Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seem to have browser redirect malware/virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 TaylorMonkey

TaylorMonkey

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 13 October 2012 - 03:52 AM

Hello. I seem to have some sort of browser redirect virus or malware. It only happens occasionally but going to familiar sites takes me to strange ones, but the original site loads if I try again. Here are my logs.

DDS
------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16443 BrowserJavaVersion: 10.7.2
Run by Albert at 1:30:11 on 2012-10-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.2420 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
D:\Program Files (x86)\EVEMon\EVEMon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Albert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Albert\AppData\Local\Audiogalaxy\Audiogalaxy.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [EVEMon] "D:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Spotify Web Helper] "C:\Users\Albert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge]
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Albert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Albert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPHON~1.LNK - C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
StartupFolder: C:\Users\Albert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: Interfaces\{219A23FE-376B-483E-9903-38E3F4EA38C9} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{FBB473DD-4346-476E-A800-AB6CF6AD9E0D} : NameServer = 172.26.38.1,172.26.38.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\system32\drivers\SMR311.SYS --> C:\Windows\system32\drivers\SMR311.SYS [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-2 1385120]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121012.001\IDSviA64.sys [2012-10-12 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-2-20 3450832]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-14 1258856]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-8-28 598032]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-5-12 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-5-12 567672]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2012-4-10 2169056]
R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-11-20 96896]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-18 138912]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TmBusEn;Thrustmaster Bus Enumerator;C:\Windows\System32\drivers\TmBusEn.sys [2011-6-24 30208]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-12 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-31 250808]
S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-3 135584]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-12 136176]
S3 hidkmdf;KMDF Driver;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\system32\DRIVERS\rcblan.sys --> C:\Windows\system32\DRIVERS\rcblan.sys [?]
S3 tmbulk;Thrustmaster HOTAS WARTHOG Bulk (tmbulk);C:\Windows\system32\Drivers\tmbulk.sys --> C:\Windows\system32\Drivers\tmbulk.sys [?]
S3 TmFilter;Thrustmaster HID Filter Driver;C:\Windows\System32\drivers\TmFilter.sys [2011-6-24 24576]
S3 TmHid;Thrustmaster Virtual Keyboard (root);C:\Windows\System32\drivers\TmHid.sys [2011-6-24 24704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\system32\DRIVERS\wachidrouter.sys --> C:\Windows\system32\DRIVERS\wachidrouter.sys [?]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\system32\DRIVERS\wacomrouterfilter.sys --> C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\RealTemp\WinRing0x64.sys [2010-7-16 14544]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
.scr=SageThumbsImage.scr
.
=============== Created Last 30 ================
.
2012-10-13 08:18:35 -------- d-s---w- C:\ComboFix
2012-10-13 07:56:35 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS
2012-10-12 18:28:08 -------- d-----w- C:\Windows\rescache
2012-10-06 04:46:43 -------- d-----w- C:\temp
2012-10-04 05:18:03 -------- d-----w- C:\Program Files (x86)\Audacity
2012-09-29 09:11:45 -------- d-----w- C:\ProgramData\MediaBrowser - Copy
2012-09-28 10:07:56 381440 ----a-w- C:\Windows\System32\mfds.dll.bak
2012-09-28 10:07:31 580096 ----a-w- C:\Windows\System32\ac3filter.acm
2012-09-28 10:07:31 4408832 ----a-w- C:\Windows\System32\x264vfw.dll
2012-09-28 10:07:31 361472 ----a-w- C:\Windows\System32\aacacm.acm
2012-09-28 10:07:31 206336 ----a-w- C:\Windows\System32\unrar.dll
2012-09-28 10:07:31 180736 ----a-w- C:\Windows\System32\ac3acm.acm
2012-09-28 10:07:31 148992 ----a-w- C:\Windows\System32\lagarith.dll
2012-09-28 10:07:31 1416704 ----a-w- C:\Windows\System32\VSFilter.dll
2012-09-28 10:07:31 137216 ----a-w- C:\Windows\System32\mlc.dll
2012-09-28 10:07:31 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-09-28 10:07:31 124909 ----a-w- C:\Windows\System32\pthreadGC2.dll
2012-09-28 10:02:48 296448 ----a-w- C:\Windows\SysWow64\mfds.dll.bak
2012-09-28 10:01:46 -------- d-----w- C:\Users\Albert\AppData\Roaming\Win7codecs
2012-09-28 09:59:30 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 09:51:05 415744 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
2012-09-28 09:51:05 241152 ----a-w- C:\Windows\SysWow64\MPG4DECD.DLL
2012-09-28 09:51:05 241152 ----a-w- C:\Windows\SysWow64\MP43DECD.DLL
2012-09-28 09:50:30 653824 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2012-09-28 09:50:30 224256 ----a-w- C:\Windows\System32\MPG4DECD.DLL
2012-09-28 09:50:30 223744 ----a-w- C:\Windows\System32\MP43DECD.DLL
2012-09-25 18:33:02 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-16 10:12:47 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-16 10:12:32 -------- d-----w- C:\Program Files\iPod
2012-09-16 10:12:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-16 10:12:31 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2012-10-09 12:05:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 12:05:08 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-28 09:59:26 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-28 09:59:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-26 11:21:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-26 11:21:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-06 16:57:26 4399616 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-28 22:32:58 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-12 12:59:30 1370624 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-21 22:54:12 122880 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-07-21 22:53:32 294912 ----a-w- C:\Windows\SysWow64\AACACM.acm
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:30:33.20 ===============



GMER
-----

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-13 01:43:06
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272d4219f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0x18 0x7C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0x8C 0xF8 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xC5 0xF7 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272d4219f
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xA4 0xC0 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0x8C 0xF8 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xC5 0xF7 0x82 ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\000272d4219f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0xA4 0xC0 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0x8C 0xF8 0x5C ...
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0xC5 0xF7 0x82 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRAF5JV\ros[1].htm 0 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WYRAF5JV\redirect[1].gif 42 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XLQ8Z88\ros[2].htm 0 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\716EFWZC\data_sync[1].htm 0 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\716EFWZC\ros[3].htm 0 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7J91YLBE\data_sync[1].htm 0 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7J91YLBE\data_sync[2].htm 0 bytes
File C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7J91YLBE\nba-2k[1].htm 198898 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7H3N7O5.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\80WNDAU8.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\7H8I5PMU.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\RH2JR668.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ708ZOI.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\WZJSG13Y.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOLA4P1Z.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBI031QO.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBVZ2ITB.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\R7IVKEJL.txt 0 bytes
File C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Cookies\Low\82NUQM2J.txt 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks for any help you can provide!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 13 October 2012 - 06:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TaylorMonkey

TaylorMonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 14 October 2012 - 12:46 AM

Security Check
------------------

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 41% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


AdwCleaner
--------------------

# AdwCleaner v2.004 - Logfile created 10/13/2012 at 22:39:20
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Albert - SHARON
# Boot Mode : Normal
# Running from : C:\Users\Albert\AppData\Local\Temp\amlqy6l4.tmp\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Albert\AppData\Local\APN

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16443

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1255 octets] - [13/10/2012 22:39:20]

########## EOF - C:\AdwCleaner[S1].txt - [1315 octets] ##########



RogueKiller
------------------

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Albert [Admin rights]
Mode : Remove -- Date : 10/13/2012 22:43:50

Bad processes : 0

Registry Entries : 10
[TASK][SUSP PATH] {9778C01A-BCE0-4B42-8CF7-70063E861B83} : C:\Windows\system32\pcalua.exe -a "C:\Users\Albert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VZGWDZR\AdobeAIRInstaller[1].exe" -d C:\Users\Albert\Desktop -> DELETED
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{219A23FE-376B-483E-9903-38E3F4EA38C9} : NameServer (75.75.75.75,75.75.76.76) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{219A23FE-376B-483E-9903-38E3F4EA38C9} : NameServer (75.75.75.75,75.75.76.76) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{FBB473DD-4346-476E-A800-AB6CF6AD9E0D} : NameServer (172.26.38.1,172.26.38.2) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: INTEL SSDSA2M080G2GC +++++
--- User ---
[MBR] 8e0aae358f6c122bdfbf1757079c1504
[BSP] 3cb5e0bca2c4a62777d2540e76bf94da : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: RAID0 Volume +++++
--- User ---
[MBR] 1c2633a9a71ce4bd614fe0644a80ce83
[BSP] abcf1aef61ca08c7edfede7ae68b5a53 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953872 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 14 October 2012 - 12:48 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TaylorMonkey

TaylorMonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 14 October 2012 - 01:28 AM

Computer seems to be doing better but too early to tell as redirects are intermittent.


ComboFix 12-10-13.04 - Albert 10/13/2012 23:00:21.11.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3608 [GMT -7:00]
Running from: c:\users\Albert\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Albert\AppData\Local\Temp\sfamcc00001.dll
c:\users\Albert\AppData\Local\Temp\sfamcc00002.dll
c:\users\Albert\AppData\Local\Temp\sfareca00001.dll
c:\users\Albert\AppData\Local\Temp\sfareca00002.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 06:04 . 2012-10-14 06:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-14 06:04 . 2012-10-14 06:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-14 06:04 . 2012-10-14 06:04 -------- d-----w- c:\users\Mcx1-SHARON\AppData\Local\temp
2012-10-14 06:04 . 2012-10-14 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 07:56 . 2012-10-13 07:56 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-10-12 18:28 . 2012-10-12 18:28 -------- d-----w- c:\windows\rescache
2012-10-06 04:46 . 2012-10-06 04:46 -------- d-----w- C:\temp
2012-10-04 05:18 . 2012-10-04 05:18 -------- d-----w- c:\program files (x86)\Audacity
2012-09-29 09:11 . 2012-09-29 09:12 -------- d-----w- c:\programdata\MediaBrowser - Copy
2012-09-28 10:07 . 2010-11-20 13:26 381440 ----a-w- c:\windows\system32\mfds.dll.bak
2012-09-28 10:07 . 2012-09-06 16:53 4408832 ----a-w- c:\windows\system32\x264vfw.dll
2012-09-28 10:07 . 2012-08-17 18:00 1416704 ----a-w- c:\windows\system32\VSFilter.dll
2012-09-28 10:07 . 2012-07-21 19:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2012-09-28 10:07 . 2012-07-21 19:54 361472 ----a-w- c:\windows\system32\aacacm.acm
2012-09-28 10:07 . 2012-07-03 03:31 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2012-09-28 10:07 . 2012-06-10 02:21 206336 ----a-w- c:\windows\system32\unrar.dll
2012-09-28 10:07 . 2012-05-26 20:45 137216 ----a-w- c:\windows\system32\mlc.dll
2012-09-28 10:07 . 2011-12-08 03:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2012-09-28 10:07 . 2009-08-12 01:22 580096 ----a-w- c:\windows\system32\ac3filter.acm
2012-09-28 10:07 . 2009-01-23 05:51 124909 ----a-w- c:\windows\system32\pthreadGC2.dll
2012-09-28 10:02 . 2010-11-20 12:19 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak
2012-09-28 10:01 . 2012-09-28 10:02 -------- d-----w- c:\users\Albert\AppData\Roaming\Win7codecs
2012-09-28 10:00 . 2012-09-28 10:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-28 09:59 . 2012-09-28 09:59 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 09:51 . 2009-07-14 01:15 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2012-09-28 09:51 . 2009-07-14 01:15 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2012-09-28 09:51 . 2009-07-14 01:15 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2012-09-28 09:50 . 2009-07-14 01:41 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-09-28 09:50 . 2009-07-14 01:41 224256 ----a-w- c:\windows\system32\MPG4DECD.DLL
2012-09-28 09:50 . 2009-07-14 01:41 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2012-09-25 18:33 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-16 10:12 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 10:12 . 2012-09-16 10:12 -------- d-----w- c:\program files\iPod
2012-09-16 10:12 . 2012-09-16 10:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-16 10:12 . 2012-09-16 10:12 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 10:01 . 2010-07-09 21:09 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 12:05 . 2011-12-31 13:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 12:05 . 2011-03-12 04:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 03:13 . 2010-09-29 10:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-10-03 03:12 . 2010-07-11 08:30 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-03 03:11 . 2010-07-11 08:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-03 03:10 . 2010-07-11 08:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-28 10:28 . 2010-07-11 08:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-28 10:27 . 2010-09-29 10:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-28 10:26 . 2010-09-29 10:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-28 10:26 . 2010-12-09 15:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-28 09:59 . 2012-06-18 10:12 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 09:59 . 2010-09-13 09:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-26 11:21 . 2011-10-27 07:54 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-26 11:21 . 2010-07-12 08:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-26 10:02 . 2011-01-03 07:18 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-06 16:57 . 2012-09-06 16:57 4399616 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-08-30 19:14 . 2012-06-19 08:56 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-06-19 02:55 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-06-19 02:55 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-06-19 02:55 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2012-06-19 02:55 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-06-19 02:55 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-06-19 02:55 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2011-10-26 02:28 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 17:40 . 2012-08-30 17:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-30 16:18 . 2011-01-08 04:48 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-01-08 04:48 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2010-06-08 00:20 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-06-19 02:56 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2011-01-08 04:49 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-01-08 04:49 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-28 22:32 . 2011-12-31 13:25 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-22 18:12 . 2012-09-12 07:55 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:55 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:55 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:55 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:01 . 2010-07-17 05:15 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 20:01 . 2010-07-17 05:15 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 01:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-12 12:59 . 2012-08-12 12:59 1370624 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-08-02 17:58 . 2012-09-12 07:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 07:55 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-21 22:54 . 2012-07-21 22:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-07-21 22:53 . 2012-07-21 22:53 294912 ----a-w- c:\windows\SysWow64\AACACM.acm
2012-07-18 18:15 . 2012-08-14 18:50 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-09-21 10855544]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"EVEMon"="d:\program files (x86)\EVEMon\EVEMon.exe" [2012-08-09 2065920]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]
"Spotify Web Helper"="c:\users\Albert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-29 1193176]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"DVD or CD Sharing"="c:\program files (x86)\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-12-16 5953992]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2010-10-13 186368]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-11-5 2717024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ALSysIO;ALSysIO;c:\users\Albert\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-11-21 96896]
R3 cpuz130;cpuz130;c:\users\Albert\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tmbulk;Thrustmaster HOTAS WARTHOG Bulk (tmbulk);c:\windows\system32\Drivers\tmbulk.sys [2011-01-12 77312]
R3 TmFilter;Thrustmaster HID Filter Driver;c:\windows\system32\DRIVERS\TmFilter.sys [2011-01-26 24576]
R3 TmHid;Thrustmaster Virtual Keyboard (root);c:\windows\system32\DRIVERS\TmHid.sys [2011-01-26 24704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\RealTemp\WinRing0x64.sys [2010-07-15 14544]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-02-20 133728]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-03-17 302632]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2012-10-13 95392]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-08-28 54728]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-30 1263200]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-02-20 211040]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-02-20 142944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-02-20 3450832]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-06 106888]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-08-28 598032]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2012-02-15 2169056]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-02-20 367200]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-04-18 12904]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TmBusEn;Thrustmaster Bus Enumerator;c:\windows\system32\DRIVERS\TmBusEn.sys [2011-01-26 30208]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-31 12:05]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 04:13]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 04:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-10-03 17:49 309448 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-10-03 17:49 309448 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2010-10-03 17:49 309448 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-02 446392]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-12-16 403096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{219A23FE-376B-483E-9903-38E3F4EA38C9}: NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{FBB473DD-4346-476E-A800-AB6CF6AD9E0D}: NameServer = 172.26.38.1,172.26.38.2
.
.
------- File Associations -------
.
.scr=SageThumbsImage.scr
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2965207904-3687551737-26708310-1001\Software\SecuROM\License information*]
"datasecu"=hex:51,2e,be,04,78,96,dc,12,92,62,66,87,86,64,03,82,a0,ca,a5,58,af,
4d,7f,e4,aa,09,7a,24,a2,44,e9,6a,72,bc,6f,cb,d7,49,8d,cc,05,e5,85,32,09,f6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-10-13 23:24:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-14 06:24
ComboFix2.txt 2012-06-18 09:56
ComboFix3.txt 2012-06-18 09:11
ComboFix4.txt 2012-05-17 04:39
ComboFix5.txt 2012-10-14 05:59
.
Pre-Run: 4,180,033,536 bytes free
Post-Run: 4,958,146,560 bytes free
.
- - End Of File - - FA4AB0A5797FC06414FC2ED9F8695CC0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 14 October 2012 - 02:35 AM

