03:14:55.0719 5432 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
03:14:55.0719 5432 BrFiltUp - ok
03:14:55.0750 5432 [ 71142FA02068CB93C9319417737C915D ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
03:14:55.0781 5432 Bridge - ok
03:14:55.0781 5432 [ 71142FA02068CB93C9319417737C915D ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
03:14:55.0781 5432 BridgeMP - ok
03:14:55.0844 5432 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
03:14:55.0844 5432 Browser - ok
03:14:55.0875 5432 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
03:14:55.0890 5432 Brserid - ok
03:14:55.0922 5432 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
03:14:55.0922 5432 BrSerWdm - ok
03:14:55.0953 5432 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
03:14:55.0953 5432 BrUsbMdm - ok
03:14:55.0968 5432 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
03:14:55.0968 5432 BrUsbSer - ok
03:14:56.0000 5432 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:14:56.0000 5432 BTHMODEM - ok
03:14:56.0093 5432 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
03:14:56.0093 5432 ccSet_NIS - ok
03:14:56.0140 5432 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:14:56.0140 5432 cdfs - ok
03:14:56.0187 5432 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:14:56.0187 5432 cdrom - ok
03:14:56.0249 5432 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
03:14:56.0249 5432 CertPropSvc - ok
03:14:56.0280 5432 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
03:14:56.0280 5432 circlass - ok
03:14:56.0312 5432 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
03:14:56.0312 5432 CLFS - ok
03:14:56.0405 5432 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:14:56.0405 5432 clr_optimization_v2.0.50727_32 - ok
03:14:56.0452 5432 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:14:56.0452 5432 clr_optimization_v2.0.50727_64 - ok
03:14:56.0530 5432 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:14:56.0530 5432 clr_optimization_v4.0.30319_32 - ok
03:14:56.0592 5432 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:14:56.0592 5432 clr_optimization_v4.0.30319_64 - ok
03:14:56.0608 5432 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:14:56.0608 5432 cmdide - ok
03:14:56.0670 5432 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:14:56.0670 5432 Compbatt - ok
03:14:56.0686 5432 COMSysApp - ok
03:14:56.0717 5432 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:14:56.0717 5432 crcdisk - ok
03:14:56.0748 5432 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:14:56.0748 5432 CryptSvc - ok
03:14:56.0795 5432 [ 53C879266EFA8D2FA54B99841392DFAF ] cxpl_mhd C:\Windows\system32\drivers\y_cx88x.sys
03:14:56.0795 5432 cxpl_mhd - ok
03:14:56.0920 5432 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
03:14:56.0936 5432 DcomLaunch - ok
03:14:56.0998 5432 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:14:56.0998 5432 DfsC - ok
03:14:57.0123 5432 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
03:14:57.0154 5432 DFSR - ok
03:14:57.0248 5432 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
03:14:57.0263 5432 Dhcp - ok
03:14:57.0326 5432 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
03:14:57.0326 5432 disk - ok
03:14:57.0341 5432 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:14:57.0357 5432 Dnscache - ok
03:14:57.0419 5432 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
03:14:57.0419 5432 dot3svc - ok
03:14:57.0482 5432 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
03:14:57.0482 5432 DPS - ok
03:14:57.0544 5432 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:14:57.0544 5432 drmkaud - ok
03:14:57.0638 5432 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:14:57.0638 5432 DXGKrnl - ok
03:14:57.0700 5432 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
03:14:57.0731 5432 E1G60 - ok
03:14:57.0747 5432 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
03:14:57.0747 5432 EapHost - ok
03:14:57.0778 5432 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
03:14:57.0778 5432 Ecache - ok
03:14:57.0872 5432 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
03:14:57.0872 5432 eeCtrl - ok
03:14:57.0965 5432 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:14:57.0981 5432 ehRecvr - ok
03:14:58.0043 5432 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
03:14:58.0043 5432 ehSched - ok
03:14:58.0090 5432 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
03:14:58.0090 5432 ehstart - ok
03:14:58.0230 5432 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:14:58.0230 5432 elxstor - ok
03:14:58.0371 5432 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
03:14:58.0371 5432 EMDMgmt - ok
03:14:58.0464 5432 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:14:58.0464 5432 EraserUtilRebootDrv - ok
03:14:58.0480 5432 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:14:58.0480 5432 ErrDev - ok
03:14:58.0605 5432 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
03:14:58.0620 5432 EventSystem - ok
03:14:58.0730 5432 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
03:14:58.0730 5432 exfat - ok
03:14:58.0745 5432 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:14:58.0745 5432 fastfat - ok
03:14:58.0854 5432 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:14:58.0854 5432 fdc - ok
03:14:58.0870 5432 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
03:14:58.0870 5432 fdPHost - ok
03:14:58.0901 5432 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
03:14:58.0901 5432 FDResPub - ok
03:14:58.0917 5432 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:14:58.0917 5432 FileInfo - ok
03:14:58.0932 5432 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:14:58.0964 5432 Filetrace - ok
03:14:58.0995 5432 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:14:59.0010 5432 FLEXnet Licensing Service - ok
03:14:59.0073 5432 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:14:59.0073 5432 flpydisk - ok
03:14:59.0229 5432 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:14:59.0229 5432 FltMgr - ok
03:14:59.0385 5432 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
03:14:59.0400 5432 FontCache - ok
03:14:59.0447 5432 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:14:59.0447 5432 FontCache3.0.0.0 - ok
03:14:59.0478 5432 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:14:59.0478 5432 Fs_Rec - ok
03:14:59.0525 5432 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:14:59.0525 5432 gagp30kx - ok
03:14:59.0666 5432 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
03:14:59.0666 5432 GameConsoleService - ok
03:14:59.0759 5432 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:14:59.0790 5432 GEARAspiWDM - ok
03:14:59.0837 5432 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
03:14:59.0837 5432 gpsvc - ok
03:14:59.0915 5432 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:14:59.0931 5432 gupdate - ok
03:14:59.0962 5432 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:14:59.0962 5432 gupdatem - ok
03:15:00.0040 5432 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:15:00.0040 5432 gusvc - ok
03:15:00.0087 5432 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:15:00.0087 5432 HdAudAddService - ok
03:15:00.0258 5432 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:15:00.0258 5432 HDAudBus - ok
03:15:00.0352 5432 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:15:00.0352 5432 HidBth - ok
03:15:00.0399 5432 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
03:15:00.0399 5432 HidIr - ok
03:15:00.0430 5432 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
03:15:00.0446 5432 hidserv - ok
03:15:00.0477 5432 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:15:00.0508 5432 HidUsb - ok
03:15:00.0539 5432 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
03:15:00.0539 5432 hkmsvc - ok
03:15:00.0570 5432 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
03:15:00.0570 5432 HpCISSs - ok
03:15:00.0664 5432 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:15:00.0680 5432 HTTP - ok
03:15:00.0711 5432 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
03:15:00.0711 5432 i2omp - ok
03:15:00.0742 5432 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:15:00.0742 5432 i8042prt - ok
03:15:00.0804 5432 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
03:15:00.0804 5432 iaStorV - ok
03:15:00.0882 5432 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:15:00.0882 5432 idsvc - ok
03:15:00.0976 5432 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121002.001\IDSvia64.sys
03:15:00.0976 5432 IDSVia64 - ok
03:15:01.0038 5432 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:15:01.0038 5432 iirsp - ok
03:15:01.0101 5432 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
03:15:01.0101 5432 IKEEXT - ok
03:15:01.0241 5432 [ 88798B4381FD58FAE2DA07880C177C5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:15:01.0272 5432 IntcAzAudAddService - ok
03:15:01.0304 5432 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
03:15:01.0335 5432 intelide - ok
03:15:01.0366 5432 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:15:01.0366 5432 intelppm - ok
03:15:01.0413 5432 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:15:01.0428 5432 IPBusEnum - ok
03:15:01.0506 5432 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:15:01.0506 5432 IpFilterDriver - ok
03:15:01.0553 5432 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:15:01.0569 5432 iphlpsvc - ok
03:15:01.0569 5432 IpInIp - ok
03:15:01.0631 5432 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
03:15:01.0631 5432 IPMIDRV - ok
03:15:01.0662 5432 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
03:15:01.0662 5432 IPNAT - ok
03:15:01.0725 5432 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:15:01.0740 5432 iPod Service - ok
03:15:01.0787 5432 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:15:01.0787 5432 IRENUM - ok
03:15:01.0818 5432 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:15:01.0818 5432 isapnp - ok
03:15:01.0850 5432 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:15:01.0850 5432 iScsiPrt - ok
03:15:01.0943 5432 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
03:15:01.0943 5432 iteatapi - ok
03:15:01.0974 5432 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
03:15:01.0974 5432 iteraid - ok
03:15:01.0990 5432 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:15:01.0990 5432 kbdclass - ok
03:15:02.0037 5432 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:15:02.0037 5432 kbdhid - ok
03:15:02.0052 5432 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
03:15:02.0052 5432 KeyIso - ok
03:15:02.0099 5432 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:15:02.0115 5432 KSecDD - ok
03:15:02.0177 5432 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:15:02.0177 5432 ksthunk - ok
03:15:02.0240 5432 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
03:15:02.0240 5432 KtmRm - ok
03:15:02.0302 5432 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
03:15:02.0302 5432 LanmanServer - ok
03:15:02.0349 5432 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:15:02.0349 5432 LanmanWorkstation - ok
03:15:02.0380 5432 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:15:02.0380 5432 lltdio - ok
03:15:02.0474 5432 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:15:02.0474 5432 lltdsvc - ok
03:15:02.0536 5432 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:15:02.0536 5432 lmhosts - ok
03:15:02.0583 5432 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:15:02.0583 5432 LSI_FC - ok
03:15:02.0614 5432 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:15:02.0614 5432 LSI_SAS - ok
03:15:02.0661 5432 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:15:02.0661 5432 LSI_SCSI - ok
03:15:02.0676 5432 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
03:15:02.0676 5432 luafv - ok
03:15:02.0754 5432 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:15:02.0770 5432 MBAMProtector - ok
03:15:02.0848 5432 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:15:02.0848 5432 MBAMScheduler - ok
03:15:02.0926 5432 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:15:02.0942 5432 MBAMService - ok
03:15:03.0020 5432 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:15:03.0035 5432 McComponentHostService - ok
03:15:03.0113 5432 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:15:03.0113 5432 Mcx2Svc - ok
03:15:03.0160 5432 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
03:15:03.0160 5432 megasas - ok
03:15:03.0191 5432 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
03:15:03.0207 5432 MegaSR - ok
03:15:03.0207 5432 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
03:15:03.0222 5432 MMCSS - ok
03:15:03.0238 5432 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
03:15:03.0238 5432 Modem - ok
03:15:03.0285 5432 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:15:03.0300 5432 monitor - ok
03:15:03.0378 5432 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
03:15:03.0378 5432 MotoHelper - ok
03:15:03.0472 5432 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:15:03.0503 5432 mouclass - ok
03:15:03.0550 5432 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:15:03.0550 5432 mouhid - ok
03:15:03.0612 5432 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
03:15:03.0612 5432 MountMgr - ok
03:15:03.0659 5432 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:15:03.0659 5432 MozillaMaintenance - ok
03:15:03.0690 5432 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
03:15:03.0690 5432 mpio - ok
03:15:03.0706 5432 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:15:03.0706 5432 mpsdrv - ok
03:15:03.0815 5432 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
03:15:03.0831 5432 MpsSvc - ok
03:15:03.0862 5432 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
03:15:03.0862 5432 Mraid35x - ok
03:15:03.0924 5432 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:15:03.0924 5432 MRxDAV - ok
03:15:03.0971 5432 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:15:04.0002 5432 mrxsmb - ok
03:15:04.0034 5432 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:15:04.0034 5432 mrxsmb10 - ok
03:15:04.0096 5432 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:15:04.0096 5432 mrxsmb20 - ok
03:15:04.0127 5432 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
03:15:04.0127 5432 msahci - ok
03:15:04.0158 5432 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:15:04.0158 5432 msdsm - ok
03:15:04.0174 5432 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
03:15:04.0190 5432 MSDTC - ok
03:15:04.0221 5432 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:15:04.0221 5432 Msfs - ok
03:15:04.0268 5432 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:15:04.0268 5432 msisadrv - ok
03:15:04.0330 5432 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:15:04.0330 5432 MSiSCSI - ok
03:15:04.0330 5432 msiserver - ok
03:15:04.0346 5432 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:15:04.0346 5432 MSKSSRV - ok
03:15:04.0377 5432 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:15:04.0377 5432 MSPCLOCK - ok
03:15:04.0408 5432 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:15:04.0408 5432 MSPQM - ok
03:15:04.0470 5432 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:15:04.0470 5432 MsRPC - ok
03:15:04.0533 5432 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:15:04.0533 5432 mssmbios - ok
03:15:04.0548 5432 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:15:04.0548 5432 MSTEE - ok
03:15:04.0611 5432 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
03:15:04.0611 5432 Mup - ok
03:15:04.0673 5432 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
03:15:04.0689 5432 napagent - ok
03:15:04.0720 5432 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:15:04.0720 5432 NativeWifiP - ok
03:15:04.0829 5432 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121002.025\ENG64.SYS
03:15:04.0829 5432 NAVENG - ok
03:15:04.0970 5432 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121002.025\EX64.SYS
03:15:04.0985 5432 NAVEX15 - ok
03:15:05.0094 5432 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:15:05.0110 5432 NDIS - ok
03:15:05.0157 5432 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:15:05.0157 5432 NdisTapi - ok
03:15:05.0188 5432 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:15:05.0188 5432 Ndisuio - ok
03:15:05.0219 5432 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:15:05.0219 5432 NdisWan - ok
03:15:05.0266 5432 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:15:05.0266 5432 NDProxy - ok
03:15:05.0282 5432 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:15:05.0282 5432 NetBIOS - ok
03:15:05.0344 5432 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
03:15:05.0344 5432 netbt - ok
03:15:05.0360 5432 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
03:15:05.0360 5432 Netlogon - ok
03:15:05.0438 5432 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
03:15:05.0438 5432 Netman - ok
03:15:05.0484 5432 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
03:15:05.0500 5432 netprofm - ok
03:15:05.0547 5432 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:15:05.0547 5432 NetTcpPortSharing - ok
03:15:05.0578 5432 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:15:05.0594 5432 nfrd960 - ok
03:15:05.0921 5432 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
03:15:05.0921 5432 NIS - ok
03:15:05.0937 5432 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
03:15:05.0952 5432 NlaSvc - ok
03:15:05.0984 5432 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:15:05.0984 5432 Npfs - ok
03:15:06.0015 5432 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
03:15:06.0015 5432 nsi - ok
03:15:06.0046 5432 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:15:06.0046 5432 nsiproxy - ok
03:15:06.0311 5432 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:15:06.0327 5432 Ntfs - ok
03:15:06.0374 5432 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
03:15:06.0406 5432 Null - ok
03:15:06.0437 5432 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:15:06.0437 5432 nvraid - ok
03:15:06.0468 5432 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:15:06.0468 5432 nvstor - ok
03:15:06.0499 5432 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:15:06.0515 5432 nv_agp - ok
03:15:06.0515 5432 NwlnkFlt - ok
03:15:06.0531 5432 NwlnkFwd - ok
03:15:06.0624 5432 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:15:06.0655 5432 odserv - ok
03:15:06.0718 5432 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
03:15:06.0718 5432 ohci1394 - ok
03:15:06.0749 5432 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:15:06.0749 5432 ose - ok
03:15:06.0889 5432 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
03:15:06.0889 5432 p2pimsvc - ok
03:15:06.0921 5432 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
03:15:06.0921 5432 p2psvc - ok
03:15:06.0999 5432 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
03:15:06.0999 5432 Parport - ok
03:15:07.0030 5432 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:15:07.0030 5432 partmgr - ok
03:15:07.0061 5432 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
03:15:07.0077 5432 PcaSvc - ok
03:15:07.0123 5432 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
03:15:07.0123 5432 pci - ok
03:15:07.0186 5432 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
03:15:07.0201 5432 pciide - ok
