Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost trojan.agent


  • This topic is locked This topic is locked
13 replies to this topic

#1 raviss

raviss

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 November 2012 - 10:26 AM

I ran MBAM and it says it found a rootkit and Trojan and it has deleted it. After I reboot, it comes back. On reboot MBAM gives a message that it is blocking something. I run MBAM and it is still there. The only symptom I have is that the computer is slow and I see constant activity on the HD.

MBAM Log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.11.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ravi :: ACCOUNTSVOSTRO [administrator]

Protection: Enabled

11/11/2012 7:13:11 AM
mbam-log-2012-11-11 (07-13-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212572
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4240 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\ravi\AppData\Local\Temp\3A56.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by ravi at 10:14:24 on 2012-11-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4046 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Quicken\qw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.my.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A46790A4-E239-4436-9CE0-995D03E159B5} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: PCANotify - PCANotify.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ravi\AppData\Roaming\Mozilla\Firefox\Profiles\gzh4c3v7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-2-3 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-2-3 15920]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-5-7 101688]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121109.001\IDSviA64.sys [2012-11-9 513184]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-23 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-1 405624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-4-20 21992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-11 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-11 676936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-9-24 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-9-24 68928]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-10 138912]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-2-11 327704]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-11 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-22 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
.
=============== Created Last 30 ================
.
2012-11-11 14:26:56 20480 ----a-w- C:\Windows\svchost.exe
2012-11-11 14:13:06 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-11 13:54:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-11 12:12:23 -------- d-----w- C:\Users\ravi\AppData\Roaming\Malwarebytes
2012-11-11 12:12:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-11 12:12:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-11 12:12:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-29 22:48:31 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-29 22:48:31 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M ====================
.
2012-11-05 02:27:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-05 02:27:52 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-22 20:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 10:15:16.72 ===============

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 11 November 2012 - 11:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 November 2012 - 12:27 PM

Nasdaq,
Thankyou for the quick reply. I ran TDSSKiller and the report is below. After reboot, it automatically came up with TDSSKiller, and I scanned it again. Then I ran aswMBR, but it caused BSOD. I don't know where it stopped, so ran a 2nd time. It was done with drivers and services. It was scanning c:\windows\system32. I looked away for a moment and I got BSOD.

11:38:53.0530 5372 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:38:54.0294 5372 ============================================================
11:38:54.0294 5372 Current date / time: 2012/11/11 11:38:54.0294
11:38:54.0294 5372 SystemInfo:
11:38:54.0294 5372
11:38:54.0294 5372 OS Version: 6.1.7601 ServicePack: 1.0
11:38:54.0294 5372 Product type: Workstation
11:38:54.0294 5372 ComputerName: ACCOUNTSVOSTRO
11:38:54.0294 5372 UserName: ravi
11:38:54.0294 5372 Windows directory: C:\Windows
11:38:54.0294 5372 System windows directory: C:\Windows
11:38:54.0294 5372 Running under WOW64
11:38:54.0294 5372 Processor architecture: Intel x64
11:38:54.0294 5372 Number of processors: 2
11:38:54.0294 5372 Page size: 0x1000
11:38:54.0294 5372 Boot type: Normal boot
11:38:54.0294 5372 ============================================================
11:38:55.0854 5372 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:55.0854 5372 Drive \Device\Harddisk0\DR0 - Size: 0x4A85B00000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:38:55.0870 5372 Drive \Device\Harddisk2\DR2 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:38:55.0870 5372 ============================================================
11:38:55.0870 5372 \Device\Harddisk1\DR1:
11:38:55.0870 5372 MBR partitions:
11:38:55.0870 5372 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:38:55.0870 5372 \Device\Harddisk0\DR0:
11:38:55.0870 5372 MBR partitions:
11:38:55.0870 5372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:38:55.0870 5372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FA800
11:38:55.0870 5372 \Device\Harddisk2\DR2:
11:38:55.0870 5372 MBR partitions:
11:38:55.0870 5372 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xEEBFE0
11:38:55.0870 5372 ============================================================
11:38:55.0916 5372 C: <-> \Device\Harddisk0\DR0\Partition2
11:38:55.0932 5372 E: <-> \Device\Harddisk1\DR1\Partition1
11:38:55.0932 5372 ============================================================
11:38:55.0932 5372 Initialize success
11:38:55.0932 5372 ============================================================
11:38:59.0582 2764 ============================================================
11:38:59.0582 2764 Scan started
11:38:59.0582 2764 Mode: Manual;
11:38:59.0582 2764 ============================================================
11:39:00.0815 2764 ================ Scan system memory ========================
11:39:00.0815 2764 System memory - ok
11:39:00.0815 2764 ================ Scan services =============================
11:39:00.0924 2764 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:39:00.0940 2764 1394ohci - ok
11:39:00.0971 2764 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:39:00.0986 2764 ACPI - ok
11:39:01.0018 2764 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:39:01.0018 2764 AcpiPmi - ok
11:39:01.0142 2764 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:39:01.0142 2764 AdobeARMservice - ok
11:39:01.0267 2764 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:39:01.0267 2764 AdobeFlashPlayerUpdateSvc - ok
11:39:01.0314 2764 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:39:01.0345 2764 adp94xx - ok
11:39:01.0361 2764 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:39:01.0361 2764 adpahci - ok
11:39:01.0408 2764 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:39:01.0408 2764 adpu320 - ok
11:39:01.0439 2764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:39:01.0439 2764 AeLookupSvc - ok
11:39:01.0470 2764 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:39:01.0486 2764 AFD - ok
11:39:01.0501 2764 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:39:01.0501 2764 agp440 - ok
11:39:01.0501 2764 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:39:01.0501 2764 ALG - ok
11:39:01.0517 2764 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:39:01.0517 2764 aliide - ok
11:39:01.0548 2764 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:39:01.0564 2764 AMD External Events Utility - ok
11:39:01.0579 2764 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:39:01.0579 2764 amdide - ok
11:39:01.0610 2764 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:39:01.0610 2764 AmdK8 - ok
11:39:01.0751 2764 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:39:01.0969 2764 amdkmdag - ok
11:39:02.0000 2764 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:39:02.0032 2764 amdkmdap - ok
11:39:02.0078 2764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:39:02.0078 2764 AmdPPM - ok
11:39:02.0125 2764 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:39:02.0125 2764 amdsata - ok
11:39:02.0156 2764 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:39:02.0172 2764 amdsbs - ok
11:39:02.0172 2764 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:39:02.0172 2764 amdxata - ok
11:39:02.0188 2764 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:39:02.0188 2764 AppID - ok
11:39:02.0219 2764 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:39:02.0219 2764 AppIDSvc - ok
11:39:02.0250 2764 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:39:02.0250 2764 Appinfo - ok