Greetings TaylorMonkey

Iwould like to run these next just to make sure nothing is running in the background,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TaylorMonkey

TaylorMonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 16 October 2012 - 12:44 AM

TDSSKiller
--------------
21:47:02.0370 16148 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:47:02.0798 16148 ============================================================
21:47:02.0798 16148 Current date / time: 2012/10/15 21:47:02.0798
21:47:02.0798 16148 SystemInfo:
21:47:02.0798 16148
21:47:02.0798 16148 OS Version: 6.1.7601 ServicePack: 1.0
21:47:02.0798 16148 Product type: Workstation
21:47:02.0798 16148 ComputerName: SHARON
21:47:02.0798 16148 UserName: Albert
21:47:02.0798 16148 Windows directory: C:\Windows
21:47:02.0798 16148 System windows directory: C:\Windows
21:47:02.0798 16148 Running under WOW64
21:47:02.0798 16148 Processor architecture: Intel x64
21:47:02.0798 16148 Number of processors: 8
21:47:02.0798 16148 Page size: 0x1000
21:47:02.0798 16148 Boot type: Normal boot
21:47:02.0798 16148 ============================================================
21:47:03.0033 16148 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:47:03.0262 16148 Drive \Device\Harddisk1\DR1 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:47:03.0285 16148 ============================================================
21:47:03.0285 16148 \Device\Harddisk0\DR0:
21:47:03.0286 16148 MBR partitions:
21:47:03.0286 16148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:47:03.0286 16148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
21:47:03.0286 16148 \Device\Harddisk1\DR1:
21:47:03.0286 16148 MBR partitions:
21:47:03.0286 16148 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74708000
21:47:03.0286 16148 ============================================================
21:47:03.0287 16148 C: <-> \Device\Harddisk0\DR0\Partition2
21:47:03.0312 16148 D: <-> \Device\Harddisk1\DR1\Partition1
21:47:03.0313 16148 ============================================================
21:47:03.0313 16148 Initialize success
21:47:03.0313 16148 ============================================================
21:47:12.0724 13732 ============================================================
21:47:12.0724 13732 Scan started
21:47:12.0724 13732 Mode: Manual;
21:47:12.0724 13732 ============================================================
21:47:13.0261 13732 ================ Scan system memory ========================
21:47:13.0261 13732 System memory - ok
21:47:13.0262 13732 ================ Scan services =============================
21:47:13.0287 13732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:47:13.0289 13732 1394ohci - ok
21:47:13.0294 13732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:47:13.0296 13732 ACPI - ok
21:47:13.0298 13732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:47:13.0299 13732 AcpiPmi - ok
21:47:13.0314 13732 [ DB60662DF272B991449C72CA9B54B5A6 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:47:13.0323 13732 AcrSch2Svc - ok
21:47:13.0327 13732 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:47:13.0328 13732 AdobeARMservice - ok
21:47:13.0345 13732 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:47:13.0346 13732 AdobeFlashPlayerUpdateSvc - ok
21:47:13.0352 13732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:47:13.0357 13732 adp94xx - ok
21:47:13.0362 13732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:47:13.0365 13732 adpahci - ok
21:47:13.0368 13732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:47:13.0370 13732 adpu320 - ok
21:47:13.0373 13732 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
21:47:13.0373 13732 ADVService - ok
21:47:13.0376 13732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:47:13.0376 13732 AeLookupSvc - ok
21:47:13.0381 13732 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
21:47:13.0384 13732 afcdp - ok
21:47:13.0417 13732 [ ED8B4CF3357DE01F8060D206254648C9 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
21:47:13.0444 13732 afcdpsrv - ok
21:47:13.0450 13732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:47:13.0455 13732 AFD - ok
21:47:13.0457 13732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:47:13.0459 13732 agp440 - ok
21:47:13.0481 13732 [ 5632D6944A69B351D6CB2F1C70A65E21 ] Akamai c:\program files (x86)\common files\akamai\netsession_win_5632d69.dll
21:47:13.0503 13732 Akamai - ok
21:47:13.0506 13732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:47:13.0506 13732 ALG - ok
21:47:13.0508 13732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:47:13.0509 13732 aliide - ok
21:47:13.0530 13732 ALSysIO - ok
21:47:13.0532 13732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:47:13.0533 13732 amdide - ok
21:47:13.0536 13732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:47:13.0537 13732 AmdK8 - ok
21:47:13.0539 13732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:47:13.0540 13732 AmdPPM - ok
21:47:13.0542 13732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:47:13.0544 13732 amdsata - ok
21:47:13.0547 13732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:47:13.0549 13732 amdsbs - ok
21:47:13.0551 13732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:47:13.0552 13732 amdxata - ok
21:47:13.0554 13732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:47:13.0556 13732 AppID - ok
21:47:13.0558 13732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:47:13.0559 13732 AppIDSvc - ok
21:47:13.0561 13732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:47:13.0562 13732 Appinfo - ok
21:47:13.0566 13732 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:47:13.0567 13732 Apple Mobile Device - ok
21:47:13.0570 13732 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:47:13.0572 13732 AppMgmt - ok
21:47:13.0574 13732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:47:13.0576 13732 arc - ok
21:47:13.0578 13732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:47:13.0580 13732 arcsas - ok
21:47:13.0594 13732 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
21:47:13.0595 13732 ASInsHelp - ok
21:47:13.0597 13732 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:47:13.0598 13732 AsIO - ok
21:47:13.0608 13732 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:47:13.0609 13732 aspnet_state - ok
21:47:13.0613 13732 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
21:47:13.0614 13732 AsSysCtrlService - ok
21:47:13.0616 13732 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
21:47:13.0617 13732 AsUpIO - ok
21:47:13.0619 13732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:13.0620 13732 AsyncMac - ok
21:47:13.0622 13732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:47:13.0623 13732 atapi - ok
21:47:13.0629 13732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:47:13.0635 13732 AudioEndpointBuilder - ok
21:47:13.0641 13732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:47:13.0644 13732 AudioSrv - ok
21:47:13.0647 13732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:47:13.0648 13732 AxInstSV - ok
21:47:13.0654 13732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:47:13.0658 13732 b06bdrv - ok
21:47:13.0663 13732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:47:13.0666 13732 b57nd60a - ok
21:47:13.0669 13732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:47:13.0671 13732 BDESVC - ok
21:47:13.0673 13732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:47:13.0673 13732 Beep - ok
21:47:13.0680 13732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:47:13.0686 13732 BFE - ok
21:47:13.0702 13732 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
21:47:13.0713 13732 BHDrvx64 - ok
21:47:13.0722 13732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:47:13.0729 13732 BITS - ok
21:47:13.0731 13732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:13.0732 13732 blbdrive - ok
21:47:13.0739 13732 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:47:13.0743 13732 Bonjour Service - ok
21:47:13.0746 13732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:47:13.0747 13732 bowser - ok
21:47:13.0749 13732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:13.0750 13732 BrFiltLo - ok
21:47:13.0752 13732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:13.0752 13732 BrFiltUp - ok
21:47:13.0755 13732 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
21:47:13.0756 13732 Bridge - ok
21:47:13.0759 13732 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:47:13.0759 13732 BridgeMP - ok
21:47:13.0762 13732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:47:13.0763 13732 Browser - ok
21:47:13.0767 13732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:47:13.0770 13732 Brserid - ok
21:47:13.0772 13732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:13.0773 13732 BrSerWdm - ok
21:47:13.0775 13732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:13.0776 13732 BrUsbMdm - ok
21:47:13.0778 13732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:13.0779 13732 BrUsbSer - ok
21:47:13.0781 13732 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:47:13.0781 13732 BthEnum - ok
21:47:13.0784 13732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:13.0785 13732 BTHMODEM - ok
21:47:13.0787 13732 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:47:13.0789 13732 BthPan - ok
21:47:13.0795 13732 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:47:13.0800 13732 BTHPORT - ok
21:47:13.0802 13732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:47:13.0804 13732 bthserv - ok
21:47:13.0806 13732 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:47:13.0807 13732 BTHUSB - ok
21:47:13.0808 13732 catchme - ok
21:47:13.0812 13732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:47:13.0813 13732 cdfs - ok
21:47:13.0816 13732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:47:13.0817 13732 cdrom - ok
21:47:13.0820 13732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:47:13.0821 13732 CertPropSvc - ok
21:47:13.0823 13732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:47:13.0824 13732 circlass - ok
21:47:13.0829 13732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:47:13.0832 13732 CLFS - ok
21:47:13.0836 13732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:13.0837 13732 clr_optimization_v2.0.50727_32 - ok
21:47:13.0841 13732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:47:13.0843 13732 clr_optimization_v2.0.50727_64 - ok
21:47:13.0851 13732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:47:13.0856 13732 clr_optimization_v4.0.30319_32 - ok
21:47:13.0864 13732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:47:13.0868 13732 clr_optimization_v4.0.30319_64 - ok
21:47:13.0871 13732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:13.0871 13732 CmBatt - ok
21:47:13.0873 13732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:47:13.0874 13732 cmdide - ok
21:47:13.0880 13732 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:47:13.0884 13732 CNG - ok
21:47:13.0886 13732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:47:13.0888 13732 Compbatt - ok
21:47:13.0890 13732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:47:13.0891 13732 CompositeBus - ok
21:47:13.0892 13732 COMSysApp - ok
21:47:13.0914 13732 cpuz130 - ok
21:47:13.0916 13732 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
21:47:13.0917 13732 cpuz134 - ok
21:47:13.0919 13732 cpuz135 - ok
21:47:13.0921 13732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:13.0922 13732 crcdisk - ok
21:47:13.0928 13732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:47:13.0929 13732 CryptSvc - ok
21:47:13.0936 13732 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:47:13.0941 13732 CSC - ok
21:47:13.0948 13732 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:47:13.0954 13732 CscService - ok
21:47:13.0965 13732 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:47:13.0968 13732 cvhsvc - ok
21:47:13.0975 13732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:47:13.0980 13732 DcomLaunch - ok
21:47:13.0985 13732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:47:13.0987 13732 defragsvc - ok
21:47:13.0991 13732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:47:13.0992 13732 DfsC - ok
21:47:13.0996 13732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:47:13.0999 13732 Dhcp - ok
21:47:14.0001 13732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:47:14.0002 13732 discache - ok
21:47:14.0004 13732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:47:14.0006 13732 Disk - ok
21:47:14.0009 13732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:47:14.0010 13732 Dnscache - ok
21:47:14.0013 13732 [ 1C92CE85ED00554BDD118923E751A162 ] Dokan C:\Windows\system32\drivers\dokan.sys
21:47:14.0015 13732 Dokan - ok
21:47:14.0019 13732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:47:14.0021 13732 dot3svc - ok
21:47:14.0024 13732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:47:14.0026 13732 DPS - ok
21:47:14.0028 13732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:47:14.0029 13732 drmkaud - ok
21:47:14.0038 13732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:47:14.0046 13732 DXGKrnl - ok
21:47:14.0050 13732 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
21:47:14.0053 13732 e1yexpress - ok
21:47:14.0055 13732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:47:14.0057 13732 EapHost - ok
21:47:14.0082 13732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:47:14.0105 13732 ebdrv - ok
21:47:14.0112 13732 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:47:14.0117 13732 eeCtrl - ok
21:47:14.0119 13732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:47:14.0120 13732 EFS - ok
21:47:14.0128 13732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:47:14.0132 13732 ehRecvr - ok
21:47:14.0135 13732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:47:14.0135 13732 ehSched - ok
21:47:14.0141 13732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:47:14.0146 13732 elxstor - ok
21:47:14.0150 13732 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:47:14.0151 13732 EraserUtilRebootDrv - ok
21:47:14.0153 13732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:47:14.0154 13732 ErrDev - ok
21:47:14.0161 13732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:47:14.0165 13732 EventSystem - ok
21:47:14.0168 13732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:47:14.0170 13732 exfat - ok
21:47:14.0173 13732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:47:14.0175 13732 fastfat - ok
21:47:14.0182 13732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:47:14.0189 13732 Fax - ok
21:47:14.0191 13732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:47:14.0192 13732 fdc - ok
21:47:14.0194 13732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:47:14.0195 13732 fdPHost - ok
21:47:14.0196 13732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:47:14.0197 13732 FDResPub - ok
21:47:14.0200 13732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:47:14.0201 13732 FileInfo - ok
21:47:14.0203 13732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:47:14.0204 13732 Filetrace - ok
21:47:14.0206 13732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:14.0206 13732 flpydisk - ok
21:47:14.0211 13732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:47:14.0213 13732 FltMgr - ok
21:47:14.0217 13732 [ E94E042BC24BB301767A8125D529B705 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
21:47:14.0218 13732 fltsrv - ok
21:47:14.0228 13732 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:47:14.0237 13732 FontCache - ok
21:47:14.0240 13732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:47:14.0240 13732 FontCache3.0.0.0 - ok
21:47:14.0243 13732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:47:14.0244 13732 FsDepends - ok
21:47:14.0246 13732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:47:14.0247 13732 Fs_Rec - ok
21:47:14.0250 13732 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
21:47:14.0267 13732 Futuremark SystemInfo Service - ok
21:47:14.0271 13732 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:47:14.0273 13732 fvevol - ok
21:47:14.0276 13732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:14.0277 13732 gagp30kx - ok
21:47:14.0279 13732 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:14.0280 13732 GEARAspiWDM - ok
21:47:14.0288 13732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:47:14.0294 13732 gpsvc - ok
21:47:14.0298 13732 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:47:14.0298 13732 gupdate - ok
21:47:14.0301 13732 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:47:14.0301 13732 gupdatem - ok
21:47:14.0303 13732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:47:14.0304 13732 hcw85cir - ok
21:47:14.0309 13732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:47:14.0312 13732 HdAudAddService - ok
21:47:14.0315 13732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:14.0316 13732 HDAudBus - ok
21:47:14.0318 13732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:47:14.0319 13732 HidBatt - ok
21:47:14.0321 13732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:47:14.0322 13732 HidBth - ok
21:47:14.0324 13732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:47:14.0326 13732 HidIr - ok
21:47:14.0328 13732 [ 3CC53BC405F609F61D4A879F3E7EBC4A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
21:47:14.0329 13732 hidkmdf - ok
21:47:14.0331 13732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:47:14.0332 13732 hidserv - ok
21:47:14.0334 13732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:47:14.0335 13732 HidUsb - ok
21:47:14.0337 13732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:47:14.0339 13732 hkmsvc - ok
21:47:14.0342 13732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:47:14.0344 13732 HomeGroupListener - ok
21:47:14.0348 13732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:47:14.0350 13732 HomeGroupProvider - ok
21:47:14.0352 13732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:47:14.0354 13732 HpSAMD - ok
21:47:14.0361 13732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:47:14.0367 13732 HTTP - ok
21:47:14.0370 13732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:47:14.0370 13732 hwpolicy - ok
21:47:14.0373 13732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:47:14.0375 13732 i8042prt - ok
21:47:14.0380 13732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:47:14.0382 13732 iaStorV - ok
21:47:14.0390 13732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:47:14.0397 13732 idsvc - ok
21:47:14.0407 13732 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121013.001\IDSvia64.sys
21:47:14.0411 13732 IDSVia64 - ok
21:47:14.0414 13732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:47:14.0415 13732 iirsp - ok
21:47:14.0423 13732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:47:14.0430 13732 IKEEXT - ok
21:47:14.0433 13732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:47:14.0435 13732 intelide - ok
21:47:14.0437 13732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:47:14.0438 13732 intelppm - ok
21:47:14.0441 13732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:47:14.0442 13732 IPBusEnum - ok
21:47:14.0445 13732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:14.0447 13732 IpFilterDriver - ok
21:47:14.0454 13732 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:47:14.0460 13732 iphlpsvc - ok
21:47:14.0462 13732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:47:14.0464 13732 IPMIDRV - ok
21:47:14.0466 13732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:47:14.0467 13732 IPNAT - ok
21:47:14.0478 13732 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:47:14.0485 13732 iPod Service - ok
21:47:14.0488 13732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:47:14.0489 13732 IRENUM - ok
21:47:14.0491 13732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:47:14.0492 13732 isapnp - ok
21:47:14.0496 13732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:47:14.0499 13732 iScsiPrt - ok
21:47:14.0501 13732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:14.0502 13732 kbdclass - ok
21:47:14.0504 13732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:47:14.0505 13732 kbdhid - ok
21:47:14.0507 13732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:47:14.0508 13732 KeyIso - ok
21:47:14.0510 13732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:47:14.0512 13732 KSecDD - ok
21:47:14.0515 13732 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:47:14.0516 13732 KSecPkg - ok
21:47:14.0519 13732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:47:14.0519 13732 ksthunk - ok
21:47:14.0524 13732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:47:14.0528 13732 KtmRm - ok
21:47:14.0531 13732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:47:14.0534 13732 LanmanServer - ok
21:47:14.0537 13732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:47:14.0539 13732 LanmanWorkstation - ok
21:47:14.0542 13732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:47:14.0544 13732 lltdio - ok
21:47:14.0548 13732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:47:14.0551 13732 lltdsvc - ok
21:47:14.0553 13732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:47:14.0554 13732 lmhosts - ok
21:47:14.0558 13732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:47:14.0560 13732 LSI_FC - ok
21:47:14.0563 13732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:47:14.0564 13732 LSI_SAS - ok
21:47:14.0567 13732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:47:14.0568 13732 LSI_SAS2 - ok
21:47:14.0571 13732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:47:14.0573 13732 LSI_SCSI - ok
21:47:14.0576 13732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:47:14.0577 13732 luafv - ok
21:47:14.0581 13732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:47:14.0582 13732 Mcx2Svc - ok
21:47:14.0584 13732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:47:14.0586 13732 megasas - ok
21:47:14.0590 13732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:47:14.0593 13732 MegaSR - ok
21:47:14.0595 13732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:47:14.0597 13732 MMCSS - ok
21:47:14.0599 13732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:47:14.0600 13732 Modem - ok