03:15:07.0279 5432 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:15:07.0279 5432 pcmcia - ok
03:15:07.0326 5432 PCTINDIS5X64 - ok
03:15:07.0373 5432 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:15:07.0373 5432 PEAUTH - ok
03:15:07.0560 5432 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:15:07.0560 5432 PerfHost - ok
03:15:07.0794 5432 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
03:15:07.0810 5432 pla - ok
03:15:07.0872 5432 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:15:07.0888 5432 PlugPlay - ok
03:15:08.0028 5432 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
03:15:08.0044 5432 PNRPAutoReg - ok
03:15:08.0137 5432 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
03:15:08.0153 5432 PNRPsvc - ok
03:15:08.0278 5432 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:15:08.0293 5432 PolicyAgent - ok
03:15:08.0371 5432 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:15:08.0371 5432 PptpMiniport - ok
03:15:08.0449 5432 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
03:15:08.0449 5432 Processor - ok
03:15:08.0527 5432 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
03:15:08.0527 5432 ProfSvc - ok
03:15:08.0559 5432 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
03:15:08.0559 5432 ProtectedStorage - ok
03:15:08.0590 5432 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
03:15:08.0590 5432 PSched - ok
03:15:08.0621 5432 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
03:15:08.0652 5432 PxHlpa64 - ok
03:15:08.0683 5432 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:15:08.0699 5432 ql2300 - ok
03:15:08.0761 5432 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:15:08.0761 5432 ql40xx - ok
03:15:08.0824 5432 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
03:15:08.0855 5432 QWAVE - ok
03:15:08.0917 5432 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:15:08.0917 5432 QWAVEdrv - ok
03:15:08.0933 5432 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:15:08.0933 5432 RasAcd - ok
03:15:08.0995 5432 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
03:15:08.0995 5432 RasAuto - ok
03:15:09.0073 5432 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:15:09.0073 5432 Rasl2tp - ok
03:15:09.0151 5432 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
03:15:09.0151 5432 RasMan - ok
03:15:09.0183 5432 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:15:09.0198 5432 RasPppoe - ok
03:15:09.0261 5432 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:15:09.0261 5432 RasSstp - ok
03:15:09.0292 5432 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:15:09.0292 5432 rdbss - ok
03:15:09.0370 5432 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:15:09.0370 5432 RDPCDD - ok
03:15:09.0448 5432 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
03:15:09.0448 5432 rdpdr - ok
03:15:09.0479 5432 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:15:09.0479 5432 RDPENCDD - ok
03:15:09.0588 5432 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:15:09.0588 5432 RDPWD - ok
03:15:09.0682 5432 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:15:09.0729 5432 RemoteAccess - ok
03:15:09.0760 5432 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:15:09.0775 5432 RemoteRegistry - ok
03:15:09.0791 5432 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
03:15:09.0791 5432 RimVSerPort - ok
03:15:09.0822 5432 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
03:15:09.0822 5432 ROOTMODEM - ok
03:15:09.0838 5432 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
03:15:09.0838 5432 RpcLocator - ok
03:15:10.0056 5432 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
03:15:10.0056 5432 RpcSs - ok
03:15:10.0119 5432 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:15:10.0119 5432 rspndr - ok
03:15:10.0165 5432 [ 67C7695D3B18682ADDF8419EDA4BBFB8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
03:15:10.0197 5432 RTHDMIAzAudService - ok
03:15:10.0275 5432 [ CDE8878421B2CDBDCBA4B267ABAFC8F8 ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
03:15:10.0290 5432 RTL85n64 - ok
03:15:10.0306 5432 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
03:15:10.0306 5432 SamSs - ok
03:15:10.0353 5432 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:15:10.0353 5432 sbp2port - ok
03:15:10.0399 5432 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:15:10.0415 5432 SCardSvr - ok
03:15:10.0524 5432 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
03:15:10.0524 5432 Schedule - ok
03:15:10.0587 5432 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
03:15:10.0587 5432 SCPolicySvc - ok
03:15:10.0665 5432 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:15:10.0696 5432 SDRSVC - ok
03:15:10.0727 5432 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:15:10.0743 5432 secdrv - ok
03:15:10.0774 5432 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
03:15:10.0774 5432 seclogon - ok
03:15:10.0789 5432 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
03:15:10.0805 5432 SENS - ok
03:15:10.0821 5432 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
03:15:10.0821 5432 Serenum - ok
03:15:10.0852 5432 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
03:15:10.0852 5432 Serial - ok
03:15:10.0914 5432 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:15:10.0914 5432 sermouse - ok
03:15:11.0008 5432 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
03:15:11.0008 5432 SessionEnv - ok
03:15:11.0039 5432 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:15:11.0039 5432 sffdisk - ok
03:15:11.0055 5432 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:15:11.0086 5432 sffp_mmc - ok
03:15:11.0117 5432 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:15:11.0117 5432 sffp_sd - ok
03:15:11.0164 5432 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:15:11.0179 5432 sfloppy - ok
03:15:11.0335 5432 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:15:11.0335 5432 SharedAccess - ok
03:15:11.0460 5432 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:15:11.0476 5432 ShellHWDetection - ok
03:15:11.0491 5432 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
03:15:11.0491 5432 SiSRaid2 - ok
03:15:11.0538 5432 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:15:11.0554 5432 SiSRaid4 - ok
03:15:11.0897 5432 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
03:15:11.0913 5432 slsvc - ok
03:15:12.0006 5432 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
03:15:12.0022 5432 SLUINotify - ok
03:15:12.0037 5432 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:15:12.0037 5432 Smb - ok
03:15:12.0069 5432 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:15:12.0069 5432 SNMPTRAP - ok
03:15:12.0147 5432 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
03:15:12.0147 5432 spldr - ok
03:15:12.0240 5432 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
03:15:12.0240 5432 Spooler - ok
03:15:12.0537 5432 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
03:15:12.0537 5432 SRTSP - ok
03:15:12.0583 5432 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
03:15:12.0599 5432 SRTSPX - ok
03:15:12.0615 5432 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
03:15:12.0630 5432 srv - ok
03:15:12.0739 5432 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:15:12.0739 5432 srv2 - ok
03:15:12.0771 5432 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:15:12.0771 5432 srvnet - ok
03:15:12.0849 5432 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:15:12.0864 5432 SSDPSRV - ok
03:15:12.0880 5432 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:15:12.0880 5432 SstpSvc - ok
03:15:12.0958 5432 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
03:15:12.0989 5432 StillCam - ok
03:15:13.0036 5432 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
03:15:13.0051 5432 stisvc - ok
03:15:13.0176 5432 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:15:13.0176 5432 swenum - ok
03:15:13.0176 5432 swmsflt - ok
03:15:13.0239 5432 [ 6A7174F929B326CBFAE9227AA13652C2 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
03:15:13.0285 5432 SWNC8UA3 - ok
03:15:13.0332 5432 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
03:15:13.0348 5432 swprv - ok
03:15:13.0410 5432 [ 6149B0691BEB390A0BDA3A8E90787FD4 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
03:15:13.0410 5432 SWUMXA3 - ok
03:15:13.0473 5432 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
03:15:13.0488 5432 Symc8xx - ok
03:15:13.0488 5432 SYMDNS - ok
03:15:13.0566 5432 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
03:15:13.0566 5432 SymDS - ok
03:15:13.0691 5432 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
03:15:13.0738 5432 SymEFA - ok
03:15:13.0769 5432 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
03:15:13.0800 5432 SymEvent - ok
03:15:13.0800 5432 SYMFW - ok
03:15:13.0831 5432 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
03:15:13.0847 5432 SymIM - ok
03:15:13.0863 5432 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
03:15:13.0878 5432 SymIRON - ok
03:15:13.0878 5432 SYMNDISV - ok
03:15:13.0894 5432 SYMREDRV - ok
03:15:13.0972 5432 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS
03:15:13.0972 5432 SYMTDIv - ok
03:15:14.0003 5432 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
03:15:14.0003 5432 Sym_hi - ok
03:15:14.0019 5432 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
03:15:14.0034 5432 Sym_u3 - ok
03:15:14.0081 5432 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
03:15:14.0081 5432 SysMain - ok
03:15:14.0143 5432 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:15:14.0159 5432 TabletInputService - ok
03:15:14.0268 5432 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:15:14.0284 5432 TapiSrv - ok
03:15:14.0346 5432 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
03:15:14.0346 5432 TBS - ok
03:15:14.0565 5432 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:15:14.0580 5432 Tcpip - ok
03:15:14.0611 5432 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
03:15:14.0627 5432 Tcpip6 - ok
03:15:14.0689 5432 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:15:14.0705 5432 tcpipreg - ok
03:15:14.0736 5432 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:15:14.0736 5432 TDPIPE - ok
03:15:14.0752 5432 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:15:14.0752 5432 TDTCP - ok
03:15:14.0767 5432 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:15:14.0767 5432 tdx - ok
03:15:14.0830 5432 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:15:14.0830 5432 TermDD - ok
03:15:14.0877 5432 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
03:15:14.0892 5432 TermService - ok
03:15:15.0001 5432 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
03:15:15.0001 5432 Themes - ok
03:15:15.0079 5432 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
03:15:15.0079 5432 THREADORDER - ok
03:15:15.0126 5432 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
03:15:15.0126 5432 TomTomHOMEService - ok
03:15:15.0157 5432 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
03:15:15.0157 5432 TrkWks - ok
03:15:15.0204 5432 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:15:15.0204 5432 TrustedInstaller - ok
03:15:15.0235 5432 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:15:15.0235 5432 tssecsrv - ok
03:15:15.0251 5432 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
03:15:15.0251 5432 tunmp - ok
03:15:15.0267 5432 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:15:15.0267 5432 tunnel - ok
03:15:15.0298 5432 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:15:15.0298 5432 uagp35 - ok
03:15:15.0329 5432 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:15:15.0329 5432 udfs - ok
03:15:15.0376 5432 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:15:15.0376 5432 UI0Detect - ok
03:15:15.0391 5432 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:15:15.0391 5432 uliagpkx - ok
03:15:15.0469 5432 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
03:15:15.0469 5432 uliahci - ok
03:15:15.0501 5432 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
03:15:15.0501 5432 UlSata - ok
03:15:15.0579 5432 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
03:15:15.0579 5432 ulsata2 - ok
03:15:15.0594 5432 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:15:15.0594 5432 umbus - ok
03:15:15.0641 5432 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
03:15:15.0641 5432 UMPass - ok
03:15:15.0750 5432 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
03:15:15.0766 5432 upnphost - ok
03:15:15.0813 5432 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
03:15:15.0828 5432 USBAAPL64 - ok
03:15:15.0859 5432 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
03:15:15.0906 5432 usbaudio - ok
03:15:15.0937 5432 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:15:15.0937 5432 usbccgp - ok
03:15:16.0000 5432 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
03:15:16.0000 5432 usbcir - ok
03:15:16.0031 5432 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:15:16.0031 5432 usbehci - ok
03:15:16.0109 5432 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:15:16.0109 5432 usbhub - ok
03:15:16.0125 5432 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
03:15:16.0125 5432 usbohci - ok
03:15:16.0140 5432 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
03:15:16.0171 5432 usbprint - ok
03:15:16.0203 5432 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:15:16.0218 5432 USBSTOR - ok
03:15:16.0234 5432 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
03:15:16.0234 5432 usbuhci - ok
03:15:16.0312 5432 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
03:15:16.0312 5432 UxSms - ok
03:15:16.0405 5432 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
03:15:16.0405 5432 vds - ok
03:15:16.0437 5432 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:15:16.0437 5432 vga - ok
03:15:16.0452 5432 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
03:15:16.0452 5432 VgaSave - ok
03:15:16.0468 5432 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
03:15:16.0468 5432 viaide - ok
03:15:16.0499 5432 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:15:16.0499 5432 volmgr - ok
03:15:16.0608 5432 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:15:16.0608 5432 volmgrx - ok
03:15:16.0655 5432 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:15:16.0655 5432 volsnap - ok
03:15:16.0780 5432 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:15:16.0780 5432 vsmraid - ok
03:15:16.0842 5432 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
03:15:16.0858 5432 VSS - ok
03:15:16.0936 5432 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
03:15:16.0936 5432 W32Time - ok
03:15:17.0014 5432 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:15:17.0014 5432 WacomPen - ok
03:15:17.0045 5432 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
03:15:17.0045 5432 Wanarp - ok
03:15:17.0045 5432 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:15:17.0045 5432 Wanarpv6 - ok
03:15:17.0107 5432 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:15:17.0107 5432 wcncsvc - ok
03:15:17.0185 5432 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:15:17.0185 5432 WcsPlugInService - ok
03:15:17.0201 5432 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
03:15:17.0201 5432 Wd - ok
03:15:17.0357 5432 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:15:17.0373 5432 Wdf01000 - ok
03:15:17.0435 5432 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:15:17.0435 5432 WdiServiceHost - ok
03:15:17.0435 5432 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:15:17.0451 5432 WdiSystemHost - ok
03:15:17.0482 5432 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
03:15:17.0482 5432 WebClient - ok
03:15:17.0529 5432 [ BA1F739B17583866448566BDBE8B79D3 ] WebOptimizer C:\Windows\system32\dmwu.exe
03:15:17.0544 5432 WebOptimizer - ok
03:15:17.0622 5432 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:15:17.0622 5432 Wecsvc - ok
03:15:17.0653 5432 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:15:17.0653 5432 wercplsupport - ok
03:15:17.0731 5432 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
03:15:17.0731 5432 WerSvc - ok
03:15:17.0763 5432 WinDefend - ok
03:15:17.0763 5432 WinHttpAutoProxySvc - ok
03:15:17.0856 5432 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:15:17.0856 5432 Winmgmt - ok
03:15:17.0934 5432 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
03:15:17.0965 5432 WinRM - ok
03:15:18.0059 5432 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
03:15:18.0075 5432 Wlansvc - ok
03:15:18.0153 5432 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:15:18.0153 5432 WmiAcpi - ok
03:15:18.0184 5432 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:15:18.0184 5432 wmiApSrv - ok
03:15:18.0262 5432 WMPNetworkSvc - ok
03:15:18.0293 5432 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:15:18.0309 5432 WPCSvc - ok
03:15:18.0371 5432 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:15:18.0387 5432 WPDBusEnum - ok
03:15:18.0558 5432 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:15:18.0636 5432 WPFFontCache_v0400 - ok
03:15:18.0683 5432 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:15:18.0683 5432 ws2ifsl - ok
03:15:18.0699 5432 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
03:15:18.0714 5432 wscsvc - ok
03:15:18.0777 5432 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
03:15:18.0808 5432 WSDPrintDevice - ok
03:15:18.0808 5432 WSearch - ok
03:15:18.0948 5432 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:15:18.0979 5432 wuauserv - ok
03:15:18.0995 5432 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:15:18.0995 5432 WUDFRd - ok
03:15:19.0042 5432 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:15:19.0042 5432 wudfsvc - ok
03:15:19.0073 5432 [ D433F6726A727B0528F6E39F423FE1FD ] yksvc C:\Windows\System32\ykx64mpcoinst.dll
03:15:19.0089 5432 yksvc - ok
03:15:19.0135 5432 [ D34FAA40D8AF3DB716E67DE203EF62CA ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
03:15:19.0135 5432 yukonx64 - ok
03:15:19.0151 5432 ================ Scan global ===============================
03:15:19.0167 5432 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
03:15:19.0213 5432 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:15:19.0213 5432 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:15:19.0307 5432 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
03:15:19.0307 5432 [Global] - ok
03:15:19.0307 5432 ================ Scan MBR ==================================
03:15:19.0354 5432 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
03:15:23.0035 5432 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
03:15:23.0035 5432 \Device\Harddisk0\DR0 - detected TDSS File System (1)
03:15:23.0035 5432 ================ Scan VBR ==================================
03:15:23.0129 5432 [ ECE26814405869B69FD7FC065969203C ] \Device\Harddisk0\DR0\Partition1
03:15:23.0145 5432 \Device\Harddisk0\DR0\Partition1 - ok
03:15:23.0145 5432 ============================================================
03:15:23.0145 5432 Scan finished
03:15:23.0145 5432 ============================================================
03:15:23.0145 5580 Detected object count: 1
03:15:23.0145 5580 Actual detected object count: 1
03:15:36.0249 5580 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
03:15:36.0249 5580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