11:39:02.0312 2764 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:39:02.0312 2764 Apple Mobile Device - ok
11:39:02.0359 2764 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:39:02.0359 2764 AppMgmt - ok
11:39:02.0390 2764 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:39:02.0390 2764 arc - ok
11:39:02.0390 2764 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:39:02.0390 2764 arcsas - ok
11:39:02.0484 2764 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:39:02.0484 2764 aspnet_state - ok
11:39:02.0531 2764 [ 642D4F5F260833852A1FD95D54DBCADE ] astcc C:\Windows\SysWOW64\ASTSRV.EXE
11:39:02.0531 2764 astcc - ok
11:39:02.0546 2764 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:39:02.0546 2764 AsyncMac - ok
11:39:02.0562 2764 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:39:02.0562 2764 atapi - ok
11:39:02.0609 2764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:39:02.0671 2764 AudioEndpointBuilder - ok
11:39:02.0702 2764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:39:02.0702 2764 AudioSrv - ok
11:39:02.0749 2764 [ F7D109AFB1DF146E2CA2304C7E1DCB16 ] awecho C:\Windows\syswow64\drivers\awechomd.sys
11:39:02.0749 2764 awecho - ok
11:39:02.0812 2764 [ 64AE9C807B93BA08D63118D01D6FDF2F ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
11:39:02.0812 2764 awhost32 - ok
11:39:02.0812 2764 [ 9808626EC988C6B7C773589B3B5993A0 ] AW_HOST C:\Windows\syswow64\drivers\aw_host5.sys
11:39:02.0812 2764 AW_HOST - ok
11:39:02.0858 2764 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:39:02.0858 2764 AxInstSV - ok
11:39:02.0890 2764 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:39:02.0890 2764 b06bdrv - ok
11:39:02.0936 2764 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:39:02.0952 2764 b57nd60a - ok
11:39:02.0983 2764 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:39:02.0983 2764 BDESVC - ok
11:39:02.0999 2764 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:39:02.0999 2764 Beep - ok
11:39:03.0046 2764 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:39:03.0061 2764 BFE - ok
11:39:03.0217 2764 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx64.sys
11:39:03.0248 2764 BHDrvx64 - ok
11:39:03.0280 2764 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:39:03.0311 2764 BITS - ok
11:39:03.0326 2764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:39:03.0326 2764 blbdrive - ok
11:39:03.0389 2764 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:39:03.0389 2764 Bonjour Service - ok
11:39:03.0404 2764 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:39:03.0404 2764 bowser - ok
11:39:03.0436 2764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:39:03.0436 2764 BrFiltLo - ok
11:39:03.0451 2764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:39:03.0451 2764 BrFiltUp - ok
11:39:03.0482 2764 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:39:03.0482 2764 Browser - ok
11:39:03.0514 2764 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
11:39:03.0529 2764 Brserid - ok
11:39:03.0545 2764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:39:03.0545 2764 BrSerWdm - ok
11:39:03.0560 2764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:39:03.0560 2764 BrUsbMdm - ok
11:39:03.0560 2764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
11:39:03.0560 2764 BrUsbSer - ok
11:39:03.0576 2764 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:39:03.0576 2764 BTHMODEM - ok
11:39:03.0623 2764 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:39:03.0623 2764 bthserv - ok
11:39:03.0685 2764 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
11:39:03.0685 2764 ccSet_NIS - ok
11:39:03.0701 2764 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:39:03.0716 2764 cdfs - ok
11:39:03.0748 2764 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:39:03.0748 2764 cdrom - ok
11:39:03.0779 2764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:39:03.0779 2764 CertPropSvc - ok
11:39:03.0779 2764 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:39:03.0794 2764 circlass - ok
11:39:03.0810 2764 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:39:03.0826 2764 CLFS - ok
11:39:03.0872 2764 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:39:03.0872 2764 clr_optimization_v2.0.50727_32 - ok
11:39:03.0904 2764 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:39:03.0904 2764 clr_optimization_v2.0.50727_64 - ok
11:39:03.0935 2764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:39:03.0935 2764 clr_optimization_v4.0.30319_32 - ok
11:39:03.0950 2764 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:39:03.0950 2764 clr_optimization_v4.0.30319_64 - ok
11:39:03.0982 2764 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:39:03.0982 2764 CmBatt - ok
11:39:03.0997 2764 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:39:03.0997 2764 cmdide - ok
11:39:04.0028 2764 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:39:04.0044 2764 CNG - ok
11:39:04.0060 2764 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:39:04.0060 2764 Compbatt - ok
11:39:04.0075 2764 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:39:04.0075 2764 CompositeBus - ok
11:39:04.0075 2764 COMSysApp - ok
11:39:04.0106 2764 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
11:39:04.0122 2764 cpuz135 - ok
11:39:04.0122 2764 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:39:04.0122 2764 crcdisk - ok
11:39:04.0169 2764 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:39:04.0169 2764 CryptSvc - ok
11:39:04.0200 2764 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:39:04.0231 2764 CSC - ok
11:39:04.0247 2764 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:39:04.0278 2764 CscService - ok
11:39:04.0309 2764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:39:04.0340 2764 DcomLaunch - ok
11:39:04.0356 2764 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:39:04.0372 2764 defragsvc - ok
11:39:04.0372 2764 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:39:04.0387 2764 DfsC - ok
11:39:04.0403 2764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:39:04.0418 2764 Dhcp - ok
11:39:04.0434 2764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:39:04.0434 2764 discache - ok
11:39:04.0450 2764 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:39:04.0450 2764 Disk - ok
11:39:04.0481 2764 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:39:04.0496 2764 dmvsc - ok
11:39:04.0528 2764 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:39:04.0528 2764 Dnscache - ok
11:39:04.0559 2764 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:39:04.0574 2764 dot3svc - ok
11:39:04.0590 2764 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:39:04.0590 2764 DPS - ok
11:39:04.0637 2764 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:39:04.0637 2764 drmkaud - ok
11:39:04.0668 2764 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:39:04.0684 2764 DXGKrnl - ok
11:39:04.0715 2764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:39:04.0715 2764 EapHost - ok
11:39:04.0777 2764 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:39:04.0855 2764 ebdrv - ok
11:39:04.0918 2764 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:39:04.0933 2764 eeCtrl - ok
11:39:04.0949 2764 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:39:04.0949 2764 EFS - ok
11:39:05.0011 2764 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:39:05.0042 2764 ehRecvr - ok
11:39:05.0042 2764 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:39:05.0058 2764 ehSched - ok
11:39:05.0074 2764 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:39:05.0089 2764 elxstor - ok
11:39:05.0136 2764 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:39:05.0136 2764 EraserUtilRebootDrv - ok
11:39:05.0152 2764 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:39:05.0152 2764 ErrDev - ok
11:39:05.0183 2764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:39:05.0214 2764 EventSystem - ok
11:39:05.0230 2764 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:39:05.0245 2764 exfat - ok
11:39:05.0261 2764 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:39:05.0261 2764 fastfat - ok
11:39:05.0308 2764 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:39:05.0323 2764 Fax - ok
11:39:05.0339 2764 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:39:05.0339 2764 fdc - ok
11:39:05.0354 2764 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:39:05.0354 2764 fdPHost - ok
11:39:05.0370 2764 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:39:05.0370 2764 FDResPub - ok
11:39:05.0386 2764 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:39:05.0386 2764 FileInfo - ok
11:39:05.0401 2764 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:39:05.0401 2764 Filetrace - ok
11:39:05.0417 2764 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:39:05.0417 2764 flpydisk - ok
11:39:05.0432 2764 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:39:05.0448 2764 FltMgr - ok
11:39:05.0479 2764 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:39:05.0510 2764 FontCache - ok
11:39:05.0573 2764 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:39:05.0573 2764 FontCache3.0.0.0 - ok