21:47:14.0602 13732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:47:14.0603 13732 monitor - ok
21:47:14.0605 13732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:47:14.0606 13732 mouclass - ok
21:47:14.0608 13732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:47:14.0609 13732 mouhid - ok
21:47:14.0612 13732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:47:14.0613 13732 mountmgr - ok
21:47:14.0616 13732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:47:14.0618 13732 mpio - ok
21:47:14.0621 13732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:47:14.0622 13732 mpsdrv - ok
21:47:14.0630 13732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:47:14.0638 13732 MpsSvc - ok
21:47:14.0641 13732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:47:14.0643 13732 MRxDAV - ok
21:47:14.0646 13732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:14.0648 13732 mrxsmb - ok
21:47:14.0653 13732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:14.0655 13732 mrxsmb10 - ok
21:47:14.0658 13732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:14.0660 13732 mrxsmb20 - ok
21:47:14.0662 13732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:47:14.0663 13732 msahci - ok
21:47:14.0666 13732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:47:14.0668 13732 msdsm - ok
21:47:14.0671 13732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:47:14.0673 13732 MSDTC - ok
21:47:14.0677 13732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:47:14.0679 13732 Msfs - ok
21:47:14.0681 13732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:47:14.0682 13732 mshidkmdf - ok
21:47:14.0684 13732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:47:14.0684 13732 msisadrv - ok
21:47:14.0688 13732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:47:14.0690 13732 MSiSCSI - ok
21:47:14.0692 13732 msiserver - ok
21:47:14.0694 13732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:47:14.0695 13732 MSKSSRV - ok
21:47:14.0696 13732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:14.0697 13732 MSPCLOCK - ok
21:47:14.0699 13732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:47:14.0700 13732 MSPQM - ok
21:47:14.0704 13732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:47:14.0707 13732 MsRPC - ok
21:47:14.0710 13732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:47:14.0711 13732 mssmbios - ok
21:47:14.0714 13732 MSSQL$SQLEXPRESS - ok
21:47:14.0717 13732 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:47:14.0718 13732 MSSQLServerADHelper100 - ok
21:47:14.0720 13732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:47:14.0721 13732 MSTEE - ok
21:47:14.0723 13732 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
21:47:14.0724 13732 msvad_simple - ok
21:47:14.0725 13732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:47:14.0726 13732 MTConfig - ok
21:47:14.0728 13732 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:47:14.0729 13732 MTsensor - ok
21:47:14.0731 13732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:47:14.0732 13732 Mup - ok
21:47:14.0734 13732 [ A906B08944EF1BEC17AE306E9FDB35D0 ] mv2 C:\Windows\system32\DRIVERS\mv2.sys
21:47:14.0735 13732 mv2 - ok
21:47:14.0739 13732 [ 77073C1AF9C0921FF18EE628049BB1A9 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
21:47:14.0741 13732 mv91xx - ok
21:47:14.0747 13732 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
21:47:14.0747 13732 N360 - ok
21:47:14.0753 13732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:47:14.0758 13732 napagent - ok
21:47:14.0762 13732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:47:14.0765 13732 NativeWifiP - ok
21:47:14.0769 13732 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121015.017\ENG64.SYS
21:47:14.0770 13732 NAVENG - ok
21:47:14.0787 13732 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121015.017\EX64.SYS
21:47:14.0802 13732 NAVEX15 - ok
21:47:14.0812 13732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:47:14.0820 13732 NDIS - ok
21:47:14.0822 13732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:14.0823 13732 NdisCap - ok
21:47:14.0825 13732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:14.0826 13732 NdisTapi - ok
21:47:14.0828 13732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:14.0830 13732 Ndisuio - ok
21:47:14.0833 13732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:14.0834 13732 NdisWan - ok
21:47:14.0837 13732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:47:14.0838 13732 NDProxy - ok
21:47:14.0840 13732 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
21:47:14.0841 13732 Netaapl - ok
21:47:14.0843 13732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:47:14.0844 13732 NetBIOS - ok
21:47:14.0848 13732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:47:14.0850 13732 NetBT - ok
21:47:14.0852 13732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:47:14.0853 13732 Netlogon - ok
21:47:14.0857 13732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:47:14.0860 13732 Netman - ok
21:47:14.0868 13732 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:14.0871 13732 NetMsmqActivator - ok
21:47:14.0873 13732 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:14.0873 13732 NetPipeActivator - ok
21:47:14.0879 13732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:47:14.0884 13732 netprofm - ok
21:47:14.0886 13732 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:14.0887 13732 NetTcpActivator - ok
21:47:14.0889 13732 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:14.0889 13732 NetTcpPortSharing - ok
21:47:14.0892 13732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:47:14.0893 13732 nfrd960 - ok
21:47:14.0897 13732 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:47:14.0900 13732 NlaSvc - ok
21:47:14.0902 13732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:47:14.0903 13732 Npfs - ok
21:47:14.0905 13732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:47:14.0906 13732 nsi - ok
21:47:14.0908 13732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:47:14.0909 13732 nsiproxy - ok
21:47:14.0923 13732 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:47:14.0936 13732 Ntfs - ok
21:47:14.0938 13732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:47:14.0939 13732 Null - ok
21:47:14.0941 13732 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:47:14.0942 13732 nusb3hub - ok
21:47:14.0945 13732 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:47:14.0947 13732 nusb3xhc - ok
21:47:14.0950 13732 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:47:14.0952 13732 NVHDA - ok
21:47:15.0047 13732 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:47:15.0138 13732 nvlddmkm - ok
21:47:15.0142 13732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:47:15.0144 13732 nvraid - ok
21:47:15.0148 13732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:47:15.0149 13732 nvstor - ok
21:47:15.0158 13732 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
21:47:15.0166 13732 nvsvc - ok
21:47:15.0177 13732 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:47:15.0187 13732 nvUpdatusService - ok
21:47:15.0190 13732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:47:15.0192 13732 nv_agp - ok
21:47:15.0194 13732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:47:15.0195 13732 ohci1394 - ok
21:47:15.0198 13732 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:47:15.0200 13732 ose - ok
21:47:15.0236 13732 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:47:15.0270 13732 osppsvc - ok
21:47:15.0275 13732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:47:15.0279 13732 p2pimsvc - ok
21:47:15.0284 13732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:47:15.0288 13732 p2psvc - ok
21:47:15.0291 13732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:47:15.0293 13732 Parport - ok
21:47:15.0295 13732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:47:15.0296 13732 partmgr - ok
21:47:15.0299 13732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:47:15.0302 13732 PcaSvc - ok
21:47:15.0305 13732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:47:15.0307 13732 pci - ok
21:47:15.0309 13732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:47:15.0310 13732 pciide - ok
21:47:15.0313 13732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:15.0315 13732 pcmcia - ok
21:47:15.0317 13732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:47:15.0318 13732 pcw - ok
21:47:15.0325 13732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:47:15.0330 13732 PEAUTH - ok
21:47:15.0342 13732 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:47:15.0353 13732 PeerDistSvc - ok
21:47:15.0369 13732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:47:15.0370 13732 PerfHost - ok
21:47:15.0385 13732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:47:15.0396 13732 pla - ok
21:47:15.0402 13732 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:47:15.0406 13732 PlugPlay - ok
21:47:15.0408 13732 PnkBstrA - ok
21:47:15.0410 13732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:47:15.0412 13732 PNRPAutoReg - ok
21:47:15.0416 13732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:47:15.0418 13732 PNRPsvc - ok
21:47:15.0423 13732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:47:15.0428 13732 PolicyAgent - ok
21:47:15.0432 13732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:47:15.0435 13732 Power - ok
21:47:15.0437 13732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:47:15.0439 13732 PptpMiniport - ok
21:47:15.0441 13732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:47:15.0442 13732 Processor - ok
21:47:15.0445 13732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:47:15.0448 13732 ProfSvc - ok
21:47:15.0450 13732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:47:15.0450 13732 ProtectedStorage - ok
21:47:15.0453 13732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:47:15.0455 13732 Psched - ok
21:47:15.0467 13732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:47:15.0479 13732 ql2300 - ok
21:47:15.0483 13732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:47:15.0485 13732 ql40xx - ok
21:47:15.0488 13732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:47:15.0491 13732 QWAVE - ok
21:47:15.0493 13732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:47:15.0494 13732 QWAVEdrv - ok
21:47:15.0496 13732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:47:15.0497 13732 RasAcd - ok
21:47:15.0500 13732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:15.0501 13732 RasAgileVpn - ok
21:47:15.0503 13732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:47:15.0505 13732 RasAuto - ok
21:47:15.0508 13732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:15.0509 13732 Rasl2tp - ok
21:47:15.0514 13732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:47:15.0517 13732 RasMan - ok
21:47:15.0519 13732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:15.0521 13732 RasPppoe - ok
21:47:15.0523 13732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:47:15.0525 13732 RasSstp - ok
21:47:15.0529 13732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:47:15.0532 13732 rdbss - ok
21:47:15.0534 13732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:15.0535 13732 rdpbus - ok
21:47:15.0536 13732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:15.0537 13732 RDPCDD - ok
21:47:15.0541 13732 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:47:15.0543 13732 RDPDR - ok
21:47:15.0544 13732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:47:15.0545 13732 RDPENCDD - ok
21:47:15.0547 13732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:47:15.0548 13732 RDPREFMP - ok
21:47:15.0551 13732 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:47:15.0552 13732 RdpVideoMiniport - ok
21:47:15.0556 13732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:47:15.0558 13732 RDPWD - ok
21:47:15.0561 13732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:47:15.0563 13732 rdyboost - ok
21:47:15.0567 13732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:47:15.0568 13732 RemoteAccess - ok
21:47:15.0570 13732 [ BFA4873CD96D7144DC0059A70E1E358F ] RemoteControl-USBLAN C:\Windows\system32\DRIVERS\rcblan.sys
21:47:15.0571 13732 RemoteControl-USBLAN - ok
21:47:15.0574 13732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:47:15.0577 13732 RemoteRegistry - ok
21:47:15.0580 13732 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:47:15.0582 13732 RFCOMM - ok
21:47:15.0584 13732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:47:15.0586 13732 RpcEptMapper - ok
21:47:15.0588 13732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:47:15.0589 13732 RpcLocator - ok
21:47:15.0595 13732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:47:15.0597 13732 RpcSs - ok
21:47:15.0602 13732 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
21:47:15.0605 13732 RsFx0103 - ok
21:47:15.0607 13732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:47:15.0608 13732 rspndr - ok
21:47:15.0610 13732 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:47:15.0611 13732 s3cap - ok
21:47:15.0613 13732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:47:15.0614 13732 SamSs - ok
21:47:15.0616 13732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:47:15.0618 13732 sbp2port - ok
21:47:15.0621 13732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:47:15.0624 13732 SCardSvr - ok
21:47:15.0626 13732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:47:15.0627 13732 scfilter - ok
21:47:15.0636 13732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:47:15.0645 13732 Schedule - ok
21:47:15.0648 13732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:47:15.0649 13732 SCPolicySvc - ok
21:47:15.0652 13732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:47:15.0654 13732 SDRSVC - ok
21:47:15.0656 13732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:47:15.0657 13732 secdrv - ok
21:47:15.0659 13732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:47:15.0661 13732 seclogon - ok
21:47:15.0663 13732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:47:15.0664 13732 SENS - ok
21:47:15.0666 13732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:47:15.0668 13732 SensrSvc - ok
21:47:15.0670 13732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:47:15.0671 13732 Serenum - ok
21:47:15.0673 13732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:47:15.0674 13732 Serial - ok
21:47:15.0677 13732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:47:15.0677 13732 sermouse - ok
21:47:15.0683 13732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:47:15.0685 13732 SessionEnv - ok
21:47:15.0687 13732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:47:15.0688 13732 sffdisk - ok
21:47:15.0690 13732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:47:15.0690 13732 sffp_mmc - ok
21:47:15.0692 13732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:47:15.0693 13732 sffp_sd - ok
21:47:15.0695 13732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:47:15.0696 13732 sfloppy - ok
21:47:15.0704 13732 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:47:15.0710 13732 Sftfs - ok
21:47:15.0716 13732 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:47:15.0720 13732 sftlist - ok
21:47:15.0724 13732 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:47:15.0726 13732 Sftplay - ok
21:47:15.0729 13732 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:47:15.0730 13732 Sftredir - ok
21:47:15.0732 13732 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:47:15.0733 13732 Sftvol - ok
21:47:15.0736 13732 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:47:15.0736 13732 sftvsa - ok
21:47:15.0741 13732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:47:15.0744 13732 SharedAccess - ok
21:47:15.0750 13732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:47:15.0754 13732 ShellHWDetection - ok
21:47:15.0756 13732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:47:15.0757 13732 SiSRaid2 - ok
21:47:15.0760 13732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:47:15.0761 13732 SiSRaid4 - ok
21:47:15.0765 13732 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:47:15.0767 13732 SkypeUpdate - ok
21:47:15.0768 13732 SliceDisk5 - ok
21:47:15.0771 13732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:47:15.0772 13732 Smb - ok
21:47:15.0776 13732 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
21:47:15.0777 13732 SMR311 - ok
21:47:15.0784 13732 [ BBFB94699C8C265A6AF5FD51BDE26DFC ] snapman C:\Windows\system32\DRIVERS\snapman.sys
21:47:15.0786 13732 snapman - ok
21:47:15.0789 13732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:47:15.0791 13732 SNMPTRAP - ok
21:47:15.0799 13732 [ F9369327409492097B0BB7CE86BD29DE ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
21:47:15.0800 13732 Soluto - ok
21:47:15.0808 13732 [ 3971E30B64AF2EF61F8F68E41586517B ] SolutoService C:\Program Files\Soluto\SolutoService.exe
21:47:15.0813 13732 SolutoService - ok
21:47:15.0815 13732 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
21:47:15.0817 13732 speedfan - ok
21:47:15.0819 13732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:47:15.0820 13732 spldr - ok
21:47:15.0826 13732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:47:15.0829 13732 Spooler - ok
21:47:15.0855 13732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:47:15.0881 13732 sppsvc - ok
21:47:15.0884 13732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:47:15.0885 13732 sppuinotify - ok
21:47:15.0887 13732 sptd - ok
21:47:15.0894 13732 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:47:15.0898 13732 SQLAgent$SQLEXPRESS - ok
21:47:15.0903 13732 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:47:15.0905 13732 SQLBrowser - ok
21:47:15.0909 13732 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:47:15.0909 13732 SQLWriter - ok
21:47:15.0917 13732 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
21:47:15.0924 13732 SRTSP - ok
21:47:15.0926 13732 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
21:47:15.0927 13732 SRTSPX - ok
21:47:15.0933 13732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:47:15.0937 13732 srv - ok
21:47:15.0942 13732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:47:15.0947 13732 srv2 - ok
21:47:15.0950 13732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:47:15.0952 13732 srvnet - ok
21:47:15.0955 13732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:47:15.0958 13732 SSDPSRV - ok
21:47:15.0960 13732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:47:15.0962 13732 SstpSvc - ok
21:47:15.0964 13732 Steam Client Service - ok
21:47:15.0969 13732 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:47:15.0972 13732 Stereo Service - ok
21:47:15.0975 13732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:47:15.0976 13732 stexstor - ok
21:47:15.0977 13732 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:47:15.0978 13732 StillCam - ok
21:47:15.0984 13732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:47:15.0990 13732 stisvc - ok
21:47:15.0992 13732 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:47:15.0993 13732 storflt - ok
21:47:15.0996 13732 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:47:15.0997 13732 storvsc - ok
21:47:15.0999 13732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:47:15.0999 13732 swenum - ok
21:47:16.0006 13732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:47:16.0012 13732 swprv - ok
21:47:16.0018 13732 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
21:47:16.0022 13732 SymDS - ok
21:47:16.0031 13732 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
21:47:16.0038 13732 SymEFA - ok
21:47:16.0042 13732 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:47:16.0044 13732 SymEvent - ok
21:47:16.0047 13732 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
21:47:16.0048 13732 SymIRON - ok
21:47:16.0053 13732 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
21:47:16.0056 13732 SymNetS - ok
21:47:16.0111 13732 [ D9C742A07E8C500B9497ABDDFD118D07 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
21:47:16.0156 13732 syncagentsrv - ok
21:47:16.0158 13732 Synth3dVsc - ok
21:47:16.0172 13732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:47:16.0186 13732 SysMain - ok
21:47:16.0189 13732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:47:16.0191 13732 TabletInputService - ok
21:47:16.0253 13732 [ 17A341D41F30FEA2EFF7223148899FEC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
21:47:16.0309 13732 TabletServiceWacom - ok
21:47:16.0315 13732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:47:16.0318 13732 TapiSrv - ok
21:47:16.0320 13732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:47:16.0322 13732 TBS - ok
21:47:16.0337 13732 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:47:16.0351 13732 Tcpip - ok
21:47:16.0368 13732 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:47:16.0373 13732 TCPIP6 - ok
21:47:16.0377 13732 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:47:16.0378 13732 tcpipreg - ok
21:47:16.0381 13732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:47:16.0382 13732 TDPIPE - ok
21:47:16.0394 13732 [ 9C1A823D4E729C965167B6E71E984296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
21:47:16.0404 13732 tdrpman - ok
21:47:16.0415 13732 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
21:47:16.0425 13732 tdrpman273 - ok
21:47:16.0427 13732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:47:16.0428 13732 TDTCP - ok
21:47:16.0431 13732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:47:16.0433 13732 tdx - ok
21:47:16.0435 13732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:47:16.0436 13732 TermDD - ok
21:47:16.0443 13732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:47:16.0449 13732 TermService - ok
21:47:16.0452 13732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:47:16.0453 13732 Themes - ok
21:47:16.0455 13732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:47:16.0456 13732 THREADORDER - ok
21:47:16.0466 13732 [ 990447334615A0DB84F620E1426DCFE0 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
21:47:16.0474 13732 timounter - ok
21:47:16.0477 13732 [ DE0D1F435F1DE2ED0102152E9BF70FA6 ] tmbulk C:\Windows\system32\Drivers\tmbulk.sys
21:47:16.0478 13732 tmbulk - ok
21:47:16.0480 13732 [ 2867DEC7A25DCF98CA65BBDCEDA0A78E ] TmBusEn C:\Windows\system32\DRIVERS\TmBusEn.sys
21:47:16.0481 13732 TmBusEn - ok