The aswMBR is in the original post, I can rerun it if you want

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:59 AM

Posted 04 October 2012 - 09:42 AM

Run malwarebytes again and post the new log

Run TDSSkiller and select DELETE

03:15:36.0249 5580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 G Bennett

G Bennett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 05 October 2012 - 12:07 AM

Ok, the winrscmde is no longer showing and the computer seems faster. Here are the latest logs to see if there is anything else that can be removed :)

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jerry :: JERRY-PC [administrator]

Protection: Enabled

10/3/2012 12:15:51 PM
mbam-log-2012-10-03 (12-15-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213529
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4732 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7472076-FF9D-4325-8EAF-613572008758} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


14:08:26.0815 1436 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:08:27.0173 1436 ============================================================
14:08:27.0173 1436 Current date / time: 2012/10/04 14:08:27.0173
14:08:27.0173 1436 SystemInfo:
14:08:27.0173 1436
14:08:27.0173 1436 OS Version: 6.0.6002 ServicePack: 2.0
14:08:27.0173 1436 Product type: Workstation
14:08:27.0173 1436 ComputerName: JERRY-PC
14:08:27.0173 1436 UserName: Jerry
14:08:27.0173 1436 Windows directory: C:\Windows
14:08:27.0173 1436 System windows directory: C:\Windows
14:08:27.0173 1436 Running under WOW64
14:08:27.0173 1436 Processor architecture: Intel x64
14:08:27.0173 1436 Number of processors: 4
14:08:27.0173 1436 Page size: 0x1000
14:08:27.0173 1436 Boot type: Normal boot
14:08:27.0173 1436 ============================================================
14:08:28.0827 1436 BG loaded
14:08:29.0326 1436 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:29.0373 1436 ============================================================
14:08:29.0373 1436 \Device\Harddisk0\DR0:
14:08:29.0373 1436 MBR partitions:
14:08:29.0373 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x729B6800
14:08:29.0373 1436 ============================================================
14:08:29.0404 1436 C: <-> \Device\Harddisk0\DR0\Partition1
14:08:29.0404 1436 ============================================================
14:08:29.0404 1436 Initialize success
14:08:29.0404 1436 ============================================================
14:08:50.0620 0444 ============================================================
14:08:50.0620 0444 Scan started
14:08:50.0620 0444 Mode: Manual; TDLFS;
14:08:50.0620 0444 ============================================================
14:08:51.0556 0444 ================ Scan system memory ========================
14:08:51.0556 0444 System memory - ok
14:08:51.0556 0444 ================ Scan services =============================
14:08:51.0681 0444 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:08:51.0681 0444 ACPI - ok
14:08:51.0790 0444 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
14:08:51.0790 0444 AdobeActiveFileMonitor5.0 - ok
14:08:51.0868 0444 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
14:08:51.0868 0444 AdobeActiveFileMonitor7.0 - ok
14:08:51.0977 0444 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:08:51.0977 0444 AdobeFlashPlayerUpdateSvc - ok
14:08:52.0055 0444 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:08:52.0071 0444 adp94xx - ok
14:08:52.0102 0444 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:08:52.0118 0444 adpahci - ok
14:08:52.0165 0444 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:08:52.0165 0444 adpu160m - ok
14:08:52.0165 0444 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:08:52.0180 0444 adpu320 - ok
14:08:52.0227 0444 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:08:52.0227 0444 AeLookupSvc - ok
14:08:52.0258 0444 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
14:08:52.0274 0444 AFD - ok
14:08:52.0336 0444 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
14:08:52.0336 0444 AgereModemAudio - ok
14:08:52.0367 0444 [ 385471F8147E1BD6A08C031E3AAD3910 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
14:08:52.0383 0444 AgereSoftModem - ok
14:08:52.0445 0444 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:08:52.0445 0444 agp440 - ok
14:08:52.0523 0444 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
14:08:52.0523 0444 ahcix64s - ok
14:08:52.0570 0444 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:08:52.0570 0444 aic78xx - ok
14:08:52.0601 0444 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
14:08:52.0601 0444 ALG - ok
14:08:52.0617 0444 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
14:08:52.0617 0444 aliide - ok
14:08:52.0679 0444 [ 0BDE3222789749571C3D706F0181203D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:08:52.0679 0444 AMD External Events Utility - ok
14:08:52.0757 0444 AMD FUEL Service - ok
14:08:52.0773 0444 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
14:08:52.0773 0444 amdide - ok
14:08:52.0789 0444 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
14:08:52.0789 0444 amdiox64 - ok
14:08:52.0835 0444 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:08:52.0835 0444 AmdK8 - ok
14:08:53.0054 0444 [ 75BBD04F450CE109031A215FD4EC667A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:08:53.0241 0444 amdkmdag - ok
14:08:53.0303 0444 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:08:53.0319 0444 amdkmdap - ok
14:08:53.0381 0444 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
14:08:53.0381 0444 Appinfo - ok
14:08:53.0475 0444 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:08:53.0475 0444 Apple Mobile Device - ok
14:08:53.0491 0444 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
14:08:53.0491 0444 arc - ok
14:08:53.0553 0444 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:08:53.0569 0444 arcsas - ok
14:08:53.0615 0444 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:53.0615 0444 AsyncMac - ok
14:08:53.0615 0444 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
14:08:53.0615 0444 atapi - ok
14:08:53.0881 0444 [ 75BBD04F450CE109031A215FD4EC667A ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:08:53.0990 0444 atikmdag - ok
14:08:54.0005 0444 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:08:54.0005 0444 AtiPcie - ok
14:08:54.0068 0444 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:08:54.0068 0444 AudioEndpointBuilder - ok
14:08:54.0083 0444 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:08:54.0083 0444 AudioSrv - ok
14:08:54.0161 0444 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
14:08:54.0161 0444 BFE - ok
14:08:54.0317 0444 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
14:08:54.0333 0444 BHDrvx64 - ok
14:08:54.0427 0444 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
14:08:54.0442 0444 BITS - ok
14:08:54.0458 0444 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:08:54.0473 0444 blbdrive - ok
14:08:54.0567 0444 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:08:54.0567 0444 Bonjour Service - ok
14:08:54.0598 0444 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:08:54.0598 0444 bowser - ok
14:08:54.0661 0444 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:08:54.0661 0444 BrFiltLo - ok
14:08:54.0676 0444 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:08:54.0676 0444 BrFiltUp - ok
14:08:54.0692 0444 [ 71142FA02068CB93C9319417737C915D ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
14:08:54.0692 0444 Bridge - ok
14:08:54.0723 0444 [ 71142FA02068CB93C9319417737C915D ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:08:54.0723 0444 BridgeMP - ok
14:08:54.0770 0444 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
14:08:54.0770 0444 Browser - ok
14:08:54.0817 0444 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
14:08:54.0817 0444 Brserid - ok
14:08:54.0832 0444 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:08:54.0832 0444 BrSerWdm - ok
14:08:54.0863 0444 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:08:54.0863 0444 BrUsbMdm - ok
14:08:54.0879 0444 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:08:54.0879 0444 BrUsbSer - ok
14:08:54.0910 0444 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:08:54.0910 0444 BTHMODEM - ok
14:08:55.0004 0444 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
14:08:55.0004 0444 ccSet_NIS - ok
14:08:55.0019 0444 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:08:55.0019 0444 cdfs - ok
14:08:55.0082 0444 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:08:55.0082 0444 cdrom - ok
14:08:55.0144 0444 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
14:08:55.0144 0444 CertPropSvc - ok
14:08:55.0175 0444 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:08:55.0175 0444 circlass - ok
14:08:55.0207 0444 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
14:08:55.0207 0444 CLFS - ok
14:08:55.0285 0444 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:55.0285 0444 clr_optimization_v2.0.50727_32 - ok
14:08:55.0300 0444 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:55.0300 0444 clr_optimization_v2.0.50727_64 - ok
14:08:55.0347 0444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:55.0363 0444 clr_optimization_v4.0.30319_32 - ok
14:08:55.0378 0444 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:55.0378 0444 clr_optimization_v4.0.30319_64 - ok
14:08:55.0394 0444 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:08:55.0394 0444 cmdide - ok
14:08:55.0409 0444 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:08:55.0409 0444 Compbatt - ok
14:08:55.0425 0444 COMSysApp - ok
14:08:55.0441 0444 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:08:55.0441 0444 crcdisk - ok
14:08:55.0503 0444 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:08:55.0503 0444 CryptSvc - ok
14:08:55.0581 0444 [ 53C879266EFA8D2FA54B99841392DFAF ] cxpl_mhd C:\Windows\system32\drivers\y_cx88x.sys
14:08:55.0597 0444 cxpl_mhd - ok
14:08:55.0675 0444 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:08:55.0690 0444 DcomLaunch - ok
14:08:55.0706 0444 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:08:55.0721 0444 DfsC - ok
14:08:55.0846 0444 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
14:08:55.0909 0444 DFSR - ok
14:08:55.0955 0444 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:08:55.0955 0444 Dhcp - ok
14:08:55.0987 0444 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
14:08:55.0987 0444 disk - ok
14:08:56.0049 0444 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:08:56.0049 0444 Dnscache - ok
14:08:56.0080 0444 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
14:08:56.0080 0444 dot3svc - ok
14:08:56.0111 0444 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
14:08:56.0111 0444 DPS - ok
14:08:56.0158 0444 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:08:56.0174 0444 drmkaud - ok
14:08:56.0205 0444 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:08:56.0221 0444 DXGKrnl - ok
14:08:56.0283 0444 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:08:56.0283 0444 E1G60 - ok
14:08:56.0330 0444 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
14:08:56.0330 0444 EapHost - ok
14:08:56.0392 0444 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
14:08:56.0392 0444 Ecache - ok
14:08:56.0470 0444 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:08:56.0486 0444 eeCtrl - ok
14:08:56.0517 0444 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:08:56.0517 0444 ehRecvr - ok
14:08:56.0533 0444 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
14:08:56.0533 0444 ehSched - ok
14:08:56.0579 0444 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
14:08:56.0579 0444 ehstart - ok
14:08:56.0611 0444 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:08:56.0626 0444 elxstor - ok
14:08:56.0657 0444 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:08:56.0673 0444 EMDMgmt - ok
14:08:56.0735 0444 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:08:56.0735 0444 EraserUtilRebootDrv - ok
14:08:56.0735 0444 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:08:56.0735 0444 ErrDev - ok
14:08:56.0798 0444 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
14:08:56.0813 0444 EventSystem - ok
14:08:56.0845 0444 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
14:08:56.0845 0444 exfat - ok
14:08:56.0860 0444 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:08:56.0860 0444 fastfat - ok
14:08:56.0876 0444 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:08:56.0876 0444 fdc - ok
14:08:56.0907 0444 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
14:08:56.0907 0444 fdPHost - ok
14:08:56.0923 0444 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
14:08:56.0923 0444 FDResPub - ok
14:08:56.0938 0444 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:08:56.0938 0444 FileInfo - ok
14:08:56.0954 0444 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:08:56.0954 0444 Filetrace - ok
14:08:57.0032 0444 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:08:57.0032 0444 FLEXnet Licensing Service - ok
14:08:57.0047 0444 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:57.0047 0444 flpydisk - ok
14:08:57.0079 0444 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:08:57.0079 0444 FltMgr - ok
14:08:57.0188 0444 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
14:08:57.0203 0444 FontCache - ok
14:08:57.0235 0444 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:57.0235 0444 FontCache3.0.0.0 - ok
14:08:57.0266 0444 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:08:57.0266 0444 Fs_Rec - ok
14:08:57.0297 0444 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:08:57.0297 0444 gagp30kx - ok
14:08:57.0391 0444 [ 4FBCCBDD99A75C9EFBC90392CF32AF61 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
14:08:57.0391 0444 GameConsoleService - ok
14:08:57.0422 0444 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:57.0422 0444 GEARAspiWDM - ok
14:08:57.0453 0444 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
14:08:57.0469 0444 gpsvc - ok
14:08:57.0547 0444 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:57.0547 0444 gupdate - ok
14:08:57.0578 0444 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:57.0578 0444 gupdatem - ok
14:08:57.0640 0444 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:08:57.0640 0444 gusvc - ok
14:08:57.0687 0444 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:08:57.0703 0444 HdAudAddService - ok
14:08:57.0734 0444 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:08:57.0749 0444 HDAudBus - ok
14:08:57.0781 0444 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:08:57.0781 0444 HidBth - ok
14:08:57.0827 0444 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:08:57.0827 0444 HidIr - ok
14:08:57.0843 0444 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
14:08:57.0843 0444 hidserv - ok
14:08:57.0874 0444 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:08:57.0874 0444 HidUsb - ok
14:08:57.0890 0444 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
14:08:57.0890 0444 hkmsvc - ok
14:08:57.0937 0444 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:08:57.0937 0444 HpCISSs - ok
14:08:57.0983 0444 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:08:57.0999 0444 HTTP - ok
14:08:58.0030 0444 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:08:58.0030 0444 i2omp - ok
14:08:58.0077 0444 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:08:58.0077 0444 i8042prt - ok
14:08:58.0108 0444 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:08:58.0108 0444 iaStorV - ok