11:39:05.0588 2764 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:39:05.0588 2764 FsDepends - ok
11:39:05.0604 2764 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:39:05.0604 2764 Fs_Rec - ok
11:39:05.0635 2764 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:39:05.0635 2764 fvevol - ok
11:39:05.0651 2764 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:39:05.0651 2764 gagp30kx - ok
11:39:05.0682 2764 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:39:05.0682 2764 GEARAspiWDM - ok
11:39:05.0729 2764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:39:05.0744 2764 gpsvc - ok
11:39:05.0822 2764 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:39:05.0822 2764 gupdate - ok
11:39:05.0838 2764 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:39:05.0838 2764 gupdatem - ok
11:39:05.0869 2764 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:39:05.0869 2764 gusvc - ok
11:39:05.0885 2764 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:39:05.0885 2764 hcw85cir - ok
11:39:05.0916 2764 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:39:05.0932 2764 HdAudAddService - ok
11:39:05.0963 2764 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:39:05.0963 2764 HDAudBus - ok
11:39:05.0978 2764 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:39:05.0978 2764 HidBatt - ok
11:39:05.0994 2764 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:39:05.0994 2764 HidBth - ok
11:39:06.0025 2764 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:39:06.0025 2764 HidIr - ok
11:39:06.0041 2764 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:39:06.0041 2764 hidserv - ok
11:39:06.0072 2764 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:39:06.0072 2764 HidUsb - ok
11:39:06.0088 2764 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:39:06.0088 2764 hkmsvc - ok
11:39:06.0103 2764 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:39:06.0103 2764 HomeGroupListener - ok
11:39:06.0119 2764 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:39:06.0134 2764 HomeGroupProvider - ok
11:39:06.0150 2764 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:39:06.0166 2764 HpSAMD - ok
11:39:06.0197 2764 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:39:06.0212 2764 HTTP - ok
11:39:06.0228 2764 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:39:06.0228 2764 hwpolicy - ok
11:39:06.0244 2764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:39:06.0244 2764 i8042prt - ok
11:39:06.0275 2764 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:39:06.0275 2764 iaStorV - ok
11:39:06.0322 2764 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:39:06.0368 2764 idsvc - ok
11:39:06.0446 2764 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121109.001\IDSvia64.sys
11:39:06.0446 2764 IDSVia64 - ok
11:39:06.0478 2764 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:39:06.0478 2764 iirsp - ok
11:39:06.0524 2764 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:39:06.0571 2764 IKEEXT - ok
11:39:06.0602 2764 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:39:06.0602 2764 intelide - ok
11:39:06.0618 2764 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:39:06.0618 2764 intelppm - ok
11:39:06.0680 2764 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:39:06.0680 2764 IntuitUpdateServiceV4 - ok
11:39:06.0696 2764 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:39:06.0712 2764 IPBusEnum - ok
11:39:06.0712 2764 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:39:06.0727 2764 IpFilterDriver - ok
11:39:06.0743 2764 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:39:06.0758 2764 iphlpsvc - ok
11:39:06.0774 2764 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:39:06.0805 2764 IPMIDRV - ok
11:39:06.0821 2764 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:39:06.0821 2764 IPNAT - ok
11:39:06.0868 2764 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:39:06.0899 2764 iPod Service - ok
11:39:06.0914 2764 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:39:06.0914 2764 IRENUM - ok
11:39:06.0930 2764 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:39:06.0930 2764 isapnp - ok
11:39:06.0946 2764 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:39:06.0946 2764 iScsiPrt - ok
11:39:06.0961 2764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:39:06.0961 2764 kbdclass - ok
11:39:06.0977 2764 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:39:06.0977 2764 kbdhid - ok
11:39:06.0992 2764 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:39:06.0992 2764 KeyIso - ok
11:39:07.0008 2764 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:39:07.0008 2764 KSecDD - ok
11:39:07.0024 2764 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:39:07.0024 2764 KSecPkg - ok
11:39:07.0055 2764 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:39:07.0055 2764 ksthunk - ok
11:39:07.0086 2764 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:39:07.0086 2764 KtmRm - ok
11:39:07.0117 2764 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:39:07.0117 2764 LanmanServer - ok
11:39:07.0180 2764 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:39:07.0226 2764 LanmanWorkstation - ok
11:39:07.0492 2764 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE
11:39:07.0538 2764 LiveUpdate - ok
11:39:07.0570 2764 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:39:07.0570 2764 lltdio - ok
11:39:07.0585 2764 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:39:07.0601 2764 lltdsvc - ok
11:39:07.0632 2764 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:39:07.0632 2764 lmhosts - ok
11:39:07.0648 2764 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:39:07.0679 2764 LSI_FC - ok
11:39:07.0710 2764 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:39:07.0710 2764 LSI_SAS - ok
11:39:07.0726 2764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:39:07.0726 2764 LSI_SAS2 - ok
11:39:07.0741 2764 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:39:07.0741 2764 LSI_SCSI - ok
11:39:07.0757 2764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:39:07.0757 2764 luafv - ok
11:39:07.0788 2764 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:39:07.0788 2764 LVPr2M64 - ok
11:39:07.0788 2764 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:39:07.0804 2764 LVPr2Mon - ok
11:39:07.0850 2764 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:39:07.0850 2764 LVPrcS64 - ok
11:39:07.0928 2764 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:39:07.0944 2764 LVRS64 - ok
11:39:08.0084 2764 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:39:08.0209 2764 LVUVC64 - ok
11:39:08.0256 2764 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:39:08.0256 2764 MBAMProtector - ok
11:39:08.0303 2764 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:39:08.0318 2764 MBAMScheduler - ok
11:39:08.0334 2764 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:39:08.0350 2764 MBAMService - ok
11:39:08.0365 2764 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:39:08.0381 2764 Mcx2Svc - ok
11:39:08.0412 2764 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:39:08.0412 2764 megasas - ok
11:39:08.0428 2764 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:39:08.0443 2764 MegaSR - ok
11:39:08.0459 2764 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:39:08.0459 2764 MMCSS - ok
11:39:08.0474 2764 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:39:08.0490 2764 Modem - ok
11:39:08.0521 2764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:39:08.0521 2764 monitor - ok
11:39:08.0552 2764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:39:08.0552 2764 mouclass - ok
11:39:08.0568 2764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:39:08.0568 2764 mouhid - ok
11:39:08.0584 2764 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:39:08.0584 2764 mountmgr - ok
11:39:08.0615 2764 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:39:08.0630 2764 MozillaMaintenance - ok
11:39:08.0677 2764 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:39:08.0677 2764 mpio - ok
11:39:08.0708 2764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:39:08.0708 2764 mpsdrv - ok
11:39:08.0740 2764 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:39:08.0771 2764 MpsSvc - ok
11:39:08.0833 2764 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:39:08.0833 2764 MRxDAV - ok
11:39:08.0849 2764 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:39:08.0849 2764 mrxsmb - ok
11:39:08.0880 2764 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:39:08.0880 2764 mrxsmb10 - ok
11:39:08.0911 2764 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:39:08.0911 2764 mrxsmb20 - ok
11:39:08.0942 2764 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:39:08.0942 2764 msahci - ok
11:39:08.0958 2764 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:39:08.0958 2764 msdsm - ok
11:39:08.0974 2764 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:39:08.0989 2764 MSDTC - ok
11:39:09.0005 2764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:39:09.0005 2764 Msfs - ok
11:39:09.0005 2764 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:39:09.0020 2764 mshidkmdf - ok