21:47:16.0483 13732 [ C0C94A84AF75661E951AEAC04F044351 ] TmFilter C:\Windows\system32\DRIVERS\TmFilter.sys
21:47:16.0484 13732 TmFilter - ok
21:47:16.0486 13732 [ 59F698C8B9D9BBB84F3499A92C4B53E7 ] TmHid C:\Windows\system32\DRIVERS\TmHid.sys
21:47:16.0487 13732 TmHid - ok
21:47:16.0492 13732 [ B578F7E7914E7D9EB161032A613DE3BD ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:47:16.0494 13732 TOSHIBA Bluetooth Service - ok
21:47:16.0497 13732 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
21:47:16.0498 13732 tosporte - ok
21:47:16.0501 13732 [ 1B09357180034639E62CF745E77AC66E ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
21:47:16.0503 13732 tosrfbd - ok
21:47:16.0505 13732 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
21:47:16.0506 13732 tosrfbnp - ok
21:47:16.0509 13732 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
21:47:16.0510 13732 Tosrfcom - ok
21:47:16.0512 13732 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
21:47:16.0513 13732 Tosrfhid - ok
21:47:16.0516 13732 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
21:47:16.0517 13732 tosrfnds - ok
21:47:16.0519 13732 [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
21:47:16.0520 13732 TosRfSnd - ok
21:47:16.0522 13732 [ FC88BAF46FF87D2BC80F8B0F0322D84A ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
21:47:16.0523 13732 Tosrfusb - ok
21:47:16.0529 13732 [ A15A789141C74AAD7971FBCB4847A593 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
21:47:16.0534 13732 TouchServiceWacom - ok
21:47:16.0537 13732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:47:16.0539 13732 TrkWks - ok
21:47:16.0542 13732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:47:16.0544 13732 TrustedInstaller - ok
21:47:16.0548 13732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:16.0549 13732 tssecsrv - ok
21:47:16.0551 13732 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:47:16.0552 13732 TsUsbFlt - ok
21:47:16.0554 13732 tsusbhub - ok
21:47:16.0557 13732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:47:16.0558 13732 tunnel - ok
21:47:16.0561 13732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:47:16.0562 13732 uagp35 - ok
21:47:16.0566 13732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:47:16.0569 13732 udfs - ok
21:47:16.0573 13732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:47:16.0575 13732 UI0Detect - ok
21:47:16.0577 13732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:47:16.0579 13732 uliagpkx - ok
21:47:16.0581 13732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:47:16.0582 13732 umbus - ok
21:47:16.0584 13732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:47:16.0584 13732 UmPass - ok
21:47:16.0588 13732 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:47:16.0590 13732 UmRdpService - ok
21:47:16.0592 13732 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
21:47:16.0593 13732 UnsignedThemes - ok
21:47:16.0597 13732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:47:16.0601 13732 upnphost - ok
21:47:16.0603 13732 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:47:16.0604 13732 USBAAPL64 - ok
21:47:16.0607 13732 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:47:16.0608 13732 usbaudio - ok
21:47:16.0611 13732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:16.0612 13732 usbccgp - ok
21:47:16.0615 13732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:47:16.0616 13732 usbcir - ok
21:47:16.0618 13732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:47:16.0619 13732 usbehci - ok
21:47:16.0623 13732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:47:16.0626 13732 usbhub - ok
21:47:16.0628 13732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:47:16.0630 13732 usbohci - ok
21:47:16.0632 13732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:47:16.0633 13732 usbprint - ok
21:47:16.0635 13732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:16.0636 13732 USBSTOR - ok
21:47:16.0638 13732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:47:16.0639 13732 usbuhci - ok
21:47:16.0656 13732 [ 79A9850AEDCE95C1218C8FDB19E7F8CC ] uvnc_service C:\Program Files\UltraVNC\WinVNC.exe
21:47:16.0671 13732 uvnc_service - ok
21:47:16.0674 13732 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys
21:47:16.0675 13732 uxpatch - ok
21:47:16.0677 13732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:47:16.0678 13732 UxSms - ok
21:47:16.0680 13732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:47:16.0681 13732 VaultSvc - ok
21:47:16.0683 13732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:47:16.0684 13732 vdrvroot - ok
21:47:16.0690 13732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:47:16.0695 13732 vds - ok
21:47:16.0698 13732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:16.0699 13732 vga - ok
21:47:16.0701 13732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:47:16.0702 13732 VgaSave - ok
21:47:16.0703 13732 VGPU - ok
21:47:16.0707 13732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:47:16.0709 13732 vhdmp - ok
21:47:16.0711 13732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:47:16.0712 13732 viaide - ok
21:47:16.0716 13732 [ EE12FAFFDD1FB13BE0D6EF67CB0D1617 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
21:47:16.0718 13732 vididr - ok
21:47:16.0721 13732 [ 2DFD1EB9DE564460003DE1605A275E8D ] vidsflt61 C:\Windows\system32\DRIVERS\vsflt61.sys
21:47:16.0723 13732 vidsflt61 - ok
21:47:16.0726 13732 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:47:16.0728 13732 vmbus - ok
21:47:16.0731 13732 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:47:16.0732 13732 VMBusHID - ok
21:47:16.0734 13732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:47:16.0735 13732 volmgr - ok
21:47:16.0740 13732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:47:16.0743 13732 volmgrx - ok
21:47:16.0747 13732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:47:16.0750 13732 volsnap - ok
21:47:16.0753 13732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:47:16.0755 13732 vsmraid - ok
21:47:16.0768 13732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:47:16.0781 13732 VSS - ok
21:47:16.0784 13732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:47:16.0785 13732 vwifibus - ok
21:47:16.0791 13732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:47:16.0794 13732 W32Time - ok
21:47:16.0798 13732 [ 7CB1898A29188FB8DB102406EF0D8D9E ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
21:47:16.0799 13732 WacHidRouter - ok
21:47:16.0801 13732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:47:16.0802 13732 WacomPen - ok
21:47:16.0804 13732 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
21:47:16.0805 13732 wacomrouterfilter - ok
21:47:16.0807 13732 wacomvhid - ok
21:47:16.0809 13732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:47:16.0811 13732 WANARP - ok
21:47:16.0813 13732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:47:16.0813 13732 Wanarpv6 - ok
21:47:16.0824 13732 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:47:16.0834 13732 WatAdminSvc - ok
21:47:16.0847 13732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:47:16.0859 13732 wbengine - ok
21:47:16.0863 13732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:47:16.0866 13732 WbioSrvc - ok
21:47:16.0871 13732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:47:16.0875 13732 wcncsvc - ok
21:47:16.0877 13732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:47:16.0879 13732 WcsPlugInService - ok
21:47:16.0881 13732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:47:16.0882 13732 Wd - ok
21:47:16.0888 13732 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:47:16.0894 13732 Wdf01000 - ok
21:47:16.0896 13732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:47:16.0898 13732 WdiServiceHost - ok
21:47:16.0900 13732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:47:16.0902 13732 WdiSystemHost - ok
21:47:16.0905 13732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:47:16.0909 13732 WebClient - ok
21:47:16.0912 13732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:47:16.0915 13732 Wecsvc - ok
21:47:16.0918 13732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:47:16.0919 13732 wercplsupport - ok
21:47:16.0922 13732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:47:16.0923 13732 WerSvc - ok
21:47:16.0925 13732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:16.0926 13732 WfpLwf - ok
21:47:16.0928 13732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:47:16.0929 13732 WIMMount - ok
21:47:16.0930 13732 WinDefend - ok
21:47:16.0935 13732 WinHttpAutoProxySvc - ok
21:47:16.0942 13732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:47:16.0944 13732 Winmgmt - ok
21:47:16.0946 13732 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\RealTemp\WinRing0x64.sys
21:47:16.0951 13732 WinRing0_1_2_0 - ok
21:47:16.0967 13732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:47:16.0983 13732 WinRM - ok
21:47:16.0987 13732 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:47:16.0989 13732 WinUsb - ok
21:47:16.0997 13732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:47:17.0005 13732 Wlansvc - ok
21:47:17.0024 13732 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:47:17.0039 13732 wlidsvc - ok
21:47:17.0042 13732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:47:17.0042 13732 WmiAcpi - ok
21:47:17.0048 13732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:47:17.0050 13732 wmiApSrv - ok
21:47:17.0052 13732 WMPNetworkSvc - ok
21:47:17.0054 13732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:47:17.0056 13732 WPCSvc - ok
21:47:17.0059 13732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:47:17.0061 13732 WPDBusEnum - ok
21:47:17.0063 13732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:47:17.0064 13732 ws2ifsl - ok
21:47:17.0067 13732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:47:17.0069 13732 wscsvc - ok
21:47:17.0070 13732 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:47:17.0072 13732 WSDPrintDevice - ok
21:47:17.0073 13732 WSearch - ok
21:47:17.0094 13732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:47:17.0112 13732 wuauserv - ok
21:47:17.0115 13732 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:47:17.0117 13732 WudfPf - ok
21:47:17.0120 13732 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:17.0122 13732 WUDFRd - ok
21:47:17.0124 13732 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:47:17.0126 13732 wudfsvc - ok
21:47:17.0129 13732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:47:17.0133 13732 WwanSvc - ok
21:47:17.0136 13732 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:47:17.0137 13732 xusb21 - ok
21:47:17.0144 13732 ================ Scan global ===============================
21:47:17.0148 13732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:47:17.0151 13732 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:47:17.0157 13732 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:47:17.0159 13732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:47:17.0164 13732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:47:17.0166 13732 [Global] - ok
21:47:17.0167 13732 ================ Scan MBR ==================================
21:47:17.0168 13732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:47:17.0220 13732 \Device\Harddisk0\DR0 - ok
21:47:17.0222 13732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:47:17.0228 13732 \Device\Harddisk1\DR1 - ok
21:47:17.0228 13732 ================ Scan VBR ==================================
21:47:17.0229 13732 [ C8A3924FD59FCFDD047EA2222A9BB0F8 ] \Device\Harddisk0\DR0\Partition1
21:47:17.0230 13732 \Device\Harddisk0\DR0\Partition1 - ok
21:47:17.0231 13732 [ EA0D094C5E13453383C86151C1C12FD4 ] \Device\Harddisk0\DR0\Partition2
21:47:17.0232 13732 \Device\Harddisk0\DR0\Partition2 - ok
21:47:17.0234 13732 [ F738471AE7D0F6B1067019E8403FED28 ] \Device\Harddisk1\DR1\Partition1
21:47:17.0238 13732 \Device\Harddisk1\DR1\Partition1 - ok
21:47:17.0238 13732 ============================================================
21:47:17.0238 13732 Scan finished
21:47:17.0238 13732 ============================================================
21:47:17.0242 17008 Detected object count: 0
21:47:17.0242 17008 Actual detected object count: 0
21:47:28.0832 15344 ============================================================
21:47:28.0832 15344 Scan started
21:47:28.0832 15344 Mode: Manual;
21:47:28.0832 15344 ============================================================
21:47:28.0909 15344 ================ Scan system memory ========================
21:47:28.0909 15344 System memory - ok
21:47:28.0909 15344 ================ Scan services =============================
21:47:28.0934 15344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:47:28.0935 15344 1394ohci - ok
21:47:28.0940 15344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:47:28.0941 15344 ACPI - ok
21:47:28.0943 15344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:47:28.0943 15344 AcpiPmi - ok
21:47:28.0957 15344 [ DB60662DF272B991449C72CA9B54B5A6 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:47:28.0961 15344 AcrSch2Svc - ok
21:47:28.0964 15344 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:47:28.0965 15344 AdobeARMservice - ok
21:47:28.0981 15344 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:47:28.0982 15344 AdobeFlashPlayerUpdateSvc - ok
21:47:28.0988 15344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:47:28.0989 15344 adp94xx - ok
21:47:28.0995 15344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:47:28.0996 15344 adpahci - ok
21:47:28.0999 15344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:47:29.0000 15344 adpu320 - ok
21:47:29.0003 15344 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
21:47:29.0003 15344 ADVService - ok
21:47:29.0006 15344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:47:29.0006 15344 AeLookupSvc - ok
21:47:29.0011 15344 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
21:47:29.0012 15344 afcdp - ok
21:47:29.0044 15344 [ ED8B4CF3357DE01F8060D206254648C9 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
21:47:29.0054 15344 afcdpsrv - ok
21:47:29.0060 15344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:47:29.0062 15344 AFD - ok
21:47:29.0064 15344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:47:29.0065 15344 agp440 - ok
21:47:29.0088 15344 [ 5632D6944A69B351D6CB2F1C70A65E21 ] Akamai c:\program files (x86)\common files\akamai\netsession_win_5632d69.dll
21:47:29.0096 15344 Akamai - ok
21:47:29.0100 15344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:47:29.0100 15344 ALG - ok
21:47:29.0102 15344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:47:29.0102 15344 aliide - ok
21:47:29.0123 15344 ALSysIO - ok
21:47:29.0126 15344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:47:29.0126 15344 amdide - ok
21:47:29.0128 15344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:47:29.0129 15344 AmdK8 - ok
21:47:29.0131 15344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:47:29.0131 15344 AmdPPM - ok
21:47:29.0133 15344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:47:29.0134 15344 amdsata - ok
21:47:29.0137 15344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:47:29.0138 15344 amdsbs - ok
21:47:29.0140 15344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:47:29.0140 15344 amdxata - ok
21:47:29.0142 15344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:47:29.0142 15344 AppID - ok
21:47:29.0144 15344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:47:29.0145 15344 AppIDSvc - ok
21:47:29.0147 15344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:47:29.0148 15344 Appinfo - ok
21:47:29.0152 15344 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:47:29.0152 15344 Apple Mobile Device - ok
21:47:29.0155 15344 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:47:29.0156 15344 AppMgmt - ok
21:47:29.0159 15344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:47:29.0159 15344 arc - ok
21:47:29.0161 15344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:47:29.0162 15344 arcsas - ok
21:47:29.0176 15344 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
21:47:29.0176 15344 ASInsHelp - ok
21:47:29.0179 15344 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:47:29.0179 15344 AsIO - ok
21:47:29.0189 15344 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:47:29.0189 15344 aspnet_state - ok
21:47:29.0192 15344 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
21:47:29.0193 15344 AsSysCtrlService - ok
21:47:29.0195 15344 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
21:47:29.0195 15344 AsUpIO - ok
21:47:29.0197 15344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:29.0197 15344 AsyncMac - ok
21:47:29.0199 15344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:47:29.0200 15344 atapi - ok
21:47:29.0206 15344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:47:29.0208 15344 AudioEndpointBuilder - ok
21:47:29.0216 15344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:47:29.0218 15344 AudioSrv - ok
21:47:29.0221 15344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:47:29.0222 15344 AxInstSV - ok
21:47:29.0227 15344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:47:29.0228 15344 b06bdrv - ok
21:47:29.0233 15344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:47:29.0234 15344 b57nd60a - ok
21:47:29.0238 15344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:47:29.0238 15344 BDESVC - ok
21:47:29.0240 15344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:47:29.0240 15344 Beep - ok
21:47:29.0247 15344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:47:29.0249 15344 BFE - ok
21:47:29.0265 15344 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
21:47:29.0269 15344 BHDrvx64 - ok
21:47:29.0278 15344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:47:29.0281 15344 BITS - ok
21:47:29.0284 15344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:29.0284 15344 blbdrive - ok
21:47:29.0290 15344 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:47:29.0292 15344 Bonjour Service - ok
21:47:29.0295 15344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:47:29.0295 15344 bowser - ok
21:47:29.0297 15344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:29.0297 15344 BrFiltLo - ok
21:47:29.0299 15344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:29.0299 15344 BrFiltUp - ok
21:47:29.0302 15344 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
21:47:29.0302 15344 Bridge - ok
21:47:29.0304 15344 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:47:29.0304 15344 BridgeMP - ok
21:47:29.0307 15344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:47:29.0308 15344 Browser - ok
21:47:29.0312 15344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:47:29.0313 15344 Brserid - ok
21:47:29.0315 15344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:29.0315 15344 BrSerWdm - ok
21:47:29.0317 15344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:29.0317 15344 BrUsbMdm - ok
21:47:29.0319 15344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:29.0320 15344 BrUsbSer - ok
21:47:29.0322 15344 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:47:29.0322 15344 BthEnum - ok
21:47:29.0324 15344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:29.0324 15344 BTHMODEM - ok
21:47:29.0327 15344 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:47:29.0327 15344 BthPan - ok
21:47:29.0333 15344 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:47:29.0335 15344 BTHPORT - ok
21:47:29.0338 15344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:47:29.0338 15344 bthserv - ok
21:47:29.0340 15344 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:47:29.0341 15344 BTHUSB - ok
21:47:29.0342 15344 catchme - ok
21:47:29.0345 15344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:47:29.0345 15344 cdfs - ok
21:47:29.0348 15344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:47:29.0349 15344 cdrom - ok
21:47:29.0351 15344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:47:29.0352 15344 CertPropSvc - ok
21:47:29.0354 15344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:47:29.0354 15344 circlass - ok
21:47:29.0359 15344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:47:29.0360 15344 CLFS - ok
21:47:29.0364 15344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:29.0364 15344 clr_optimization_v2.0.50727_32 - ok
21:47:29.0368 15344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:47:29.0368 15344 clr_optimization_v2.0.50727_64 - ok
21:47:29.0376 15344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:47:29.0377 15344 clr_optimization_v4.0.30319_32 - ok
21:47:29.0385 15344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:47:29.0386 15344 clr_optimization_v4.0.30319_64 - ok
21:47:29.0388 15344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:29.0388 15344 CmBatt - ok
21:47:29.0390 15344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:47:29.0391 15344 cmdide - ok
21:47:29.0396 15344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:47:29.0397 15344 CNG - ok
21:47:29.0400 15344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:47:29.0400 15344 Compbatt - ok
21:47:29.0402 15344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:47:29.0402 15344 CompositeBus - ok
21:47:29.0404 15344 COMSysApp - ok
21:47:29.0425 15344 cpuz130 - ok
21:47:29.0428 15344 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
21:47:29.0428 15344 cpuz134 - ok
21:47:29.0430 15344 cpuz135 - ok
21:47:29.0432 15344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:29.0432 15344 crcdisk - ok
21:47:29.0436 15344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:47:29.0437 15344 CryptSvc - ok
21:47:29.0443 15344 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:47:29.0444 15344 CSC - ok
21:47:29.0452 15344 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:47:29.0454 15344 CscService - ok
21:47:29.0465 15344 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:47:29.0468 15344 cvhsvc - ok
21:47:29.0475 15344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:47:29.0477 15344 DcomLaunch - ok
21:47:29.0482 15344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:47:29.0483 15344 defragsvc - ok
21:47:29.0485 15344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:47:29.0486 15344 DfsC - ok