14:08:58.0186 0444 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:08:58.0202 0444 idsvc - ok
14:08:58.0311 0444 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121003.001\IDSvia64.sys
14:08:58.0327 0444 IDSVia64 - ok
14:08:58.0373 0444 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:08:58.0373 0444 iirsp - ok
14:08:58.0420 0444 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
14:08:58.0420 0444 IKEEXT - ok
14:08:58.0545 0444 [ 88798B4381FD58FAE2DA07880C177C5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:08:58.0607 0444 IntcAzAudAddService - ok
14:08:58.0623 0444 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
14:08:58.0623 0444 intelide - ok
14:08:58.0654 0444 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:08:58.0654 0444 intelppm - ok
14:08:58.0717 0444 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:08:58.0717 0444 IPBusEnum - ok
14:08:58.0732 0444 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:58.0732 0444 IpFilterDriver - ok
14:08:58.0763 0444 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:08:58.0763 0444 iphlpsvc - ok
14:08:58.0763 0444 IpInIp - ok
14:08:58.0795 0444 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:08:58.0795 0444 IPMIDRV - ok
14:08:58.0810 0444 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:08:58.0826 0444 IPNAT - ok
14:08:58.0888 0444 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:08:58.0888 0444 iPod Service - ok
14:08:58.0904 0444 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:08:58.0904 0444 IRENUM - ok
14:08:58.0951 0444 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:08:58.0951 0444 isapnp - ok
14:08:59.0013 0444 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:08:59.0013 0444 iScsiPrt - ok
14:08:59.0044 0444 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:08:59.0044 0444 iteatapi - ok
14:08:59.0075 0444 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:08:59.0075 0444 iteraid - ok
14:08:59.0091 0444 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:59.0091 0444 kbdclass - ok
14:08:59.0122 0444 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:08:59.0122 0444 kbdhid - ok
14:08:59.0138 0444 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
14:08:59.0153 0444 KeyIso - ok
14:08:59.0185 0444 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:08:59.0185 0444 KSecDD - ok
14:08:59.0247 0444 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:08:59.0247 0444 ksthunk - ok
14:08:59.0325 0444 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
14:08:59.0325 0444 KtmRm - ok
14:08:59.0356 0444 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:08:59.0356 0444 LanmanServer - ok
14:08:59.0419 0444 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:08:59.0419 0444 LanmanWorkstation - ok
14:08:59.0434 0444 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:08:59.0434 0444 lltdio - ok
14:08:59.0465 0444 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:08:59.0465 0444 lltdsvc - ok
14:08:59.0497 0444 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:08:59.0497 0444 lmhosts - ok
14:08:59.0543 0444 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:08:59.0543 0444 LSI_FC - ok
14:08:59.0559 0444 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:08:59.0559 0444 LSI_SAS - ok
14:08:59.0575 0444 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:08:59.0575 0444 LSI_SCSI - ok
14:08:59.0606 0444 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
14:08:59.0606 0444 luafv - ok
14:08:59.0653 0444 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:08:59.0653 0444 MBAMProtector - ok
14:08:59.0684 0444 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:08:59.0684 0444 MBAMScheduler - ok
14:08:59.0715 0444 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:08:59.0715 0444 MBAMService - ok
14:08:59.0793 0444 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:08:59.0793 0444 McComponentHostService - ok
14:08:59.0840 0444 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:08:59.0855 0444 Mcx2Svc - ok
14:08:59.0902 0444 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
14:08:59.0902 0444 megasas - ok
14:08:59.0965 0444 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:08:59.0965 0444 MegaSR - ok
14:08:59.0980 0444 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
14:08:59.0980 0444 MMCSS - ok
14:08:59.0996 0444 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
14:08:59.0996 0444 Modem - ok
14:09:00.0011 0444 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:09:00.0027 0444 monitor - ok
14:09:00.0089 0444 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
14:09:00.0105 0444 MotoHelper - ok
14:09:00.0105 0444 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:09:00.0121 0444 mouclass - ok
14:09:00.0167 0444 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:09:00.0167 0444 mouhid - ok
14:09:00.0199 0444 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:09:00.0199 0444 MountMgr - ok
14:09:00.0277 0444 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:00.0277 0444 MozillaMaintenance - ok
14:09:00.0323 0444 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
14:09:00.0323 0444 mpio - ok
14:09:00.0355 0444 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:09:00.0355 0444 mpsdrv - ok
14:09:00.0386 0444 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
14:09:00.0401 0444 MpsSvc - ok
14:09:00.0433 0444 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:09:00.0433 0444 Mraid35x - ok
14:09:00.0464 0444 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:09:00.0464 0444 MRxDAV - ok
14:09:00.0479 0444 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:00.0495 0444 mrxsmb - ok
14:09:00.0511 0444 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:00.0511 0444 mrxsmb10 - ok
14:09:00.0526 0444 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:00.0526 0444 mrxsmb20 - ok
14:09:00.0557 0444 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
14:09:00.0557 0444 msahci - ok
14:09:00.0573 0444 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:09:00.0573 0444 msdsm - ok
14:09:00.0604 0444 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
14:09:00.0604 0444 MSDTC - ok
14:09:00.0635 0444 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:09:00.0635 0444 Msfs - ok
14:09:00.0682 0444 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:09:00.0682 0444 msisadrv - ok
14:09:00.0713 0444 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:09:00.0713 0444 MSiSCSI - ok
14:09:00.0729 0444 msiserver - ok
14:09:00.0776 0444 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:09:00.0776 0444 MSKSSRV - ok
14:09:00.0791 0444 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:00.0791 0444 MSPCLOCK - ok
14:09:00.0823 0444 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:09:00.0823 0444 MSPQM - ok
14:09:00.0854 0444 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:09:00.0869 0444 MsRPC - ok
14:09:00.0869 0444 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:09:00.0869 0444 mssmbios - ok
14:09:00.0885 0444 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:09:00.0885 0444 MSTEE - ok
14:09:00.0901 0444 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
14:09:00.0901 0444 Mup - ok
14:09:00.0932 0444 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
14:09:00.0932 0444 napagent - ok
14:09:00.0994 0444 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:09:00.0994 0444 NativeWifiP - ok
14:09:01.0088 0444 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121003.032\ENG64.SYS
14:09:01.0088 0444 NAVENG - ok
14:09:01.0135 0444 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121003.032\EX64.SYS
14:09:01.0166 0444 NAVEX15 - ok
14:09:01.0228 0444 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:09:01.0244 0444 NDIS - ok
14:09:01.0259 0444 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:01.0259 0444 NdisTapi - ok
14:09:01.0275 0444 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:01.0275 0444 Ndisuio - ok
14:09:01.0291 0444 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:01.0291 0444 NdisWan - ok
14:09:01.0306 0444 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:09:01.0306 0444 NDProxy - ok
14:09:01.0322 0444 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:09:01.0337 0444 NetBIOS - ok
14:09:01.0353 0444 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:09:01.0353 0444 netbt - ok
14:09:01.0369 0444 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
14:09:01.0369 0444 Netlogon - ok
14:09:01.0384 0444 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
14:09:01.0400 0444 Netman - ok
14:09:01.0415 0444 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
14:09:01.0415 0444 netprofm - ok
14:09:01.0462 0444 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:01.0462 0444 NetTcpPortSharing - ok
14:09:01.0493 0444 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:09:01.0493 0444 nfrd960 - ok
14:09:01.0603 0444 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
14:09:01.0603 0444 NIS - ok
14:09:01.0618 0444 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
14:09:01.0634 0444 NlaSvc - ok
14:09:01.0649 0444 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:09:01.0649 0444 Npfs - ok
14:09:01.0665 0444 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
14:09:01.0665 0444 nsi - ok
14:09:01.0681 0444 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:09:01.0681 0444 nsiproxy - ok
14:09:01.0743 0444 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:09:01.0774 0444 Ntfs - ok
14:09:01.0790 0444 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
14:09:01.0790 0444 Null - ok
14:09:01.0805 0444 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:09:01.0805 0444 nvraid - ok
14:09:01.0837 0444 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:09:01.0837 0444 nvstor - ok
14:09:01.0852 0444 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:09:01.0852 0444 nv_agp - ok
14:09:01.0868 0444 NwlnkFlt - ok
14:09:01.0868 0444 NwlnkFwd - ok
14:09:01.0946 0444 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:09:01.0946 0444 odserv - ok
14:09:02.0008 0444 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:09:02.0008 0444 ohci1394 - ok
14:09:02.0024 0444 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:02.0024 0444 ose - ok
14:09:02.0071 0444 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:09:02.0086 0444 p2pimsvc - ok
14:09:02.0102 0444 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
14:09:02.0117 0444 p2psvc - ok
14:09:02.0149 0444 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
14:09:02.0149 0444 Parport - ok
14:09:02.0195 0444 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:09:02.0195 0444 partmgr - ok
14:09:02.0227 0444 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
14:09:02.0242 0444 PcaSvc - ok
14:09:02.0273 0444 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
14:09:02.0273 0444 pci - ok
14:09:02.0320 0444 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
14:09:02.0320 0444 pciide - ok
14:09:02.0351 0444 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:09:02.0367 0444 pcmcia - ok
14:09:02.0383 0444 PCTINDIS5X64 - ok
14:09:02.0429 0444 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:09:02.0429 0444 PEAUTH - ok
14:09:02.0492 0444 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:09:02.0492 0444 PerfHost - ok
14:09:02.0585 0444 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
14:09:02.0617 0444 pla - ok
14:09:02.0648 0444 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:09:02.0648 0444 PlugPlay - ok
14:09:02.0679 0444 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:09:02.0695 0444 PNRPAutoReg - ok
14:09:02.0710 0444 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:09:02.0710 0444 PNRPsvc - ok
14:09:02.0757 0444 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:09:02.0757 0444 PolicyAgent - ok
14:09:02.0788 0444 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:09:02.0788 0444 PptpMiniport - ok
14:09:02.0819 0444 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:09:02.0819 0444 Processor - ok
14:09:02.0835 0444 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
14:09:02.0851 0444 ProfSvc - ok
14:09:02.0851 0444 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:02.0851 0444 ProtectedStorage - ok
14:09:02.0882 0444 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:09:02.0882 0444 PSched - ok
14:09:02.0897 0444 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:09:02.0913 0444 PxHlpa64 - ok
14:09:02.0960 0444 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:09:02.0975 0444 ql2300 - ok
14:09:02.0991 0444 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:09:03.0007 0444 ql40xx - ok
14:09:03.0038 0444 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
14:09:03.0053 0444 QWAVE - ok
14:09:03.0053 0444 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:09:03.0069 0444 QWAVEdrv - ok
14:09:03.0069 0444 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:09:03.0069 0444 RasAcd - ok
14:09:03.0131 0444 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
14:09:03.0131 0444 RasAuto - ok
14:09:03.0163 0444 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:03.0163 0444 Rasl2tp - ok
14:09:03.0163 0444 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
14:09:03.0178 0444 RasMan - ok
14:09:03.0194 0444 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:03.0194 0444 RasPppoe - ok
14:09:03.0209 0444 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:09:03.0209 0444 RasSstp - ok
14:09:03.0241 0444 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:09:03.0241 0444 rdbss - ok
14:09:03.0256 0444 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:03.0272 0444 RDPCDD - ok
14:09:03.0303 0444 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:09:03.0303 0444 rdpdr - ok
14:09:03.0319 0444 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:09:03.0319 0444 RDPENCDD - ok
14:09:03.0365 0444 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:09:03.0365 0444 RDPWD - ok
14:09:03.0397 0444 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:09:03.0397 0444 RemoteAccess - ok
14:09:03.0428 0444 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:09:03.0428 0444 RemoteRegistry - ok
14:09:03.0459 0444 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:09:03.0459 0444 RimVSerPort - ok
14:09:03.0459 0444 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
14:09:03.0459 0444 ROOTMODEM - ok
14:09:03.0475 0444 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
14:09:03.0475 0444 RpcLocator - ok
14:09:03.0506 0444 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
14:09:03.0521 0444 RpcSs - ok
14:09:03.0537 0444 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:09:03.0537 0444 rspndr - ok
14:09:03.0615 0444 [ 67C7695D3B18682ADDF8419EDA4BBFB8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
14:09:03.0615 0444 RTHDMIAzAudService - ok
14:09:03.0631 0444 [ CDE8878421B2CDBDCBA4B267ABAFC8F8 ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys
14:09:03.0646 0444 RTL85n64 - ok
14:09:03.0662 0444 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
14:09:03.0662 0444 SamSs - ok
14:09:03.0693 0444 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:09:03.0693 0444 sbp2port - ok
14:09:03.0724 0444 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:09:03.0724 0444 SCardSvr - ok
14:09:03.0771 0444 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
14:09:03.0787 0444 Schedule - ok
14:09:03.0818 0444 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:09:03.0818 0444 SCPolicySvc - ok