11:39:09.0020 2764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:39:09.0020 2764 msisadrv - ok
11:39:09.0067 2764 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:39:09.0067 2764 MSiSCSI - ok
11:39:09.0083 2764 msiserver - ok
11:39:09.0098 2764 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:39:09.0098 2764 MSKSSRV - ok
11:39:09.0114 2764 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:39:09.0114 2764 MSPCLOCK - ok
11:39:09.0114 2764 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:39:09.0114 2764 MSPQM - ok
11:39:09.0145 2764 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:39:09.0161 2764 MsRPC - ok
11:39:09.0176 2764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:39:09.0176 2764 mssmbios - ok
11:39:09.0192 2764 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:39:09.0192 2764 MSTEE - ok
11:39:09.0208 2764 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:39:09.0208 2764 MTConfig - ok
11:39:09.0223 2764 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:39:09.0223 2764 Mup - ok
11:39:09.0254 2764 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:39:09.0270 2764 napagent - ok
11:39:09.0301 2764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:39:09.0301 2764 NativeWifiP - ok
11:39:09.0364 2764 [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
11:39:09.0364 2764 NAUpdate - ok
11:39:09.0442 2764 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121110.006\ENG64.SYS
11:39:09.0442 2764 NAVENG - ok
11:39:09.0488 2764 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121110.006\EX64.SYS
11:39:09.0504 2764 NAVEX15 - ok
11:39:09.0520 2764 [ 7B2D90BBBBED11C8DFBA441D34AE901E ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
11:39:09.0520 2764 NBVol - ok
11:39:09.0520 2764 [ 4FE7B5757279D82C4D171E9F7FD52A75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
11:39:09.0535 2764 NBVolUp - ok
11:39:09.0551 2764 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:39:09.0582 2764 NDIS - ok
11:39:09.0598 2764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:39:09.0598 2764 NdisCap - ok
11:39:09.0629 2764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:39:09.0629 2764 NdisTapi - ok
11:39:09.0644 2764 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:39:09.0644 2764 Ndisuio - ok
11:39:09.0660 2764 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:39:09.0660 2764 NdisWan - ok
11:39:09.0722 2764 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:39:09.0738 2764 NDProxy - ok
11:39:09.0738 2764 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:39:09.0738 2764 NetBIOS - ok
11:39:09.0769 2764 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:39:09.0785 2764 NetBT - ok
11:39:09.0800 2764 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:39:09.0800 2764 Netlogon - ok
11:39:09.0847 2764 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:39:09.0863 2764 Netman - ok
11:39:09.0894 2764 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:09.0894 2764 NetMsmqActivator - ok
11:39:09.0910 2764 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:09.0910 2764 NetPipeActivator - ok
11:39:09.0941 2764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:39:09.0956 2764 netprofm - ok
11:39:09.0956 2764 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:09.0956 2764 NetTcpActivator - ok
11:39:09.0972 2764 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:39:09.0972 2764 NetTcpPortSharing - ok
11:39:09.0988 2764 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:39:09.0988 2764 nfrd960 - ok
11:39:10.0066 2764 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
11:39:10.0066 2764 NIS - ok
11:39:10.0112 2764 [ 7F98566A311CEB1FE2994F8C2A05FBC1 ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
11:39:10.0112 2764 NitroDriverReadSpool - ok
11:39:10.0128 2764 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:39:10.0144 2764 NlaSvc - ok
11:39:10.0237 2764 [ 7BFA0C5D8A4A2F1C46A6A3A698BDE3E5 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
11:39:10.0237 2764 nlsX86cc - ok
11:39:10.0346 2764 [ A1787754952A0B700E386DC7C5FA5726 ] Norton Ghost C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
11:39:10.0440 2764 Norton Ghost - ok
11:39:10.0456 2764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:39:10.0456 2764 Npfs - ok
11:39:10.0471 2764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:39:10.0471 2764 nsi - ok
11:39:10.0471 2764 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:39:10.0471 2764 nsiproxy - ok
11:39:10.0534 2764 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:39:10.0580 2764 Ntfs - ok
11:39:10.0596 2764 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:39:10.0596 2764 Null - ok
11:39:10.0627 2764 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:39:10.0627 2764 nvraid - ok
11:39:10.0658 2764 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:39:10.0658 2764 nvstor - ok
11:39:10.0690 2764 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:39:10.0690 2764 nv_agp - ok
11:39:10.0705 2764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:39:10.0705 2764 ohci1394 - ok
11:39:10.0736 2764 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:39:10.0736 2764 ose - ok
11:39:10.0892 2764 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:39:11.0002 2764 osppsvc - ok
11:39:11.0033 2764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:39:11.0048 2764 p2pimsvc - ok
11:39:11.0080 2764 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:39:11.0095 2764 p2psvc - ok
11:39:11.0126 2764 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:39:11.0142 2764 Parport - ok
11:39:11.0173 2764 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:39:11.0173 2764 partmgr - ok
11:39:11.0189 2764 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:39:11.0189 2764 PcaSvc - ok
11:39:11.0220 2764 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:39:11.0220 2764 pci - ok
11:39:11.0220 2764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:39:11.0220 2764 pciide - ok
11:39:11.0236 2764 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:39:11.0251 2764 pcmcia - ok
11:39:11.0282 2764 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:39:11.0282 2764 pcw - ok
11:39:11.0298 2764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:39:11.0314 2764 PEAUTH - ok
11:39:11.0360 2764 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:39:11.0407 2764 PeerDistSvc - ok
11:39:11.0423 2764 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:39:11.0423 2764 PerfHost - ok
11:39:11.0470 2764 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:39:11.0516 2764 pla - ok
11:39:11.0548 2764 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:39:11.0563 2764 PlugPlay - ok
11:39:11.0579 2764 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:39:11.0579 2764 PNRPAutoReg - ok
11:39:11.0594 2764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:39:11.0610 2764 PNRPsvc - ok
11:39:11.0626 2764 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:39:11.0657 2764 PolicyAgent - ok
11:39:11.0688 2764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:39:11.0688 2764 Power - ok
11:39:11.0704 2764 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:39:11.0719 2764 PptpMiniport - ok
11:39:11.0735 2764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:39:11.0735 2764 Processor - ok
11:39:11.0750 2764 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:39:11.0766 2764 ProfSvc - ok
11:39:11.0813 2764 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:39:11.0813 2764 ProtectedStorage - ok
11:39:11.0844 2764 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:39:11.0844 2764 Psched - ok
11:39:11.0906 2764 [ 5D17052A59754A1C74DA571C27A0557E ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:39:11.0906 2764 QBCFMonitorService - ok
11:39:11.0938 2764 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:39:11.0938 2764 QBFCService - ok
11:39:11.0984 2764 [ 25FC19BADF78B7FB1D835AAC4B0B91A5 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
11:39:12.0016 2764 QBVSS - ok
11:39:12.0062 2764 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:39:12.0109 2764 ql2300 - ok
11:39:12.0125 2764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:39:12.0125 2764 ql40xx - ok
11:39:12.0156 2764 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:39:12.0172 2764 QWAVE - ok
11:39:12.0187 2764 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:39:12.0187 2764 QWAVEdrv - ok
11:39:12.0281 2764 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
11:39:12.0281 2764 RapportCerberus_43926 - ok
11:39:12.0328 2764 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
11:39:12.0328 2764 RapportEI64 - ok
11:39:12.0343 2764 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
11:39:12.0343 2764 RapportKE64 - ok
11:39:12.0390 2764 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
11:39:12.0421 2764 RapportMgmtService - ok
11:39:12.0499 2764 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
11:39:12.0530 2764 RapportPG64 - ok
11:39:12.0577 2764 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:39:12.0577 2764 RasAcd - ok