21:47:29.0490 15344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:47:29.0491 15344 Dhcp - ok
21:47:29.0494 15344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:47:29.0494 15344 discache - ok
21:47:29.0496 15344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:47:29.0496 15344 Disk - ok
21:47:29.0500 15344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:47:29.0500 15344 Dnscache - ok
21:47:29.0504 15344 [ 1C92CE85ED00554BDD118923E751A162 ] Dokan C:\Windows\system32\drivers\dokan.sys
21:47:29.0504 15344 Dokan - ok
21:47:29.0508 15344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:47:29.0509 15344 dot3svc - ok
21:47:29.0512 15344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:47:29.0513 15344 DPS - ok
21:47:29.0515 15344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:47:29.0515 15344 drmkaud - ok
21:47:29.0524 15344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:47:29.0527 15344 DXGKrnl - ok
21:47:29.0531 15344 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
21:47:29.0532 15344 e1yexpress - ok
21:47:29.0535 15344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:47:29.0536 15344 EapHost - ok
21:47:29.0560 15344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:47:29.0570 15344 ebdrv - ok
21:47:29.0576 15344 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:47:29.0578 15344 eeCtrl - ok
21:47:29.0580 15344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:47:29.0581 15344 EFS - ok
21:47:29.0590 15344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:47:29.0592 15344 ehRecvr - ok
21:47:29.0595 15344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:47:29.0595 15344 ehSched - ok
21:47:29.0601 15344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:47:29.0603 15344 elxstor - ok
21:47:29.0606 15344 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:47:29.0607 15344 EraserUtilRebootDrv - ok
21:47:29.0609 15344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:47:29.0609 15344 ErrDev - ok
21:47:29.0616 15344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:47:29.0617 15344 EventSystem - ok
21:47:29.0621 15344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:47:29.0622 15344 exfat - ok
21:47:29.0625 15344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:47:29.0626 15344 fastfat - ok
21:47:29.0633 15344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:47:29.0635 15344 Fax - ok
21:47:29.0637 15344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:47:29.0638 15344 fdc - ok
21:47:29.0640 15344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:47:29.0640 15344 fdPHost - ok
21:47:29.0642 15344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:47:29.0643 15344 FDResPub - ok
21:47:29.0645 15344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:47:29.0645 15344 FileInfo - ok
21:47:29.0647 15344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:47:29.0647 15344 Filetrace - ok
21:47:29.0649 15344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:29.0650 15344 flpydisk - ok
21:47:29.0654 15344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:47:29.0655 15344 FltMgr - ok
21:47:29.0658 15344 [ E94E042BC24BB301767A8125D529B705 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
21:47:29.0658 15344 fltsrv - ok
21:47:29.0668 15344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:47:29.0672 15344 FontCache - ok
21:47:29.0675 15344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:47:29.0675 15344 FontCache3.0.0.0 - ok
21:47:29.0677 15344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:47:29.0678 15344 FsDepends - ok
21:47:29.0680 15344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:47:29.0680 15344 Fs_Rec - ok
21:47:29.0683 15344 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
21:47:29.0684 15344 Futuremark SystemInfo Service - ok
21:47:29.0688 15344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:47:29.0688 15344 fvevol - ok
21:47:29.0691 15344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:29.0691 15344 gagp30kx - ok
21:47:29.0693 15344 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:29.0694 15344 GEARAspiWDM - ok
21:47:29.0701 15344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:47:29.0704 15344 gpsvc - ok
21:47:29.0707 15344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:47:29.0708 15344 gupdate - ok
21:47:29.0710 15344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:47:29.0711 15344 gupdatem - ok
21:47:29.0713 15344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:47:29.0713 15344 hcw85cir - ok
21:47:29.0717 15344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:47:29.0719 15344 HdAudAddService - ok
21:47:29.0721 15344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:29.0722 15344 HDAudBus - ok
21:47:29.0724 15344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:47:29.0724 15344 HidBatt - ok
21:47:29.0726 15344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:47:29.0727 15344 HidBth - ok
21:47:29.0729 15344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:47:29.0729 15344 HidIr - ok
21:47:29.0731 15344 [ 3CC53BC405F609F61D4A879F3E7EBC4A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
21:47:29.0731 15344 hidkmdf - ok
21:47:29.0733 15344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:47:29.0734 15344 hidserv - ok
21:47:29.0736 15344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:47:29.0736 15344 HidUsb - ok
21:47:29.0739 15344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:47:29.0739 15344 hkmsvc - ok
21:47:29.0743 15344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:47:29.0744 15344 HomeGroupListener - ok
21:47:29.0747 15344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:47:29.0749 15344 HomeGroupProvider - ok
21:47:29.0751 15344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:47:29.0752 15344 HpSAMD - ok
21:47:29.0759 15344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:47:29.0761 15344 HTTP - ok
21:47:29.0763 15344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:47:29.0763 15344 hwpolicy - ok
21:47:29.0766 15344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:47:29.0766 15344 i8042prt - ok
21:47:29.0772 15344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:47:29.0773 15344 iaStorV - ok
21:47:29.0782 15344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:47:29.0785 15344 idsvc - ok
21:47:29.0795 15344 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121013.001\IDSvia64.sys
21:47:29.0796 15344 IDSVia64 - ok
21:47:29.0799 15344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:47:29.0799 15344 iirsp - ok
21:47:29.0807 15344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:47:29.0810 15344 IKEEXT - ok
21:47:29.0813 15344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:47:29.0813 15344 intelide - ok
21:47:29.0815 15344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:47:29.0816 15344 intelppm - ok
21:47:29.0818 15344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:47:29.0819 15344 IPBusEnum - ok
21:47:29.0821 15344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:29.0822 15344 IpFilterDriver - ok
21:47:29.0828 15344 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:47:29.0830 15344 iphlpsvc - ok
21:47:29.0833 15344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:47:29.0833 15344 IPMIDRV - ok
21:47:29.0836 15344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:47:29.0836 15344 IPNAT - ok
21:47:29.0846 15344 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:47:29.0848 15344 iPod Service - ok
21:47:29.0851 15344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:47:29.0851 15344 IRENUM - ok
21:47:29.0853 15344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:47:29.0853 15344 isapnp - ok
21:47:29.0857 15344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:47:29.0858 15344 iScsiPrt - ok
21:47:29.0860 15344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:29.0861 15344 kbdclass - ok
21:47:29.0863 15344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:47:29.0863 15344 kbdhid - ok
21:47:29.0865 15344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:47:29.0865 15344 KeyIso - ok
21:47:29.0868 15344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:47:29.0868 15344 KSecDD - ok
21:47:29.0871 15344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:47:29.0872 15344 KSecPkg - ok
21:47:29.0874 15344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:47:29.0874 15344 ksthunk - ok
21:47:29.0878 15344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:47:29.0880 15344 KtmRm - ok
21:47:29.0884 15344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:47:29.0885 15344 LanmanServer - ok
21:47:29.0888 15344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:47:29.0889 15344 LanmanWorkstation - ok
21:47:29.0892 15344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:47:29.0893 15344 lltdio - ok
21:47:29.0897 15344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:47:29.0898 15344 lltdsvc - ok
21:47:29.0900 15344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:47:29.0901 15344 lmhosts - ok
21:47:29.0904 15344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:47:29.0904 15344 LSI_FC - ok
21:47:29.0907 15344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:47:29.0907 15344 LSI_SAS - ok
21:47:29.0909 15344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:47:29.0910 15344 LSI_SAS2 - ok
21:47:29.0912 15344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:47:29.0913 15344 LSI_SCSI - ok
21:47:29.0915 15344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:47:29.0916 15344 luafv - ok
21:47:29.0919 15344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:47:29.0920 15344 Mcx2Svc - ok
21:47:29.0921 15344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:47:29.0922 15344 megasas - ok
21:47:29.0926 15344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:47:29.0927 15344 MegaSR - ok
21:47:29.0929 15344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:47:29.0930 15344 MMCSS - ok
21:47:29.0932 15344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:47:29.0932 15344 Modem - ok
21:47:29.0934 15344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:47:29.0934 15344 monitor - ok
21:47:29.0936 15344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:47:29.0937 15344 mouclass - ok
21:47:29.0939 15344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:47:29.0939 15344 mouhid - ok
21:47:29.0941 15344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:47:29.0942 15344 mountmgr - ok
21:47:29.0945 15344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:47:29.0946 15344 mpio - ok
21:47:29.0948 15344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:47:29.0948 15344 mpsdrv - ok
21:47:29.0956 15344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:47:29.0959 15344 MpsSvc - ok
21:47:29.0962 15344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:47:29.0963 15344 MRxDAV - ok
21:47:29.0966 15344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:29.0967 15344 mrxsmb - ok
21:47:29.0971 15344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:29.0972 15344 mrxsmb10 - ok
21:47:29.0975 15344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:29.0975 15344 mrxsmb20 - ok
21:47:29.0977 15344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:47:29.0977 15344 msahci - ok
21:47:29.0980 15344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:47:29.0981 15344 msdsm - ok
21:47:29.0984 15344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:47:29.0985 15344 MSDTC - ok
21:47:29.0988 15344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:47:29.0988 15344 Msfs - ok
21:47:29.0990 15344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:47:29.0991 15344 mshidkmdf - ok
21:47:29.0992 15344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:47:29.0993 15344 msisadrv - ok
21:47:29.0996 15344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:47:29.0997 15344 MSiSCSI - ok
21:47:29.0998 15344 msiserver - ok
21:47:30.0000 15344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:47:30.0001 15344 MSKSSRV - ok
21:47:30.0002 15344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:30.0003 15344 MSPCLOCK - ok
21:47:30.0004 15344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:47:30.0004 15344 MSPQM - ok
21:47:30.0009 15344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:47:30.0010 15344 MsRPC - ok
21:47:30.0013 15344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:47:30.0013 15344 mssmbios - ok
21:47:30.0016 15344 MSSQL$SQLEXPRESS - ok
21:47:30.0019 15344 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:47:30.0020 15344 MSSQLServerADHelper100 - ok
21:47:30.0021 15344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:47:30.0022 15344 MSTEE - ok
21:47:30.0024 15344 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
21:47:30.0024 15344 msvad_simple - ok
21:47:30.0026 15344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:47:30.0026 15344 MTConfig - ok
21:47:30.0028 15344 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:47:30.0028 15344 MTsensor - ok
21:47:30.0030 15344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:47:30.0030 15344 Mup - ok
21:47:30.0032 15344 [ A906B08944EF1BEC17AE306E9FDB35D0 ] mv2 C:\Windows\system32\DRIVERS\mv2.sys
21:47:30.0033 15344 mv2 - ok
21:47:30.0037 15344 [ 77073C1AF9C0921FF18EE628049BB1A9 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
21:47:30.0038 15344 mv91xx - ok
21:47:30.0044 15344 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
21:47:30.0045 15344 N360 - ok
21:47:30.0050 15344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:47:30.0052 15344 napagent - ok
21:47:30.0057 15344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:47:30.0058 15344 NativeWifiP - ok
21:47:30.0061 15344 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121015.017\ENG64.SYS
21:47:30.0062 15344 NAVENG - ok
21:47:30.0078 15344 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121015.017\EX64.SYS
21:47:30.0085 15344 NAVEX15 - ok
21:47:30.0095 15344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:47:30.0098 15344 NDIS - ok
21:47:30.0100 15344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:30.0100 15344 NdisCap - ok
21:47:30.0102 15344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:30.0102 15344 NdisTapi - ok
21:47:30.0105 15344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:30.0105 15344 Ndisuio - ok
21:47:30.0108 15344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:30.0109 15344 NdisWan - ok
21:47:30.0111 15344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:47:30.0112 15344 NDProxy - ok
21:47:30.0114 15344 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
21:47:30.0114 15344 Netaapl - ok
21:47:30.0116 15344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:47:30.0117 15344 NetBIOS - ok
21:47:30.0120 15344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:47:30.0121 15344 NetBT - ok
21:47:30.0123 15344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:47:30.0124 15344 Netlogon - ok
21:47:30.0128 15344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:47:30.0130 15344 Netman - ok
21:47:30.0138 15344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:30.0138 15344 NetMsmqActivator - ok
21:47:30.0141 15344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:30.0141 15344 NetPipeActivator - ok
21:47:30.0147 15344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:47:30.0149 15344 netprofm - ok
21:47:30.0151 15344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:30.0152 15344 NetTcpActivator - ok
21:47:30.0155 15344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:47:30.0155 15344 NetTcpPortSharing - ok
21:47:30.0157 15344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:47:30.0158 15344 nfrd960 - ok
21:47:30.0162 15344 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:47:30.0163 15344 NlaSvc - ok
21:47:30.0166 15344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:47:30.0166 15344 Npfs - ok
21:47:30.0168 15344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:47:30.0169 15344 nsi - ok
21:47:30.0171 15344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:47:30.0171 15344 nsiproxy - ok
21:47:30.0185 15344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:47:30.0190 15344 Ntfs - ok
21:47:30.0192 15344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:47:30.0192 15344 Null - ok
21:47:30.0195 15344 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:47:30.0195 15344 nusb3hub - ok
21:47:30.0198 15344 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:47:30.0199 15344 nusb3xhc - ok
21:47:30.0202 15344 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:47:30.0203 15344 NVHDA - ok
21:47:30.0298 15344 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:47:30.0335 15344 nvlddmkm - ok
21:47:30.0340 15344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:47:30.0340 15344 nvraid - ok
21:47:30.0344 15344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:47:30.0344 15344 nvstor - ok
21:47:30.0353 15344 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
21:47:30.0356 15344 nvsvc - ok
21:47:30.0367 15344 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:47:30.0371 15344 nvUpdatusService - ok
21:47:30.0374 15344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:47:30.0375 15344 nv_agp - ok
21:47:30.0377 15344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:47:30.0377 15344 ohci1394 - ok
21:47:30.0380 15344 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:47:30.0381 15344 ose - ok
21:47:30.0417 15344 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:47:30.0431 15344 osppsvc - ok
21:47:30.0436 15344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:47:30.0438 15344 p2pimsvc - ok
21:47:30.0443 15344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:47:30.0445 15344 p2psvc - ok
21:47:30.0448 15344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:47:30.0449 15344 Parport - ok
21:47:30.0451 15344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:47:30.0451 15344 partmgr - ok
21:47:30.0454 15344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:47:30.0456 15344 PcaSvc - ok
21:47:30.0459 15344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:47:30.0460 15344 pci - ok
21:47:30.0462 15344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:47:30.0462 15344 pciide - ok
21:47:30.0465 15344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:30.0466 15344 pcmcia - ok
21:47:30.0468 15344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:47:30.0469 15344 pcw - ok
21:47:30.0475 15344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:47:30.0477 15344 PEAUTH - ok
21:47:30.0489 15344 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:47:30.0494 15344 PeerDistSvc - ok
21:47:30.0510 15344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:47:30.0510 15344 PerfHost - ok
21:47:30.0525 15344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:47:30.0529 15344 pla - ok
21:47:30.0535 15344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:47:30.0537 15344 PlugPlay - ok
21:47:30.0539 15344 PnkBstrA - ok
21:47:30.0541 15344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:47:30.0542 15344 PNRPAutoReg - ok
21:47:30.0546 15344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:47:30.0548 15344 PNRPsvc - ok
21:47:30.0554 15344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:47:30.0556 15344 PolicyAgent - ok
21:47:30.0560 15344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:47:30.0562 15344 Power - ok
21:47:30.0564 15344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:47:30.0565 15344 PptpMiniport - ok
21:47:30.0567 15344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:47:30.0567 15344 Processor - ok
21:47:30.0571 15344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:47:30.0572 15344 ProfSvc - ok
21:47:30.0574 15344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:47:30.0574 15344 ProtectedStorage - ok
21:47:30.0577 15344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:47:30.0578 15344 Psched - ok
21:47:30.0590 15344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:47:30.0595 15344 ql2300 - ok
21:47:30.0598 15344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:47:30.0598 15344 ql40xx - ok
21:47:30.0602 15344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:47:30.0604 15344 QWAVE - ok
21:47:30.0606 15344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:47:30.0606 15344 QWAVEdrv - ok
21:47:30.0608 15344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:47:30.0608 15344 RasAcd - ok
21:47:30.0611 15344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:30.0611 15344 RasAgileVpn - ok
21:47:30.0613 15344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:47:30.0615 15344 RasAuto - ok
21:47:30.0617 15344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:30.0618 15344 Rasl2tp - ok
21:47:30.0622 15344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:47:30.0624 15344 RasMan - ok
21:47:30.0626 15344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:30.0627 15344 RasPppoe - ok
21:47:30.0629 15344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:47:30.0630 15344 RasSstp - ok
21:47:30.0634 15344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:47:30.0635 15344 rdbss - ok
21:47:30.0637 15344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:30.0637 15344 rdpbus - ok
21:47:30.0639 15344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:30.0639 15344 RDPCDD - ok
21:47:30.0643 15344 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:47:30.0644 15344 RDPDR - ok
21:47:30.0645 15344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:47:30.0646 15344 RDPENCDD - ok
21:47:30.0648 15344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:47:30.0648 15344 RDPREFMP - ok
21:47:30.0652 15344 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:47:30.0652 15344 RdpVideoMiniport - ok
21:47:30.0655 15344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:47:30.0656 15344 RDPWD - ok
21:47:30.0660 15344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:47:30.0660 15344 rdyboost - ok
21:47:30.0663 15344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:47:30.0664 15344 RemoteAccess - ok
21:47:30.0666 15344 [ BFA4873CD96D7144DC0059A70E1E358F ] RemoteControl-USBLAN C:\Windows\system32\DRIVERS\rcblan.sys
21:47:30.0666 15344 RemoteControl-USBLAN - ok
21:47:30.0669 15344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:47:30.0671 15344 RemoteRegistry - ok