14:09:03.0849 0444 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:09:03.0849 0444 SDRSVC - ok
14:09:03.0865 0444 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:09:03.0865 0444 secdrv - ok
14:09:03.0880 0444 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
14:09:03.0880 0444 seclogon - ok
14:09:03.0896 0444 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
14:09:03.0896 0444 SENS - ok
14:09:03.0911 0444 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:09:03.0911 0444 Serenum - ok
14:09:03.0927 0444 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
14:09:03.0927 0444 Serial - ok
14:09:03.0943 0444 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:09:03.0943 0444 sermouse - ok
14:09:03.0958 0444 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
14:09:03.0974 0444 SessionEnv - ok
14:09:03.0989 0444 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:09:03.0989 0444 sffdisk - ok
14:09:04.0005 0444 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:09:04.0005 0444 sffp_mmc - ok
14:09:04.0005 0444 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:09:04.0005 0444 sffp_sd - ok
14:09:04.0036 0444 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:09:04.0036 0444 sfloppy - ok
14:09:04.0052 0444 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:09:04.0067 0444 SharedAccess - ok
14:09:04.0130 0444 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:04.0130 0444 ShellHWDetection - ok
14:09:04.0145 0444 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:09:04.0145 0444 SiSRaid2 - ok
14:09:04.0177 0444 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:09:04.0177 0444 SiSRaid4 - ok
14:09:04.0255 0444 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
14:09:04.0270 0444 slsvc - ok
14:09:04.0301 0444 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:09:04.0301 0444 SLUINotify - ok
14:09:04.0317 0444 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:09:04.0317 0444 Smb - ok
14:09:04.0348 0444 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:09:04.0348 0444 SNMPTRAP - ok
14:09:04.0364 0444 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
14:09:04.0379 0444 spldr - ok
14:09:04.0411 0444 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
14:09:04.0411 0444 Spooler - ok
14:09:04.0473 0444 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
14:09:04.0489 0444 SRTSP - ok
14:09:04.0504 0444 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
14:09:04.0504 0444 SRTSPX - ok
14:09:04.0551 0444 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
14:09:04.0551 0444 srv - ok
14:09:04.0582 0444 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:09:04.0582 0444 srv2 - ok
14:09:04.0598 0444 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:09:04.0598 0444 srvnet - ok
14:09:04.0629 0444 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:09:04.0629 0444 SSDPSRV - ok
14:09:04.0676 0444 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:09:04.0691 0444 SstpSvc - ok
14:09:04.0738 0444 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:09:04.0738 0444 StillCam - ok
14:09:04.0769 0444 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
14:09:04.0785 0444 stisvc - ok
14:09:04.0847 0444 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:09:04.0847 0444 swenum - ok
14:09:04.0847 0444 swmsflt - ok
14:09:04.0879 0444 [ 6A7174F929B326CBFAE9227AA13652C2 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
14:09:04.0879 0444 SWNC8UA3 - ok
14:09:04.0910 0444 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
14:09:04.0910 0444 swprv - ok
14:09:04.0941 0444 [ 6149B0691BEB390A0BDA3A8E90787FD4 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
14:09:04.0941 0444 SWUMXA3 - ok
14:09:04.0957 0444 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:09:04.0957 0444 Symc8xx - ok
14:09:04.0988 0444 SYMDNS - ok
14:09:05.0066 0444 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
14:09:05.0066 0444 SymDS - ok
14:09:05.0113 0444 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
14:09:05.0128 0444 SymEFA - ok
14:09:05.0159 0444 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:09:05.0159 0444 SymEvent - ok
14:09:05.0175 0444 SYMFW - ok
14:09:05.0237 0444 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
14:09:05.0237 0444 SymIM - ok
14:09:05.0269 0444 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
14:09:05.0269 0444 SymIRON - ok
14:09:05.0284 0444 SYMNDISV - ok
14:09:05.0315 0444 SYMREDRV - ok
14:09:05.0362 0444 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS
14:09:05.0378 0444 SYMTDIv - ok
14:09:05.0393 0444 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:09:05.0393 0444 Sym_hi - ok
14:09:05.0409 0444 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:09:05.0409 0444 Sym_u3 - ok
14:09:05.0456 0444 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
14:09:05.0471 0444 SysMain - ok
14:09:05.0503 0444 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:05.0503 0444 TabletInputService - ok
14:09:05.0518 0444 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:09:05.0534 0444 TapiSrv - ok
14:09:05.0549 0444 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
14:09:05.0549 0444 TBS - ok
14:09:05.0596 0444 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:09:05.0627 0444 Tcpip - ok
14:09:05.0674 0444 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:09:05.0690 0444 Tcpip6 - ok
14:09:05.0705 0444 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:09:05.0705 0444 tcpipreg - ok
14:09:05.0721 0444 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:09:05.0737 0444 TDPIPE - ok
14:09:05.0737 0444 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:09:05.0737 0444 TDTCP - ok
14:09:05.0768 0444 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:09:05.0768 0444 tdx - ok
14:09:05.0768 0444 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:09:05.0768 0444 TermDD - ok
14:09:05.0799 0444 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
14:09:05.0815 0444 TermService - ok
14:09:05.0830 0444 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
14:09:05.0830 0444 Themes - ok
14:09:05.0861 0444 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
14:09:05.0861 0444 THREADORDER - ok
14:09:05.0908 0444 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
14:09:05.0908 0444 TomTomHOMEService - ok
14:09:05.0924 0444 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
14:09:05.0939 0444 TrkWks - ok
14:09:05.0971 0444 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:05.0971 0444 TrustedInstaller - ok
14:09:05.0986 0444 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:05.0986 0444 tssecsrv - ok
14:09:06.0017 0444 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:09:06.0017 0444 tunmp - ok
14:09:06.0064 0444 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:09:06.0064 0444 tunnel - ok
14:09:06.0080 0444 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:09:06.0095 0444 uagp35 - ok
14:09:06.0127 0444 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:09:06.0127 0444 udfs - ok
14:09:06.0158 0444 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:09:06.0158 0444 UI0Detect - ok
14:09:06.0173 0444 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:09:06.0173 0444 uliagpkx - ok
14:09:06.0189 0444 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:09:06.0205 0444 uliahci - ok
14:09:06.0220 0444 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:09:06.0236 0444 UlSata - ok
14:09:06.0267 0444 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:09:06.0267 0444 ulsata2 - ok
14:09:06.0298 0444 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:09:06.0298 0444 umbus - ok
14:09:06.0314 0444 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
14:09:06.0314 0444 UMPass - ok
14:09:06.0329 0444 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
14:09:06.0345 0444 upnphost - ok
14:09:06.0361 0444 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:09:06.0361 0444 USBAAPL64 - ok
14:09:06.0439 0444 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:09:06.0439 0444 usbaudio - ok
14:09:06.0485 0444 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:06.0501 0444 usbccgp - ok
14:09:06.0517 0444 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:09:06.0517 0444 usbcir - ok
14:09:06.0548 0444 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:09:06.0548 0444 usbehci - ok
14:09:06.0563 0444 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:09:06.0563 0444 usbhub - ok
14:09:06.0579 0444 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:09:06.0579 0444 usbohci - ok
14:09:06.0595 0444 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:09:06.0595 0444 usbprint - ok
14:09:06.0610 0444 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:06.0610 0444 USBSTOR - ok
14:09:06.0626 0444 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:09:06.0626 0444 usbuhci - ok
14:09:06.0657 0444 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
14:09:06.0657 0444 UxSms - ok
14:09:06.0673 0444 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
14:09:06.0688 0444 vds - ok
14:09:06.0751 0444 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:06.0751 0444 vga - ok
14:09:06.0751 0444 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:09:06.0766 0444 VgaSave - ok
14:09:06.0782 0444 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
14:09:06.0782 0444 viaide - ok
14:09:06.0797 0444 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:09:06.0797 0444 volmgr - ok
14:09:06.0829 0444 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:09:06.0829 0444 volmgrx - ok
14:09:06.0860 0444 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:09:06.0860 0444 volsnap - ok
14:09:06.0891 0444 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:09:06.0891 0444 vsmraid - ok
14:09:06.0969 0444 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
14:09:06.0985 0444 VSS - ok
14:09:07.0016 0444 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
14:09:07.0016 0444 W32Time - ok
14:09:07.0047 0444 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:09:07.0047 0444 WacomPen - ok
14:09:07.0063 0444 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:09:07.0063 0444 Wanarp - ok
14:09:07.0063 0444 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:09:07.0063 0444 Wanarpv6 - ok
14:09:07.0094 0444 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:09:07.0109 0444 wcncsvc - ok
14:09:07.0125 0444 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:07.0125 0444 WcsPlugInService - ok
14:09:07.0141 0444 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
14:09:07.0141 0444 Wd - ok
14:09:07.0172 0444 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:09:07.0187 0444 Wdf01000 - ok
14:09:07.0203 0444 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:09:07.0203 0444 WdiServiceHost - ok
14:09:07.0219 0444 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:09:07.0219 0444 WdiSystemHost - ok
14:09:07.0250 0444 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
14:09:07.0250 0444 WebClient - ok
14:09:07.0359 0444 [ BA1F739B17583866448566BDBE8B79D3 ] WebOptimizer C:\Windows\system32\dmwu.exe
14:09:07.0375 0444 WebOptimizer - ok
14:09:07.0390 0444 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:09:07.0406 0444 Wecsvc - ok
14:09:07.0421 0444 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:09:07.0421 0444 wercplsupport - ok
14:09:07.0437 0444 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
14:09:07.0453 0444 WerSvc - ok
14:09:07.0453 0444 WinDefend - ok
14:09:07.0468 0444 WinHttpAutoProxySvc - ok
14:09:07.0499 0444 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:09:07.0499 0444 Winmgmt - ok
14:09:07.0562 0444 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
14:09:07.0593 0444 WinRM - ok
14:09:07.0671 0444 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:09:07.0687 0444 Wlansvc - ok
14:09:07.0718 0444 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:09:07.0718 0444 WmiAcpi - ok
14:09:07.0749 0444 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:09:07.0749 0444 wmiApSrv - ok
14:09:07.0765 0444 WMPNetworkSvc - ok
14:09:07.0796 0444 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:09:07.0796 0444 WPCSvc - ok
14:09:07.0827 0444 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:09:07.0843 0444 WPDBusEnum - ok
14:09:07.0921 0444 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:09:07.0936 0444 WPFFontCache_v0400 - ok
14:09:07.0967 0444 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:09:07.0967 0444 ws2ifsl - ok
14:09:07.0983 0444 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
14:09:07.0983 0444 wscsvc - ok
14:09:08.0045 0444 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:09:08.0045 0444 WSDPrintDevice - ok
14:09:08.0061 0444 WSearch - ok
14:09:08.0139 0444 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:09:08.0170 0444 wuauserv - ok
14:09:08.0233 0444 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:08.0233 0444 WUDFRd - ok
14:09:08.0248 0444 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:09:08.0264 0444 wudfsvc - ok
14:09:08.0295 0444 [ D433F6726A727B0528F6E39F423FE1FD ] yksvc C:\Windows\System32\ykx64mpcoinst.dll
14:09:08.0311 0444 yksvc - ok
14:09:08.0357 0444 [ D34FAA40D8AF3DB716E67DE203EF62CA ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
14:09:08.0357 0444 yukonx64 - ok
14:09:08.0389 0444 ================ Scan global ===============================
14:09:08.0420 0444 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:09:08.0451 0444 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:09:08.0467 0444 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:09:08.0498 0444 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
14:09:08.0513 0444 [Global] - ok
14:09:08.0513 0444 ================ Scan MBR ==================================
14:09:08.0513 0444 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
14:09:11.0805 0444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:09:11.0805 0444 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:09:11.0805 0444 ================ Scan VBR ==================================
14:09:11.0836 0444 [ ECE26814405869B69FD7FC065969203C ] \Device\Harddisk0\DR0\Partition1
14:09:11.0836 0444 \Device\Harddisk0\DR0\Partition1 - ok
14:09:11.0836 0444 ============================================================
14:09:11.0836 0444 Scan finished
14:09:11.0836 0444 ============================================================
14:09:11.0867 5592 Detected object count: 1
14:09:11.0867 5592 Actual detected object count: 1
14:09:23.0068 5592 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:09:23.0068 5592 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:09:23.0162 5592 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:09:23.0224 5592 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:09:23.0411 5592 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:09:23.0521 5592 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:09:23.0521 5592 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:09:23.0521 5592 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:09:23.0552 5592 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:09:23.0567 5592 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:09:23.0614 5592 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:09:23.0614 5592 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:09:23.0645 5592 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:09:23.0661 5592 \Device\Harddisk0\DR0\TDLFS - deleted
14:09:23.0661 5592 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