11:39:12.0733 2764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:39:12.0733 2764 RasAgileVpn - ok
11:39:12.0780 2764 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:39:12.0780 2764 RasAuto - ok
11:39:12.0811 2764 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:39:12.0811 2764 Rasl2tp - ok
11:39:12.0827 2764 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:39:12.0842 2764 RasMan - ok
11:39:12.0858 2764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:39:12.0858 2764 RasPppoe - ok
11:39:12.0874 2764 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:39:12.0874 2764 RasSstp - ok
11:39:12.0905 2764 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:39:12.0920 2764 rdbss - ok
11:39:12.0936 2764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:39:12.0936 2764 rdpbus - ok
11:39:12.0936 2764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:39:12.0936 2764 RDPCDD - ok
11:39:12.0983 2764 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:39:12.0983 2764 RDPDR - ok
11:39:12.0998 2764 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:39:12.0998 2764 RDPENCDD - ok
11:39:13.0014 2764 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:39:13.0014 2764 RDPREFMP - ok
11:39:13.0045 2764 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:39:13.0045 2764 RdpVideoMiniport - ok
11:39:13.0076 2764 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:39:13.0076 2764 RDPWD - ok
11:39:13.0092 2764 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:39:13.0092 2764 rdyboost - ok
11:39:13.0123 2764 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:39:13.0123 2764 RemoteAccess - ok
11:39:13.0139 2764 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:39:13.0139 2764 RemoteRegistry - ok
11:39:13.0154 2764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:39:13.0154 2764 RpcEptMapper - ok
11:39:13.0170 2764 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:39:13.0186 2764 RpcLocator - ok
11:39:13.0201 2764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:39:13.0201 2764 RpcSs - ok
11:39:13.0217 2764 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:39:13.0217 2764 rspndr - ok
11:39:13.0264 2764 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:39:13.0279 2764 RTL8167 - ok
11:39:13.0310 2764 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:39:13.0310 2764 s3cap - ok
11:39:13.0326 2764 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:39:13.0326 2764 SamSs - ok
11:39:13.0342 2764 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:39:13.0357 2764 sbp2port - ok
11:39:13.0373 2764 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:39:13.0388 2764 SCardSvr - ok
11:39:13.0404 2764 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:39:13.0404 2764 scfilter - ok
11:39:13.0435 2764 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:39:13.0482 2764 Schedule - ok
11:39:13.0498 2764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:39:13.0498 2764 SCPolicySvc - ok
11:39:13.0529 2764 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:39:13.0529 2764 SDRSVC - ok
11:39:13.0544 2764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:39:13.0544 2764 secdrv - ok
11:39:13.0560 2764 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:39:13.0560 2764 seclogon - ok
11:39:13.0576 2764 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:39:13.0576 2764 SENS - ok
11:39:13.0591 2764 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:39:13.0591 2764 SensrSvc - ok
11:39:13.0591 2764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:39:13.0591 2764 Serenum - ok
11:39:13.0607 2764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:39:13.0607 2764 Serial - ok
11:39:13.0622 2764 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:39:13.0622 2764 sermouse - ok
11:39:13.0638 2764 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:39:13.0654 2764 SessionEnv - ok
11:39:13.0654 2764 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:39:13.0654 2764 sffdisk - ok
11:39:13.0669 2764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:39:13.0669 2764 sffp_mmc - ok
11:39:13.0685 2764 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:39:13.0685 2764 sffp_sd - ok
11:39:13.0685 2764 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:39:13.0685 2764 sfloppy - ok
11:39:13.0716 2764 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:39:13.0732 2764 SharedAccess - ok
11:39:13.0778 2764 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:39:13.0794 2764 ShellHWDetection - ok
11:39:13.0810 2764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:39:13.0810 2764 SiSRaid2 - ok
11:39:13.0825 2764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:39:13.0841 2764 SiSRaid4 - ok
11:39:13.0872 2764 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:39:13.0872 2764 Smb - ok
11:39:13.0919 2764 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:39:13.0919 2764 SNMPTRAP - ok
11:39:13.0934 2764 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:39:13.0934 2764 spldr - ok
11:39:13.0966 2764 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:39:13.0981 2764 Spooler - ok
11:39:14.0044 2764 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:39:14.0137 2764 sppsvc - ok
11:39:14.0153 2764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:39:14.0153 2764 sppuinotify - ok
11:39:14.0215 2764 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
11:39:14.0231 2764 SRTSP - ok
11:39:14.0246 2764 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
11:39:14.0246 2764 SRTSPX - ok
11:39:14.0278 2764 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:39:14.0293 2764 srv - ok
11:39:14.0324 2764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:39:14.0324 2764 srv2 - ok
11:39:14.0340 2764 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:39:14.0340 2764 srvnet - ok
11:39:14.0371 2764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:39:14.0371 2764 SSDPSRV - ok
11:39:14.0387 2764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:39:14.0402 2764 SstpSvc - ok
11:39:14.0402 2764 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:39:14.0402 2764 stexstor - ok
11:39:14.0418 2764 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:39:14.0434 2764 StillCam - ok
11:39:14.0449 2764 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:39:14.0465 2764 stisvc - ok
11:39:14.0496 2764 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:39:14.0496 2764 storflt - ok
11:39:14.0527 2764 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:39:14.0527 2764 StorSvc - ok
11:39:14.0543 2764 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:39:14.0543 2764 storvsc - ok
11:39:14.0574 2764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:39:14.0574 2764 swenum - ok
11:39:14.0574 2764 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:39:14.0590 2764 swprv - ok
11:39:14.0621 2764 Symantec SymSnap VSS Provider - ok
11:39:14.0636 2764 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
11:39:14.0652 2764 SymDS - ok
11:39:14.0699 2764 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
11:39:14.0777 2764 SymEFA - ok
11:39:14.0808 2764 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:39:14.0808 2764 SymEvent - ok
11:39:14.0839 2764 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
11:39:14.0839 2764 SymIM - ok
11:39:14.0870 2764 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
11:39:14.0870 2764 SymIRON - ok
11:39:14.0902 2764 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
11:39:14.0902 2764 SymNetS - ok
11:39:14.0933 2764 [ 2D9B2746F7DEA46D1572B84A06311566 ] symsnap C:\Windows\system32\DRIVERS\symsnap.sys
11:39:14.0933 2764 symsnap - ok
11:39:14.0964 2764 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:39:15.0026 2764 SysMain - ok
11:39:15.0042 2764 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:39:15.0042 2764 TabletInputService - ok
11:39:15.0089 2764 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:39:15.0089 2764 TapiSrv - ok
11:39:15.0104 2764 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:39:15.0104 2764 TBS - ok
11:39:15.0167 2764 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:39:15.0214 2764 Tcpip - ok
11:39:15.0260 2764 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:39:15.0276 2764 TCPIP6 - ok
11:39:15.0307 2764 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:39:15.0307 2764 tcpipreg - ok
11:39:15.0323 2764 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:39:15.0323 2764 TDPIPE - ok
11:39:15.0338 2764 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:39:15.0338 2764 TDTCP - ok
11:39:15.0354 2764 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:39:15.0354 2764 tdx - ok
11:39:15.0370 2764 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:39:15.0370 2764 TermDD - ok
11:39:15.0401 2764 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:39:15.0416 2764 TermService - ok
11:39:15.0448 2764 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:39:15.0448 2764 Themes - ok
11:39:15.0479 2764 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:39:15.0479 2764 THREADORDER - ok