21:47:30.0674 15344 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:47:30.0674 15344 RFCOMM - ok
21:47:30.0677 15344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:47:30.0678 15344 RpcEptMapper - ok
21:47:30.0680 15344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:47:30.0680 15344 RpcLocator - ok
21:47:30.0686 15344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:47:30.0688 15344 RpcSs - ok
21:47:30.0693 15344 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
21:47:30.0694 15344 RsFx0103 - ok
21:47:30.0696 15344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:47:30.0697 15344 rspndr - ok
21:47:30.0699 15344 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:47:30.0699 15344 s3cap - ok
21:47:30.0701 15344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:47:30.0702 15344 SamSs - ok
21:47:30.0704 15344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:47:30.0705 15344 sbp2port - ok
21:47:30.0708 15344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:47:30.0709 15344 SCardSvr - ok
21:47:30.0711 15344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:47:30.0712 15344 scfilter - ok
21:47:30.0721 15344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:47:30.0725 15344 Schedule - ok
21:47:30.0728 15344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:47:30.0728 15344 SCPolicySvc - ok
21:47:30.0731 15344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:47:30.0733 15344 SDRSVC - ok
21:47:30.0735 15344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:47:30.0735 15344 secdrv - ok
21:47:30.0737 15344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:47:30.0738 15344 seclogon - ok
21:47:30.0740 15344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:47:30.0741 15344 SENS - ok
21:47:30.0743 15344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:47:30.0744 15344 SensrSvc - ok
21:47:30.0746 15344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:47:30.0746 15344 Serenum - ok
21:47:30.0748 15344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:47:30.0749 15344 Serial - ok
21:47:30.0751 15344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:47:30.0751 15344 sermouse - ok
21:47:30.0756 15344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:47:30.0758 15344 SessionEnv - ok
21:47:30.0759 15344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:47:30.0760 15344 sffdisk - ok
21:47:30.0762 15344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:47:30.0762 15344 sffp_mmc - ok
21:47:30.0764 15344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:47:30.0764 15344 sffp_sd - ok
21:47:30.0766 15344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:47:30.0766 15344 sfloppy - ok
21:47:30.0773 15344 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:47:30.0776 15344 Sftfs - ok
21:47:30.0782 15344 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:47:30.0784 15344 sftlist - ok
21:47:30.0788 15344 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:47:30.0789 15344 Sftplay - ok
21:47:30.0791 15344 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:47:30.0792 15344 Sftredir - ok
21:47:30.0794 15344 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:47:30.0794 15344 Sftvol - ok
21:47:30.0797 15344 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:47:30.0798 15344 sftvsa - ok
21:47:30.0802 15344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:47:30.0804 15344 SharedAccess - ok
21:47:30.0808 15344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:47:30.0810 15344 ShellHWDetection - ok
21:47:30.0812 15344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:47:30.0813 15344 SiSRaid2 - ok
21:47:30.0815 15344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:47:30.0816 15344 SiSRaid4 - ok
21:47:30.0819 15344 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:47:30.0820 15344 SkypeUpdate - ok
21:47:30.0821 15344 SliceDisk5 - ok
21:47:30.0824 15344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:47:30.0824 15344 Smb - ok
21:47:30.0827 15344 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
21:47:30.0827 15344 SMR311 - ok
21:47:30.0833 15344 [ BBFB94699C8C265A6AF5FD51BDE26DFC ] snapman C:\Windows\system32\DRIVERS\snapman.sys
21:47:30.0834 15344 snapman - ok
21:47:30.0836 15344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:47:30.0837 15344 SNMPTRAP - ok
21:47:30.0839 15344 [ F9369327409492097B0BB7CE86BD29DE ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
21:47:30.0840 15344 Soluto - ok
21:47:30.0847 15344 [ 3971E30B64AF2EF61F8F68E41586517B ] SolutoService C:\Program Files\Soluto\SolutoService.exe
21:47:30.0849 15344 SolutoService - ok
21:47:30.0851 15344 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
21:47:30.0852 15344 speedfan - ok
21:47:30.0854 15344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:47:30.0854 15344 spldr - ok
21:47:30.0860 15344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:47:30.0862 15344 Spooler - ok
21:47:30.0890 15344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:47:30.0900 15344 sppsvc - ok
21:47:30.0903 15344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:47:30.0904 15344 sppuinotify - ok
21:47:30.0905 15344 sptd - ok
21:47:30.0913 15344 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:47:30.0914 15344 SQLAgent$SQLEXPRESS - ok
21:47:30.0918 15344 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:47:30.0919 15344 SQLBrowser - ok
21:47:30.0923 15344 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:47:30.0923 15344 SQLWriter - ok
21:47:30.0931 15344 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
21:47:30.0933 15344 SRTSP - ok
21:47:30.0936 15344 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
21:47:30.0936 15344 SRTSPX - ok
21:47:30.0941 15344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:47:30.0943 15344 srv - ok
21:47:30.0949 15344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:47:30.0950 15344 srv2 - ok
21:47:30.0953 15344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:47:30.0954 15344 srvnet - ok
21:47:30.0957 15344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:47:30.0959 15344 SSDPSRV - ok
21:47:30.0961 15344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:47:30.0962 15344 SstpSvc - ok
21:47:30.0964 15344 Steam Client Service - ok
21:47:30.0969 15344 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:47:30.0970 15344 Stereo Service - ok
21:47:30.0973 15344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:47:30.0973 15344 stexstor - ok
21:47:30.0975 15344 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:47:30.0975 15344 StillCam - ok
21:47:30.0981 15344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:47:30.0984 15344 stisvc - ok
21:47:30.0986 15344 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:47:30.0987 15344 storflt - ok
21:47:30.0989 15344 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:47:30.0989 15344 storvsc - ok
21:47:30.0991 15344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:47:30.0991 15344 swenum - ok
21:47:30.0997 15344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:47:30.0999 15344 swprv - ok
21:47:31.0005 15344 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
21:47:31.0007 15344 SymDS - ok
21:47:31.0015 15344 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
21:47:31.0018 15344 SymEFA - ok
21:47:31.0022 15344 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:47:31.0023 15344 SymEvent - ok
21:47:31.0026 15344 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
21:47:31.0027 15344 SymIRON - ok
21:47:31.0032 15344 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
21:47:31.0033 15344 SymNetS - ok
21:47:31.0086 15344 [ D9C742A07E8C500B9497ABDDFD118D07 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
21:47:31.0103 15344 syncagentsrv - ok
21:47:31.0105 15344 Synth3dVsc - ok
21:47:31.0119 15344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:47:31.0125 15344 SysMain - ok
21:47:31.0128 15344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:47:31.0129 15344 TabletInputService - ok
21:47:31.0190 15344 [ 17A341D41F30FEA2EFF7223148899FEC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
21:47:31.0214 15344 TabletServiceWacom - ok
21:47:31.0220 15344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:47:31.0221 15344 TapiSrv - ok
21:47:31.0224 15344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:47:31.0225 15344 TBS - ok
21:47:31.0240 15344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:47:31.0245 15344 Tcpip - ok
21:47:31.0262 15344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:47:31.0267 15344 TCPIP6 - ok
21:47:31.0271 15344 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:47:31.0271 15344 tcpipreg - ok
21:47:31.0274 15344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:47:31.0274 15344 TDPIPE - ok
21:47:31.0287 15344 [ 9C1A823D4E729C965167B6E71E984296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
21:47:31.0290 15344 tdrpman - ok
21:47:31.0301 15344 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
21:47:31.0305 15344 tdrpman273 - ok
21:47:31.0307 15344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:47:31.0308 15344 TDTCP - ok
21:47:31.0310 15344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:47:31.0311 15344 tdx - ok
21:47:31.0313 15344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:47:31.0313 15344 TermDD - ok
21:47:31.0320 15344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:47:31.0323 15344 TermService - ok
21:47:31.0325 15344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:47:31.0326 15344 Themes - ok
21:47:31.0329 15344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:47:31.0329 15344 THREADORDER - ok
21:47:31.0339 15344 [ 990447334615A0DB84F620E1426DCFE0 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
21:47:31.0342 15344 timounter - ok
21:47:31.0345 15344 [ DE0D1F435F1DE2ED0102152E9BF70FA6 ] tmbulk C:\Windows\system32\Drivers\tmbulk.sys
21:47:31.0345 15344 tmbulk - ok
21:47:31.0347 15344 [ 2867DEC7A25DCF98CA65BBDCEDA0A78E ] TmBusEn C:\Windows\system32\DRIVERS\TmBusEn.sys
21:47:31.0348 15344 TmBusEn - ok
21:47:31.0350 15344 [ C0C94A84AF75661E951AEAC04F044351 ] TmFilter C:\Windows\system32\DRIVERS\TmFilter.sys
21:47:31.0350 15344 TmFilter - ok
21:47:31.0352 15344 [ 59F698C8B9D9BBB84F3499A92C4B53E7 ] TmHid C:\Windows\system32\DRIVERS\TmHid.sys
21:47:31.0352 15344 TmHid - ok
21:47:31.0358 15344 [ B578F7E7914E7D9EB161032A613DE3BD ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:47:31.0358 15344 TOSHIBA Bluetooth Service - ok
21:47:31.0361 15344 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
21:47:31.0361 15344 tosporte - ok
21:47:31.0366 15344 [ 1B09357180034639E62CF745E77AC66E ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
21:47:31.0367 15344 tosrfbd - ok
21:47:31.0369 15344 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
21:47:31.0369 15344 tosrfbnp - ok
21:47:31.0372 15344 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
21:47:31.0372 15344 Tosrfcom - ok
21:47:31.0374 15344 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
21:47:31.0375 15344 Tosrfhid - ok
21:47:31.0377 15344 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
21:47:31.0377 15344 tosrfnds - ok
21:47:31.0379 15344 [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
21:47:31.0380 15344 TosRfSnd - ok
21:47:31.0382 15344 [ FC88BAF46FF87D2BC80F8B0F0322D84A ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
21:47:31.0382 15344 Tosrfusb - ok
21:47:31.0388 15344 [ A15A789141C74AAD7971FBCB4847A593 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
21:47:31.0390 15344 TouchServiceWacom - ok
21:47:31.0393 15344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:47:31.0394 15344 TrkWks - ok
21:47:31.0397 15344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:47:31.0398 15344 TrustedInstaller - ok
21:47:31.0401 15344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:31.0401 15344 tssecsrv - ok
21:47:31.0404 15344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:47:31.0404 15344 TsUsbFlt - ok
21:47:31.0405 15344 tsusbhub - ok
21:47:31.0408 15344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:47:31.0409 15344 tunnel - ok
21:47:31.0411 15344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:47:31.0412 15344 uagp35 - ok
21:47:31.0416 15344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:47:31.0417 15344 udfs - ok
21:47:31.0421 15344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:47:31.0422 15344 UI0Detect - ok
21:47:31.0424 15344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:47:31.0425 15344 uliagpkx - ok
21:47:31.0427 15344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:47:31.0427 15344 umbus - ok
21:47:31.0429 15344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:47:31.0429 15344 UmPass - ok
21:47:31.0433 15344 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:47:31.0434 15344 UmRdpService - ok
21:47:31.0436 15344 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
21:47:31.0436 15344 UnsignedThemes - ok
21:47:31.0441 15344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:47:31.0442 15344 upnphost - ok
21:47:31.0445 15344 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:47:31.0445 15344 USBAAPL64 - ok
21:47:31.0448 15344 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:47:31.0448 15344 usbaudio - ok
21:47:31.0451 15344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:31.0451 15344 usbccgp - ok
21:47:31.0454 15344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:47:31.0454 15344 usbcir - ok
21:47:31.0456 15344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:47:31.0457 15344 usbehci - ok
21:47:31.0461 15344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:47:31.0462 15344 usbhub - ok
21:47:31.0464 15344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:47:31.0465 15344 usbohci - ok
21:47:31.0467 15344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:47:31.0467 15344 usbprint - ok
21:47:31.0469 15344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:31.0470 15344 USBSTOR - ok
21:47:31.0472 15344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:47:31.0472 15344 usbuhci - ok
21:47:31.0489 15344 [ 79A9850AEDCE95C1218C8FDB19E7F8CC ] uvnc_service C:\Program Files\UltraVNC\WinVNC.exe
21:47:31.0496 15344 uvnc_service - ok
21:47:31.0498 15344 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys
21:47:31.0498 15344 uxpatch - ok
21:47:31.0500 15344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:47:31.0502 15344 UxSms - ok
21:47:31.0503 15344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:47:31.0504 15344 VaultSvc - ok
21:47:31.0506 15344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:47:31.0506 15344 vdrvroot - ok
21:47:31.0512 15344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:47:31.0515 15344 vds - ok
21:47:31.0517 15344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:31.0517 15344 vga - ok
21:47:31.0519 15344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:47:31.0520 15344 VgaSave - ok
21:47:31.0521 15344 VGPU - ok
21:47:31.0525 15344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:47:31.0526 15344 vhdmp - ok
21:47:31.0528 15344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:47:31.0528 15344 viaide - ok
21:47:31.0532 15344 [ EE12FAFFDD1FB13BE0D6EF67CB0D1617 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
21:47:31.0532 15344 vididr - ok
21:47:31.0535 15344 [ 2DFD1EB9DE564460003DE1605A275E8D ] vidsflt61 C:\Windows\system32\DRIVERS\vsflt61.sys
21:47:31.0536 15344 vidsflt61 - ok
21:47:31.0540 15344 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:47:31.0540 15344 vmbus - ok
21:47:31.0542 15344 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:47:31.0543 15344 VMBusHID - ok
21:47:31.0545 15344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:47:31.0545 15344 volmgr - ok
21:47:31.0550 15344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:47:31.0551 15344 volmgrx - ok
21:47:31.0555 15344 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:47:31.0556 15344 volsnap - ok
21:47:31.0560 15344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:47:31.0560 15344 vsmraid - ok
21:47:31.0573 15344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:47:31.0579 15344 VSS - ok
21:47:31.0581 15344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:47:31.0581 15344 vwifibus - ok
21:47:31.0587 15344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:47:31.0589 15344 W32Time - ok
21:47:31.0592 15344 [ 7CB1898A29188FB8DB102406EF0D8D9E ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
21:47:31.0593 15344 WacHidRouter - ok
21:47:31.0595 15344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:47:31.0595 15344 WacomPen - ok
21:47:31.0597 15344 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
21:47:31.0597 15344 wacomrouterfilter - ok
21:47:31.0599 15344 wacomvhid - ok
21:47:31.0601 15344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:47:31.0602 15344 WANARP - ok
21:47:31.0604 15344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:47:31.0604 15344 Wanarpv6 - ok
21:47:31.0615 15344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:47:31.0618 15344 WatAdminSvc - ok
21:47:31.0632 15344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:47:31.0637 15344 wbengine - ok
21:47:31.0641 15344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:47:31.0643 15344 WbioSrvc - ok
21:47:31.0647 15344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:47:31.0649 15344 wcncsvc - ok
21:47:31.0652 15344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:47:31.0653 15344 WcsPlugInService - ok
21:47:31.0655 15344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:47:31.0655 15344 Wd - ok
21:47:31.0661 15344 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:47:31.0663 15344 Wdf01000 - ok
21:47:31.0666 15344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:47:31.0667 15344 WdiServiceHost - ok
21:47:31.0669 15344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:47:31.0671 15344 WdiSystemHost - ok
21:47:31.0674 15344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:47:31.0676 15344 WebClient - ok
21:47:31.0679 15344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:47:31.0681 15344 Wecsvc - ok
21:47:31.0683 15344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:47:31.0685 15344 wercplsupport - ok
21:47:31.0687 15344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:47:31.0688 15344 WerSvc - ok
21:47:31.0690 15344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:31.0690 15344 WfpLwf - ok
21:47:31.0692 15344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:47:31.0692 15344 WIMMount - ok
21:47:31.0694 15344 WinDefend - ok
21:47:31.0697 15344 WinHttpAutoProxySvc - ok
21:47:31.0704 15344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:47:31.0705 15344 Winmgmt - ok
21:47:31.0707 15344 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\RealTemp\WinRing0x64.sys
21:47:31.0707 15344 WinRing0_1_2_0 - ok
21:47:31.0723 15344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:47:31.0730 15344 WinRM - ok
21:47:31.0734 15344 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:47:31.0734 15344 WinUsb - ok
21:47:31.0743 15344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:47:31.0746 15344 Wlansvc - ok
21:47:31.0765 15344 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:47:31.0771 15344 wlidsvc - ok
21:47:31.0774 15344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:47:31.0774 15344 WmiAcpi - ok
21:47:31.0778 15344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:47:31.0779 15344 wmiApSrv - ok
21:47:31.0781 15344 WMPNetworkSvc - ok
21:47:31.0783 15344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:47:31.0784 15344 WPCSvc - ok
21:47:31.0787 15344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:47:31.0788 15344 WPDBusEnum - ok
21:47:31.0790 15344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:47:31.0790 15344 ws2ifsl - ok
21:47:31.0793 15344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:47:31.0794 15344 wscsvc - ok
21:47:31.0796 15344 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:47:31.0796 15344 WSDPrintDevice - ok
21:47:31.0798 15344 WSearch - ok
21:47:31.0818 15344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:47:31.0826 15344 wuauserv - ok
21:47:31.0829 15344 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:47:31.0830 15344 WudfPf - ok
21:47:31.0833 15344 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:31.0834 15344 WUDFRd - ok
21:47:31.0837 15344 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:47:31.0838 15344 wudfsvc - ok
21:47:31.0842 15344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:47:31.0844 15344 WwanSvc - ok
21:47:31.0847 15344 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:47:31.0848 15344 xusb21 - ok
21:47:31.0855 15344 ================ Scan global ===============================
21:47:31.0857 15344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:47:31.0860 15344 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:47:31.0864 15344 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:47:31.0867 15344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:47:31.0872 15344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:47:31.0874 15344 [Global] - ok
21:47:31.0874 15344 ================ Scan MBR ==================================
21:47:31.0875 15344 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:47:31.0928 15344 \Device\Harddisk0\DR0 - ok
21:47:31.0929 15344 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:47:31.0935 15344 \Device\Harddisk1\DR1 - ok
21:47:31.0935 15344 ================ Scan VBR ==================================
21:47:31.0936 15344 [ C8A3924FD59FCFDD047EA2222A9BB0F8 ] \Device\Harddisk0\DR0\Partition1
21:47:31.0937 15344 \Device\Harddisk0\DR0\Partition1 - ok
21:47:31.0938 15344 [ EA0D094C5E13453383C86151C1C12FD4 ] \Device\Harddisk0\DR0\Partition2
21:47:31.0939 15344 \Device\Harddisk0\DR0\Partition2 - ok
21:47:31.0940 15344 [ F738471AE7D0F6B1067019E8403FED28 ] \Device\Harddisk1\DR1\Partition1
21:47:31.0945 15344 \Device\Harddisk1\DR1\Partition1 - ok
21:47:31.0945 15344 ============================================================
21:47:31.0945 15344 Scan finished
21:47:31.0945 15344 ============================================================
21:47:31.0948 9360 Detected object count: 0
21:47:31.0948 9360 Actual detected object count: 0