# AdwCleaner v2.003 - Logfile created 10/04/2012 at 14:13:08
# Updated 23/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Jerry - JERRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH3U8FBJ\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\FreeCause
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\HyperCam Toolbar
Deleted on reboot : C:\Program Files (x86)\IncrediMail_MediaBar_2
Deleted on reboot : C:\Program Files (x86)\IncrediMail_MediaBar_2
Deleted on reboot : C:\Program Files\Babylon
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\Jerry\AppData\Local\Conduit
Deleted on reboot : C:\Users\Jerry\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Jerry\AppData\LocalLow\IncrediMail_MediaBar_2
Deleted on reboot : C:\Users\Jerry\AppData\LocalLow\IncrediMail_MediaBar_2
Deleted on reboot : C:\Users\Jerry\AppData\LocalLow\Toolbar4
Deleted on reboot : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\6fn8jui3.default\Conduit
Deleted on reboot : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\6fn8jui3.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Deleted on reboot : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\6fn8jui3.default\FCTB
File Deleted : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\6fn8jui3.default\searchplugins\MyStart Search.xml
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IncrediMail_MediaBar_2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.FCTB000059099Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.FCTB000059099Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.IEToolbar.3
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000059099.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000059099
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\IncrediMail_MediaBar_2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42C76730-0E8D-42D2-9877-5DEBE29023B9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{42C76730-0E8D-42D2-9877-5DEBE29023B9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7560D640-8FD2-4F1B-95F7-F0A0ABBB976B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=JSxdm002YYus&ptb=02C1634A-4F84-4BD1-A610-44B5187A016E --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\6fn8jui3.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Deleted : user_pref("browser.search.selectedEngine", "My Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=02C1634A-4F84-4BD[...]
Deleted : user_pref("extensions.DictionaryBoss.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Deleted : user_pref("extensions.toolbar.mindspark._5eMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.2808538.KeywordHistory", "martini%7C");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 30);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 30);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1349000255626");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "hxxp%3A//mystart.incr[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "My%20Web%20Search");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", false);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.revision", "37");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", true);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "3DD754F78BAFFB15755223749F35B8532731[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "71951653");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "f9841952980904f7c907714019f0caefee2[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar")[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", false);
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=02C1634A[...]
Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{8CB3222D-51D7-374C-[...]