11:39:15.0494 2764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:39:15.0494 2764 TrkWks - ok
11:39:15.0526 2764 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:39:15.0541 2764 TrustedInstaller - ok
11:39:15.0557 2764 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:39:15.0557 2764 tssecsrv - ok
11:39:15.0572 2764 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:39:15.0572 2764 TsUsbFlt - ok
11:39:15.0588 2764 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:39:15.0588 2764 TsUsbGD - ok
11:39:15.0619 2764 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:39:15.0619 2764 tunnel - ok
11:39:15.0635 2764 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:39:15.0635 2764 uagp35 - ok
11:39:15.0666 2764 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:39:15.0682 2764 udfs - ok
11:39:15.0713 2764 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:39:15.0713 2764 UI0Detect - ok
11:39:15.0744 2764 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:39:15.0744 2764 uliagpkx - ok
11:39:15.0760 2764 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:39:15.0760 2764 umbus - ok
11:39:15.0775 2764 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:39:15.0775 2764 UmPass - ok
11:39:15.0791 2764 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:39:15.0822 2764 UmRdpService - ok
11:39:15.0838 2764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:39:15.0869 2764 upnphost - ok
11:39:15.0900 2764 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:39:15.0900 2764 usbaudio - ok
11:39:15.0916 2764 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:39:15.0916 2764 usbccgp - ok
11:39:15.0931 2764 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:39:15.0962 2764 usbcir - ok
11:39:15.0962 2764 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:39:15.0962 2764 usbehci - ok
11:39:15.0994 2764 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:39:16.0009 2764 usbhub - ok
11:39:16.0025 2764 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:39:16.0025 2764 usbohci - ok
11:39:16.0056 2764 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:39:16.0056 2764 usbprint - ok
11:39:16.0087 2764 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:39:16.0087 2764 usbscan - ok
11:39:16.0087 2764 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:39:16.0087 2764 USBSTOR - ok
11:39:16.0103 2764 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:39:16.0103 2764 usbuhci - ok
11:39:16.0134 2764 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:39:16.0134 2764 usbvideo - ok
11:39:16.0150 2764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:39:16.0150 2764 UxSms - ok
11:39:16.0165 2764 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:39:16.0165 2764 VaultSvc - ok
11:39:16.0181 2764 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:39:16.0181 2764 vdrvroot - ok
11:39:16.0196 2764 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:39:16.0212 2764 vds - ok
11:39:16.0243 2764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:39:16.0243 2764 vga - ok
11:39:16.0259 2764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:39:16.0259 2764 VgaSave - ok
11:39:16.0274 2764 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:39:16.0290 2764 vhdmp - ok
11:39:16.0306 2764 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:39:16.0306 2764 viaide - ok
11:39:16.0352 2764 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:39:16.0352 2764 vmbus - ok
11:39:16.0384 2764 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:39:16.0384 2764 VMBusHID - ok
11:39:16.0399 2764 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:39:16.0399 2764 volmgr - ok
11:39:16.0415 2764 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:39:16.0430 2764 volmgrx - ok
11:39:16.0446 2764 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:39:16.0446 2764 volsnap - ok
11:39:16.0477 2764 [ 8B7454930230DB4BC4BA35A467BE09AA ] VProEventMonitor C:\Windows\system32\DRIVERS\vproeventmonitor.sys
11:39:16.0477 2764 VProEventMonitor - ok
11:39:16.0493 2764 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:39:16.0493 2764 vsmraid - ok
11:39:16.0571 2764 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:39:16.0618 2764 VSS - ok
11:39:16.0618 2764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:39:16.0633 2764 vwifibus - ok
11:39:16.0649 2764 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:39:16.0664 2764 W32Time - ok
11:39:16.0680 2764 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:39:16.0680 2764 WacomPen - ok
11:39:16.0711 2764 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:39:16.0711 2764 WANARP - ok
11:39:16.0727 2764 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:39:16.0727 2764 Wanarpv6 - ok
11:39:16.0820 2764 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:39:16.0867 2764 WatAdminSvc - ok
11:39:16.0914 2764 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:39:16.0945 2764 wbengine - ok
11:39:16.0976 2764 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:39:16.0992 2764 WbioSrvc - ok
11:39:17.0008 2764 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:39:17.0023 2764 wcncsvc - ok
11:39:17.0023 2764 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:39:17.0023 2764 WcsPlugInService - ok
11:39:17.0054 2764 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:39:17.0054 2764 Wd - ok
11:39:17.0070 2764 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:39:17.0086 2764 Wdf01000 - ok
11:39:17.0101 2764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:39:17.0101 2764 WdiServiceHost - ok
11:39:17.0101 2764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:39:17.0101 2764 WdiSystemHost - ok
11:39:17.0117 2764 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:39:17.0132 2764 WebClient - ok
11:39:17.0132 2764 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:39:17.0148 2764 Wecsvc - ok
11:39:17.0164 2764 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:39:17.0164 2764 wercplsupport - ok
11:39:17.0179 2764 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:39:17.0179 2764 WerSvc - ok
11:39:17.0179 2764 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:39:17.0179 2764 WfpLwf - ok
11:39:17.0226 2764 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:39:17.0226 2764 WimFltr - ok
11:39:17.0242 2764 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:39:17.0242 2764 WIMMount - ok
11:39:17.0257 2764 WinDefend - ok
11:39:17.0257 2764 WinHttpAutoProxySvc - ok
11:39:17.0304 2764 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:39:17.0320 2764 Winmgmt - ok
11:39:17.0366 2764 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:39:17.0444 2764 WinRM - ok
11:39:17.0491 2764 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:39:17.0491 2764 WinUsb - ok
11:39:17.0522 2764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:39:17.0554 2764 Wlansvc - ok
11:39:17.0569 2764 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:39:17.0569 2764 WmiAcpi - ok
11:39:17.0600 2764 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:39:17.0616 2764 wmiApSrv - ok
11:39:17.0647 2764 WMPNetworkSvc - ok
11:39:17.0663 2764 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:39:17.0663 2764 WPCSvc - ok
11:39:17.0694 2764 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:39:17.0694 2764 WPDBusEnum - ok
11:39:17.0725 2764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:39:17.0725 2764 ws2ifsl - ok
11:39:17.0741 2764 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:39:17.0756 2764 wscsvc - ok
11:39:17.0756 2764 WSearch - ok
11:39:17.0866 2764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:39:17.0944 2764 wuauserv - ok
11:39:17.0975 2764 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:39:17.0975 2764 WudfPf - ok
11:39:17.0990 2764 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:39:18.0006 2764 WUDFRd - ok
11:39:18.0006 2764 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:39:18.0006 2764 wudfsvc - ok
11:39:18.0022 2764 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:39:18.0053 2764 WwanSvc - ok
11:39:18.0053 2764 ================ Scan global ===============================
11:39:18.0084 2764 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:39:18.0100 2764 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:39:18.0115 2764 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:39:18.0146 2764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:39:18.0178 2764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:39:18.0193 2764 [Global] - ok
11:39:18.0193 2764 ================ Scan MBR ==================================
11:39:18.0193 2764 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
11:39:18.0193 2764 \Device\Harddisk1\DR1 - ok
11:39:18.0209 2764 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:39:18.0209 2764 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:39:18.0240 2764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:39:18.0240 2764 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:39:18.0256 2764 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk2\DR2
11:39:18.0614 2764 \Device\Harddisk2\DR2 - ok