aswMBR
-------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 22:12:50
-----------------------------
22:12:50.386 OS Version: Windows x64 6.1.7601 Service Pack 1
22:12:50.386 Number of processors: 8 586 0x1A05
22:12:50.386 ComputerName: SHARON UserName: Albert
22:12:50.661 Initialize success
22:12:55.417 AVAST engine defs: 12101501
22:12:57.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:12:57.460 Disk 0 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 8
22:12:57.461 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
22:12:57.462 Disk 1 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
22:12:57.485 Disk 0 MBR read successfully
22:12:57.487 Disk 0 MBR scan
22:12:57.489 Disk 0 Windows 7 default MBR code
22:12:57.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:12:57.523 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
22:12:57.590 Disk 0 scanning C:\Windows\system32\drivers
22:13:22.365 Service scanning
22:13:32.779 Modules scanning
22:13:32.783 Disk 0 trace - called modules:
22:13:32.800 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys iaStorV.sys hal.dll
22:13:32.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077ab790]
22:13:32.805 3 CLASSPNP.SYS[fffff880021c243f] -> nt!IofCallDriver -> [0xfffffa80076a0b30]
22:13:32.807 5 vsflt61.sys[fffff88000e120fd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800646c050]
22:13:33.649 AVAST engine scan C:\Windows
22:13:42.897 AVAST engine scan C:\Windows\system32
22:21:38.758 AVAST engine scan C:\Windows\system32\drivers
22:22:04.949 AVAST engine scan C:\Users\Albert
22:27:40.981 Disk 0 MBR has been saved successfully to "C:\Users\Albert\Desktop\bleeping2\MBR.dat"
22:27:40.983 The log file has been saved successfully to "C:\Users\Albert\Desktop\bleeping2\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 October 2012 - 12:48 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TaylorMonkey

TaylorMonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 16 October 2012 - 08:50 AM

Computer seems to be running okay

ComboFix log
---------------------
ComboFix 12-10-16.02 - Albert 10/15/2012 23:01:32.12.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.2515 [GMT -7:00]
Running from: c:\users\Albert\Desktop\ComboFix.exe
Command switches used :: c:\users\Albert\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Albert\AppData\Local\Temp\sfamcc00001.dll
c:\users\Albert\AppData\Local\Temp\sfareca00001.dll
c:\windows\SysWow64\msstdfmt.dll
c:\windows\TEMP\~731F.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 06:05 . 2012-10-16 06:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-16 06:05 . 2012-10-16 06:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-16 06:05 . 2012-10-16 06:05 -------- d-----w- c:\users\Mcx1-SHARON\AppData\Local\temp
2012-10-16 06:05 . 2012-10-16 06:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 06:31 . 2012-10-14 07:03 -------- d-----w- c:\users\Albert\AppData\Local\ArmA 2 OA
2012-10-14 06:30 . 2012-10-14 06:40 -------- d-----w- c:\users\Albert\AppData\Local\DayZCommander
2012-10-13 07:56 . 2012-10-13 07:56 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-10-12 18:28 . 2012-10-12 18:28 -------- d-----w- c:\windows\rescache
2012-10-06 04:46 . 2012-10-06 04:46 -------- d-----w- C:\temp
2012-10-04 05:18 . 2012-10-04 05:18 -------- d-----w- c:\program files (x86)\Audacity
2012-09-29 09:11 . 2012-09-29 09:12 -------- d-----w- c:\programdata\MediaBrowser - Copy
2012-09-28 10:07 . 2010-11-20 13:26 381440 ----a-w- c:\windows\system32\mfds.dll.bak
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-30 1263200]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-02-20 211040]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-02-20 142944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121013.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-02-20 3450832]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-31 12:05]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 04:13]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 04:13]
.
.
--------- X64 Entries -----------
.
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{219A23FE-376B-483E-9903-38E3F4EA38C9}: NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{FBB473DD-4346-476E-A800-AB6CF6AD9E0D}: NameServer = 172.26.38.1,172.26.38.2
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
.
**************************************************************************
.
Completion time: 2012-10-15 23:58:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 06:58
ComboFix2.txt 2012-10-14 06:24
ComboFix3.txt 2012-06-18 09:56
ComboFix4.txt 2012-06-18 09:11
ComboFix5.txt 2012-10-16 06:00
.
Pre-Run: 4,805,791,744 bytes free
Post-Run: 6,729,572,352 bytes free
.
- - End Of File - - B11E4E49B628887D45A62E34271C202A

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 October 2012 - 12:59 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 TaylorMonkey

TaylorMonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 16 October 2012 - 09:21 PM

Computer seems fine so far.


MBAM log
--------------
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16443
Albert :: SHARON [administrator]

10/16/2012 7:08:41 PM
mbam-log-2012-10-16 (19-08-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251299
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HijackThis log
-----------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:32 PM, on 10/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
D:\Program Files (x86)\EVEMon\EVEMon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\Albert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Albert\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [EVEMon] "D:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Albert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-21-2965207904-3687551737-26708310-1014\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2965207904-3687551737-26708310-1014\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: myPhoneDesktop.lnk = C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928
O17 - HKLM\System\CCS\Services\Tcpip\..\{219A23FE-376B-483E-9903-38E3F4EA38C9}: NameServer = 75.75.75.75,75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBB473DD-4346-476E-A800-AB6CF6AD9E0D}: NameServer = 172.26.38.1,172.26.38.2
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15291 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 16 October 2012 - 09:42 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Albert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKUS\S-1-5-21-2965207904-3687551737-26708310-1014\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2965207904-3687551737-26708310-1014\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Dropbox.lnk = Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: myPhoneDesktop.lnk = C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
      O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 18 October 2012 - 11:21 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 22 October 2012 - 12:10 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:51 PM

Posted 26 October 2012 - 11:08 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users