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17653 octets] - [04/10/2012 14:12:29]
AdwCleaner[S1].txt - [16937 octets] - [04/10/2012 14:13:08]

########## EOF - C:\AdwCleaner[S1].txt - [16998 octets] ##########


Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.3 (10.03.2012)
OS: Windows ™ Vista Home Premium x64
Ran by Jerry on Thu 10/04/2012 at 14:39:31.33
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{6536801b-f50c-449b-9476-093dfd3789e3}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{6536801b-f50c-449b-9476-093dfd3789e3}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\wow6432node\appid\{6536801b-f50c-449b-9476-093dfd3789e3}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\classes\appid\{6536801b-f50c-449b-9476-093dfd3789e3}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_classes_root\appid\babylonhelper.exe"
Successfully deleted: [KEY] "hkey_current_user\software\im"
Successfully deleted: [KEY] "hkey_current_user\software\iminstaller"
Successfully deleted: [KEY] "hkey_current_user\software\incredimail"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\classes\appid\babylonhelper.exe"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\classes\wow6432node\appid\babylonhelper.exe"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\wow6432node\classes\appid\babylonhelper.exe"



*** Files:

Failed to delete: [FILE-LOCKED!] C:\eula.1028.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1031.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1033.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1036.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1040.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1041.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1042.txt
Failed to delete: [FILE-LOCKED!] C:\eula.2052.txt
Failed to delete: [FILE-LOCKED!] C:\install.res.1028.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1031.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1033.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1036.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1040.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1041.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1042.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.2052.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired

Trojan:Win32/Tracur.AV Detected!
Successfully deleted: arrtiqbidj@arrtiqbidj.org.xpi
Removed the following from [PREFS.JS] :

user_pref("extensions.DictionaryBoss.prevKwdURL", "http://mystart.incredimail.com/?loc=ff_address_bar&a=DgVgOw3imI&search=");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 10/04/2012 at 14:39:32.59
End of Report



Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/05/2012 12:45:33 AM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\CNYHKey.exe (PID: 2572) [WD-HEUR]
* C:\Windows\MHotkey.exe (PID: 2768) [WD-HEUR]
* C:\Windows\ModLedKey.exe (PID: 2776) [WD-HEUR]
* C:\Windows\ChiFuncExt.exe (PID: 1032) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Jerry\Desktop\rkill\rkill-10-05-2012-12-45-38.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/05/2012 12:45:48 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)


Really liked some of those :)

The autorun to display the log wants me to select the character set and no matter which one I try there are all kinds of symbols mixed in with the text making it unreadable. Downloaded it twice but cant get a readable log.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:59 AM

Posted 05 October 2012 - 05:12 AM

Run malwarebytes once again and post the clean log

Right click on JUNKWARE tool-run as administrator and post the new log

The autorun to display the log wants me to select the character set and no matter which one I try there are all kinds of symbols mixed in with the text making it unreadable. Downloaded it twice but cant get a readable log.



You have to save it as text file

Filename:Autoruns.txt
Save as :Text

#7 G Bennett

G Bennett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 05 October 2012 - 12:28 PM

Here's malware

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jerry :: JERRY-PC [administrator]

Protection: Enabled

10/5/2012 1:14:11 PM
mbam-log-2012-10-05 (13-14-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212728
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The autorun was saved as a text file. for some reason open office didnt like it but it is readable with notepad so here it is