11:39:18.0614 2764 ================ Scan VBR ==================================
11:39:18.0614 2764 [ 1662BC84B7DF11038FA2107C67BC3BCB ] \Device\Harddisk1\DR1\Partition1
11:39:18.0614 2764 \Device\Harddisk1\DR1\Partition1 - ok
11:39:18.0614 2764 [ D27B35990CA42BCC20472018D2D98AEF ] \Device\Harddisk0\DR0\Partition1
11:39:18.0630 2764 \Device\Harddisk0\DR0\Partition1 - ok
11:39:18.0646 2764 [ 2184BF201C94CA0F8BFFD8C1CFC5FBC6 ] \Device\Harddisk0\DR0\Partition2
11:39:18.0646 2764 \Device\Harddisk0\DR0\Partition2 - ok
11:39:18.0646 2764 [ 893BE2AD9A822AF227F0A2036EFC27F3 ] \Device\Harddisk2\DR2\Partition1
11:39:18.0646 2764 \Device\Harddisk2\DR2\Partition1 - ok
11:39:18.0646 2764 ============================================================
11:39:18.0646 2764 Scan finished
11:39:18.0646 2764 ============================================================
11:39:18.0661 5516 Detected object count: 1
11:39:18.0661 5516 Actual detected object count: 1
11:40:02.0341 5516 \Device\Harddisk0\DR0\# - copied to quarantine
11:40:02.0341 5516 \Device\Harddisk0\DR0 - copied to quarantine
11:40:02.0404 5516 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:40:02.0404 5516 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:40:02.0435 5516 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:40:02.0435 5516 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:40:02.0451 5516 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:40:02.0451 5516 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:40:02.0466 5516 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:40:02.0466 5516 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:40:02.0482 5516 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:40:02.0497 5516 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:40:02.0497 5516 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:40:02.0513 5516 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:40:02.0529 5516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:40:02.0575 5516 \Device\Harddisk0\DR0 - ok
11:40:02.0575 5516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:41:17.0745 6136 Deinitialize success

Ran a 2nd time
11:44:25.0108 0940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:44:25.0529 0940 ============================================================
11:44:25.0529 0940 Current date / time: 2012/11/11 11:44:25.0529
11:44:25.0529 0940 SystemInfo:
11:44:25.0529 0940
11:44:25.0529 0940 OS Version: 6.1.7601 ServicePack: 1.0
11:44:25.0529 0940 Product type: Workstation
11:44:25.0529 0940 ComputerName: ACCOUNTSVOSTRO
11:44:25.0529 0940 UserName: ravi
11:44:25.0529 0940 Windows directory: C:\Windows
11:44:25.0529 0940 System windows directory: C:\Windows
11:44:25.0529 0940 Running under WOW64
11:44:25.0529 0940 Processor architecture: Intel x64
11:44:25.0529 0940 Number of processors: 2
11:44:25.0529 0940 Page size: 0x1000
11:44:25.0529 0940 Boot type: Normal boot
11:44:25.0529 0940 ============================================================
11:44:27.0542 0940 BG loaded
11:44:28.0010 0940 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:28.0041 0940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85B00000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:28.0056 0940 Drive \Device\Harddisk2\DR2 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:44:28.0056 0940 ============================================================
11:44:28.0056 0940 \Device\Harddisk1\DR1:
11:44:28.0056 0940 MBR partitions:
11:44:28.0056 0940 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:44:28.0056 0940 \Device\Harddisk0\DR0:
11:44:28.0056 0940 MBR partitions:
11:44:28.0056 0940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:44:28.0056 0940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FA800
11:44:28.0056 0940 \Device\Harddisk2\DR2:
11:44:28.0056 0940 MBR partitions:
11:44:28.0056 0940 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xEEBFE0
11:44:28.0056 0940 ============================================================
11:44:28.0103 0940 C: <-> \Device\Harddisk0\DR0\Partition2
11:44:28.0119 0940 E: <-> \Device\Harddisk1\DR1\Partition1
11:44:28.0119 0940 ============================================================
11:44:28.0119 0940 Initialize success
11:44:28.0119 0940 ============================================================
11:44:50.0155 3572 ============================================================
11:44:50.0155 3572 Scan started
11:44:50.0155 3572 Mode: Manual;
11:44:50.0155 3572 ============================================================
11:44:53.0177 3572 ================ Scan system memory ========================
11:44:53.0177 3572 System memory - ok
11:44:53.0177 3572 ================ Scan services =============================
11:44:53.0557 3572 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:44:53.0607 3572 1394ohci - ok
11:44:53.0687 3572 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:44:53.0687 3572 ACPI - ok
11:44:53.0737 3572 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:44:53.0737 3572 AcpiPmi - ok
11:44:54.0127 3572 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:44:54.0127 3572 AdobeARMservice - ok
11:44:54.0527 3572 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:44:54.0527 3572 AdobeFlashPlayerUpdateSvc - ok
11:44:54.0627 3572 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:44:54.0637 3572 adp94xx - ok
11:44:54.0757 3572 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:44:54.0757 3572 adpahci - ok
11:44:54.0847 3572 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:44:54.0847 3572 adpu320 - ok
11:44:54.0987 3572 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:44:54.0987 3572 AeLookupSvc - ok
11:44:55.0047 3572 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:44:55.0047 3572 AFD - ok
11:44:55.0107 3572 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:44:55.0107 3572 agp440 - ok
11:44:55.0217 3572 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:44:55.0217 3572 ALG - ok
11:44:55.0347 3572 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:44:55.0347 3572 aliide - ok
11:44:55.0447 3572 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:44:55.0457 3572 AMD External Events Utility - ok
11:44:55.0517 3572 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:44:55.0517 3572 amdide - ok
11:44:55.0617 3572 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:44:55.0617 3572 AmdK8 - ok
11:44:55.0977 3572 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:44:56.0007 3572 amdkmdag - ok
11:44:56.0067 3572 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:44:56.0067 3572 amdkmdap - ok
11:44:56.0207 3572 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:44:56.0207 3572 AmdPPM - ok
11:44:56.0280 3572 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:44:56.0280 3572 amdsata - ok
11:44:56.0358 3572 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:44:56.0358 3572 amdsbs - ok
11:44:56.0436 3572 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:44:56.0436 3572 amdxata - ok
11:44:56.0498 3572 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:44:56.0498 3572 AppID - ok
11:44:56.0576 3572 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:44:56.0576 3572 AppIDSvc - ok
11:44:56.0654 3572 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:44:56.0654 3572 Appinfo - ok
11:44:56.0919 3572 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:44:56.0935 3572 Apple Mobile Device - ok
11:44:57.0185 3572 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:44:57.0185 3572 AppMgmt - ok
11:44:57.0263 3572 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:44:57.0263 3572 arc - ok
11:44:57.0309 3572 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:44:57.0309 3572 arcsas - ok
11:44:57.0653 3572 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:44:58.0027 3572 aspnet_state - ok
11:44:58.0245 3572 [ 642D4F5F260833852A1FD95D54DBCADE ] astcc C:\Windows\SysWOW64\ASTSRV.EXE
11:44:58.0245 3572 astcc - ok
11:44:58.0339 3572 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:44:58.0339 3572 AsyncMac - ok
11:44:58.0464 3572 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:44:58.0464 3572 atapi - ok
11:44:59.0415 3572 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:44:59.0415 3572 AudioEndpointBuilder - ok
11:44:59.0540 3572 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:44:59.0540 3572 AudioSrv - ok
11:44:59.0899 3572 [ F7D109AFB1DF146E2CA2304C7E1DCB16 ] awecho C:\Windows\syswow64\drivers\awechomd.sys
11:44:59.0899 3572 awecho - ok
11:45:00.0102 3572 [ 64AE9C807B93BA08D63118D01D6FDF2F ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
11:45:00.0102 3572 awhost32 - ok
11:45:00.0133 3572 [ 9808626EC988C6B7C773589B3B5993A0 ] AW_HOST C:\Windows\syswow64\drivers\aw_host5.sys
11:45:00.0133 3572 AW_HOST - ok
11:45:00.0258 3572 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:45:00.0258 3572 AxInstSV - ok
11:45:00.0461 3572 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:45:00.0523 3572 b06bdrv - ok
11:45:00.0695 3572 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:45:00.0835 3572 b57nd60a - ok