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "CanonSolutionMenu" "CNSLMAIN" "CANON INC." "c:\program files (x86)\canon\solutionmenu\cnslmain.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "CLMLServer" "CyberLink MediaLibray Service" "CyberLink" "c:\program files (x86)\cyberlink\power2go\clmlsvc.exe"
+ "Gateway Photo Frame" "ButtonMonitor" "IOI" "c:\program files (x86)\gateway photo frame\buttonmonitor.exe"
+ "IJNetworkScanUtility" "Canon IJ Network Scan Utility" "CANON INC." "c:\program files (x86)\canon\canon ij network scan utility\cnmnsut.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "LchDrvKey" "" "" "c:\windows\lchdrvkey.exe"
+ "LedKey" "Creative Multimedia Driver" "Creative" "c:\windows\cnyhkey.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
"C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "" "" "c:\users\jerry\appdata\roaming\microsoft\windows\start menu\programs\startup\dropbox.lnk"
+ "OpenOffice.org 3.2.lnk" "" "" "c:\program files (x86)\openoffice.org 3\program\quickstart.exe"
+ "YoWindow.lnk" "YoWindow!" "Repkasoft" "c:\program files (x86)\yowindow\yowindow.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\jerry\appdata\local\google\update\googleupdate.exe"
+ "ISUSPM" "Macrovision Software Manager" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\updateservice\isuspm.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "UltraCompare" "UC Shell Extension Module" "" "c:\program files (x86)\idm computer solutions\ultracompare\uc_shellext07x64.dll"
+ "UltraEdit" "Shell Extension DLL" "" "c:\program files (x86)\idm computer solutions\ultraedit\ue64ctmn.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "_MovaviSuite10" "Context Menu" "Movavi" "c:\program files (x86)\movavi video suite 10\vccontext.dll"
+ "_Movavivc11" "Context Menu" "Movavi" "c:\program files (x86)\movavi video converter 11\vccontext.dll"
+ "SmartFTP" "SmartFTP Shell Tools" "SmartSoft Ltd" "c:\program files\smartftp client\sfshelltools.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\19.9.0.9\navshext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SmartFTP" "SmartFTP Shell Tools" "SmartSoft Ltd" "c:\program files\smartftp client\sfshelltools.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "SmartFTP Drop Handler" "SmartFTP Shell Tools" "SmartSoft Ltd" "c:\program files\smartftp client\sfshelltools.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "_MovaviSuite10" "Context Menu" "Movavi" "c:\program files (x86)\movavi video suite 10\vccontext.dll"
+ "_Movavivc11" "Context Menu" "Movavi" "c:\program files (x86)\movavi video converter 11\vccontext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\19.9.0.9\navshext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "SmartFTP Drop Handler" "SmartFTP Shell Tools" "SmartSoft Ltd" "c:\program files\smartftp client\sfshelltools.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "SmartFTP Drop" "SmartFTP Shell Tools" "SmartSoft Ltd" "c:\program files\smartftp client\sfshelltools.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jerry\appdata\roaming\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Freecause Toolbar BHO" "FreeCause Toolbar" "" "c:\program files (x86)\pirates - fb\toolbar.dll"
+ "Google Dictionary Compression sdch" "Fast Search" "Google Inc." "c:\program files (x86)\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.3.4501.1418\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\ips\ipsbho.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\program files (x86)\real\realplayer\rpbrowserrecordplugin.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "{724d43a9-0d85-11d4-9908-00400523e39a}" "RoboForm Main Module" "Siber Systems Inc." "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&RoboForm" "RoboForm Main Module" "Siber Systems Inc." "c:\program files (x86)\siber systems\ai roboform\roboform.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\coieplg.dll"
+ "Pirates - FB" "FreeCause Toolbar" "" "c:\program files (x86)\pirates - fb\toolbar.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Fill Forms" "" "" "c:\program files (x86)\siber systems\ai roboform\roboformcomfillforms.html"
+ "ieSpell" "" "" "File not found: C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM"
+ "ieSpell Options" "" "" "File not found: C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM"
+ "RoboForm Toolbar" "" "" "c:\program files (x86)\siber systems\ai roboform\roboformcomshowtoolbar.html"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Save Forms" "" "" "c:\program files (x86)\siber systems\ai roboform\roboformcomsavepass.html"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Dr. CleanUp" "Dr. CleanUp" "Incredimail Ltd." "c:\program files (x86)\drcleanup\drcleanup.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2785330956-1619301387-3761831078-1000Core" "Google Installer" "Google Inc." "c:\users\jerry\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2785330956-1619301387-3761831078-1000UA" "Google Installer" "Google Inc." "c:\users\jerry\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\Norton Internet Security\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\symerr.exe"
+ "\ParetoLogic Registration3" "ParetoLogic Update Component" "" "c:\program files (x86)\common files\paretologic\uus3\uus3.dll"
+ "\ParetoLogic Update Version3" "ParetoLogic Update Application" "ParetoLogic Inc." "c:\program files (x86)\common files\paretologic\uus3\pareto_update3.exe"
+ "\PC Health Advisor" "ParetoLogic PC Health Advisor" "ParetoLogic, Inc." "c:\program files (x86)\paretologic\pcha\pcha.exe"
+ "\PC Health Advisor Defrag" "ParetoLogic PC Health Advisor" "ParetoLogic, Inc." "c:\program files (x86)\paretologic\pcha\pcha.exe"
+ "\Run RoboForm TaskBar Icon" "RoboForm TaskBar Icon" "Siber Systems" "c:\program files (x86)\siber systems\ai roboform\robotaskbaricon.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeActiveFileMonitor5.0" "Tracks files that are managed by Adobe Photoshop Elements" "" "c:\program files (x86)\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe"
+ "AdobeActiveFileMonitor7.0" "Tracks files that are managed by Adobe Photoshop Elements" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agr64svc.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\gateway games\gateway game console\gameconsoleservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.0.181\mcchsvc.exe"
+ "MotoHelper" "MotoHelper Service" "" "c:\program files (x86)\motorola\motohelper\motohelperservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "NIS" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\19.9.0.9\ccsvchst.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "TomTomHOMEService" "TomTom Home Service for ejecting devices" "TomTom" "c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe"
+ "WebOptimizer" "" "" "c:\windows\system32\dmwu.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "yksvc" "Service for Marvell® Yukon® Network Adapters" "Marvell" "c:\windows\system32\ykx64mpcoinst.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm64.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "ATI PCIE Driver for ATI PCIE chipset" "ATI Technologies Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\bashdefs\20120928.001\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_NIS" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\ccsetx64.sys"
+ "cxpl_mhd" "Conexant CX23888 AVStream Video Capture Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\y_cx88x.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\ipsdefs\20121003.001\idsvia64.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\virusdefs\20121003.032\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\virusdefs\20121003.032\ex64.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PCTINDIS5X64" "" "" "File not found: C:\Windows\system32\PCTINDIS5X64.SYS"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "RimVSerPort" "RIM Virtual Serial Driver" "Research in Motion Ltd" "c:\windows\system32\drivers\rimserial_amd64.sys"
+ "RTHDMIAzAudService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rthdmivx.sys"
+ "RTL85n64" "Realtek 8180/8185 Wireless Device" "Realtek" "c:\windows\system32\drivers\rtl85n64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\srtspx64.sys"
+ "swmsflt" "" "" "File not found: system32\DRIVERS\swmsflt.sys"
+ "SWNC8UA3" "Sierra Wireless NDIS Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swnc8ua3.sys"
+ "SWUMXA3" "Sierra Wireless USB MUX Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swumxa3.sys"
+ "SYMDNS" "" "" "File not found: C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\symds64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SYMFW" "" "" "File not found: C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMFW.SYS"
+ "SymIM" "Symantec Network Security Intermediate Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symimv.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\ironx64.sys"
+ "SYMNDISV" "" "" "File not found: C:\Windows\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS"
+ "SYMREDRV" "" "" "File not found: C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS"
+ "SYMTDIv" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1309000.009\symtdiv.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "yukonx64" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "VIDC.XVID" "" "" "File not found: xvidvfw.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.dvsd" "DV Video for Windows Driver" "Matsubleepa Electric Industrial Co., Ltd." "c:\windows\syswow64\pdvcodec.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\windows\system32\clvidencmce.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "Imagic 4.0 Image Source Filter" "" "" "c:\program files (x86)\movavi\movavi photo suite\fitlibs40.dll"
+ "IMAGIC Fast Video Resizer" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Movie Source Filter" "Quick Time Source Filter" "STOIK Imaging" "c:\program files (x86)\common files\st system shared\moviesource.ax"
+ "MPC - Matroska Source" "Matroska Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\matroskasplitter.ax"
+ "MPC - Matroska Splitter" "Matroska Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\matroskasplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\mp4splitter.ax"
+ "MPC - MPA Decoder Filter" "Mpeg Audio Decoder for DirectShow, based on libmad" "Gabest" "c:\program files (x86)\common files\st system shared\mpadecfilter.ax"
+ "MPC - Mpa Splitter" "Mpa Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\mpasplitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files (x86)\common files\st system shared\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files (x86)\common files\st system shared\mpegsplitter.ax"
+ "MPC - MPEG-2 Video Decoder (Gabest)" "MPEG-2 Decoder Filter for DirectShow" "Gabest" "c:\program files (x86)\common files\st system shared\mpeg2decfilter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\mp4splitter.ax"
+ "MPC - Video decoder" "H.264/VC-1 DXVA video decoder" "MPC-HC Team" "c:\program files (x86)\common files\st system shared\mpcvideodec.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecx.ax"
+ "Multi visual effects" "" "" "c:\program files (x86)\movavi\movavi photo suite\fitlibs40.dll"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files (x86)\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "ST MPEG Writer Filter (NTSC)" "" "" "c:\program files (x86)\common files\st system shared\stmpegwriter.dll"
+ "ST MPEG Writer Filter (PAL)" "" "" "c:\program files (x86)\common files\st system shared\stmpegwriter.dll"
+ "STCMN Audio channel mixer" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Audio Compressor Filter" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Frame Rate Converter" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Interlace Mode Checker" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Smart Source" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Video Analizer Filter" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Video Header Adapter" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "STCMN Video Resizer" "" "" "c:\program files (x86)\common files\st system shared\stcmnvidlib.dll"
+ "Stoik Imagic 5.0 Device Video" "" "" "c:\program files (x86)\movavi\movavi photo suite\stcmncamexp.dll"
+ "Track1Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 5.0\track1filter.dll"
+ "Track1Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 7.0\track1filter.dll"
+ "Track2Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 7.0\track2filter.dll"
+ "Track2Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 5.0\track2filter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\Windows\yowindow.scr" "YoWindow screensaver" "repkasoft" "c:\windows\yowindow.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MP620 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm9d.dll"
+ "Canon BJNP Port" "Canon IJ Network 64bit comm Module" "CANON INC." "c:\windows\system32\cnmn6ppm.dll"
"C:\Users\Jerry\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Norton Internet Security" "Protect your computer against viruses, spyware, and Internet threats." "Symantec Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\en-US\Gadget.xml"


Running junkware now, if it finishesd before I have to leave for work I'll add it or after I get home.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:59 AM

Posted 05 October 2012 - 12:37 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 G Bennett

G Bennett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 05 October 2012 - 01:06 PM

Here is the junkware log

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.5 (10.05.2012)
OS: Windows ™ Vista Home Premium x64
Ran by Jerry on Fri 10/05/2012 at 13:56:17.55
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_classes_root\appid\{6536801b-f50c-449b-9476-093dfd3789e3}
Successfully deleted: [KEY] "hkey_classes_root\appid\babylonhelper.exe"



*** Files:

Successfully deleted: [FILE] C:\eula.1028.txt
Successfully deleted: [FILE] C:\eula.1031.txt
Successfully deleted: [FILE] C:\eula.1033.txt
Successfully deleted: [FILE] C:\eula.1036.txt
Successfully deleted: [FILE] C:\eula.1040.txt
Successfully deleted: [FILE] C:\eula.1041.txt
Successfully deleted: [FILE] C:\eula.1042.txt
Successfully deleted: [FILE] C:\eula.2052.txt
Successfully deleted: [FILE] C:\install.res.1028.dll
Successfully deleted: [FILE] C:\install.res.1031.dll
Successfully deleted: [FILE] C:\install.res.1033.dll
Successfully deleted: [FILE] C:\install.res.1036.dll
Successfully deleted: [FILE] C:\install.res.1040.dll
Successfully deleted: [FILE] C:\install.res.1041.dll
Successfully deleted: [FILE] C:\install.res.1042.dll
Successfully deleted: [FILE] C:\install.res.2052.dll
Successfully deleted: [FILE] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 10/05/2012 at 13:56:25.07
End of Report


I have to leave for work in 15 minutes so will run and read these others when i get home. I appreciate all the help you have provided !! I use Norton but am not all that impressed with it as I see it in a lot of logs that people still get infected and Norton doesnt catch it, the updates are automatic so it stays current.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users