11:45:01.0022 3572 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:45:01.0022 3572 BDESVC - ok
11:45:01.0100 3572 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:45:01.0100 3572 Beep - ok
11:45:01.0272 3572 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:45:01.0272 3572 BFE - ok
11:45:02.0442 3572 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx64.sys
11:45:02.0457 3572 BHDrvx64 - ok
11:45:02.0847 3572 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:45:02.0879 3572 BITS - ok
11:45:02.0925 3572 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:45:02.0925 3572 blbdrive - ok
11:45:03.0253 3572 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:45:03.0253 3572 Bonjour Service - ok
11:45:03.0300 3572 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:45:03.0300 3572 bowser - ok
11:45:03.0378 3572 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:45:03.0409 3572 BrFiltLo - ok
11:45:03.0456 3572 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:45:03.0534 3572 BrFiltUp - ok
11:45:03.0721 3572 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:45:03.0721 3572 Browser - ok
11:45:04.0064 3572 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
11:45:04.0064 3572 Brserid - ok
11:45:04.0127 3572 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:45:04.0127 3572 BrSerWdm - ok
11:45:04.0205 3572 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:45:04.0251 3572 BrUsbMdm - ok
11:45:04.0314 3572 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
11:45:04.0314 3572 BrUsbSer - ok
11:45:04.0423 3572 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:45:04.0470 3572 BTHMODEM - ok
11:45:04.0579 3572 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:45:04.0579 3572 bthserv - ok
11:45:04.0938 3572 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
11:45:04.0938 3572 ccSet_NIS - ok
11:45:05.0390 3572 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:45:05.0390 3572 cdfs - ok
11:45:05.0874 3572 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:45:05.0874 3572 cdrom - ok
11:45:06.0014 3572 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:45:06.0014 3572 CertPropSvc - ok
11:45:06.0030 3572 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:45:06.0045 3572 circlass - ok
11:45:06.0092 3572 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:45:06.0092 3572 CLFS - ok
11:45:06.0389 3572 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:45:06.0404 3572 clr_optimization_v2.0.50727_32 - ok
11:45:06.0779 3572 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:45:07.0309 3572 clr_optimization_v2.0.50727_64 - ok
11:45:07.0543 3572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:45:08.0120 3572 clr_optimization_v4.0.30319_32 - ok
11:45:08.0198 3572 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:45:08.0760 3572 clr_optimization_v4.0.30319_64 - ok
11:45:08.0869 3572 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:45:08.0869 3572 CmBatt - ok
11:45:09.0025 3572 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:45:09.0087 3572 cmdide - ok
11:45:09.0243 3572 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:45:09.0259 3572 CNG - ok
11:45:09.0477 3572 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:45:09.0477 3572 Compbatt - ok
11:45:09.0524 3572 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:45:09.0524 3572 CompositeBus - ok
11:45:09.0540 3572 COMSysApp - ok
11:45:09.0711 3572 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
11:45:09.0711 3572 cpuz135 - ok
11:45:09.0789 3572 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:45:09.0821 3572 crcdisk - ok
11:45:10.0008 3572 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:45:10.0008 3572 CryptSvc - ok
11:45:10.0289 3572 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:45:10.0289 3572 CSC - ok
11:45:10.0585 3572 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:45:10.0585 3572 CscService - ok
11:45:10.0897 3572 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:45:10.0897 3572 DcomLaunch - ok
11:45:11.0225 3572 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:45:11.0287 3572 defragsvc - ok
11:45:11.0365 3572 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:45:11.0365 3572 DfsC - ok
11:45:11.0521 3572 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:45:11.0521 3572 Dhcp - ok
11:45:11.0724 3572 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:45:11.0724 3572 discache - ok
11:45:11.0911 3572 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:45:11.0958 3572 Disk - ok
11:45:12.0301 3572 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:45:12.0457 3572 dmvsc - ok
11:45:12.0582 3572 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:45:12.0582 3572 Dnscache - ok
11:45:12.0691 3572 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:45:12.0722 3572 dot3svc - ok
11:45:12.0878 3572 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:45:12.0878 3572 DPS - ok
11:45:13.0065 3572 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:45:13.0299 3572 drmkaud - ok
11:45:13.0705 3572 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:45:13.0721 3572 DXGKrnl - ok
11:45:13.0814 3572 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:45:13.0877 3572 EapHost - ok
11:45:15.0234 3572 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:45:15.0374 3572 ebdrv - ok
11:45:15.0561 3572 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:45:15.0577 3572 eeCtrl - ok
11:45:15.0733 3572 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:45:15.0733 3572 EFS - ok
11:45:16.0326 3572 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:45:16.0419 3572 ehRecvr - ok
11:45:16.0544 3572 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:45:16.0575 3572 ehSched - ok
11:45:16.0794 3572 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:45:16.0825 3572 elxstor - ok
11:45:17.0075 3572 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:45:17.0075 3572 EraserUtilRebootDrv - ok
11:45:17.0168 3572 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:45:17.0168 3572 ErrDev - ok
11:45:17.0246 3572 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:45:17.0246 3572 EventSystem - ok
11:45:17.0402 3572 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:45:17.0402 3572 exfat - ok
11:45:17.0465 3572 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:45:17.0465 3572 fastfat - ok
11:45:17.0699 3572 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:45:17.0699 3572 Fax - ok
11:45:17.0745 3572 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:45:17.0745 3572 fdc - ok
11:45:17.0808 3572 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:45:17.0808 3572 fdPHost - ok
11:45:17.0870 3572 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:45:17.0870 3572 FDResPub - ok
11:45:17.0901 3572 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:45:17.0901 3572 FileInfo - ok
11:45:17.0933 3572 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:45:17.0933 3572 Filetrace - ok
11:45:18.0011 3572 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:45:18.0011 3572 flpydisk - ok
11:45:18.0073 3572 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:45:18.0073 3572 FltMgr - ok
11:45:18.0135 3572 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:45:18.0151 3572 FontCache - ok
11:45:18.0307 3572 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:45:18.0307 3572 FontCache3.0.0.0 - ok
11:45:18.0432 3572 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:45:18.0432 3572 FsDepends - ok
11:45:18.0479 3572 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:45:18.0479 3572 Fs_Rec - ok
11:45:18.0557 3572 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:45:18.0572 3572 fvevol - ok
11:45:18.0619 3572 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:45:18.0619 3572 gagp30kx - ok
11:45:18.0697 3572 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:45:18.0697 3572 GEARAspiWDM - ok
11:45:18.0775 3572 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:45:18.0775 3572 gpsvc - ok
11:45:19.0009 3572 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:45:19.0009 3572 gupdate - ok
11:45:19.0087 3572 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:45:19.0087 3572 gupdatem - ok
11:45:19.0165 3572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:45:19.0165 3572 gusvc - ok
11:45:19.0243 3572 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:45:19.0243 3572 hcw85cir - ok
11:45:19.0415 3572 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:45:19.0415 3572 HdAudAddService - ok
11:45:19.0773 3572 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:45:19.0773 3572 HDAudBus - ok
11:45:19.0805 3572 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:45:19.0805 3572 HidBatt - ok
11:45:19.0898 3572 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:45:19.0898 3572 HidBth - ok
11:45:19.0945 3572 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:45:19.0961 3572 HidIr - ok
11:45:19.0992 3572 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:45:19.0992 3572 hidserv - ok
11:45:20.0179 3572 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:45:20.0179 3572 HidUsb - ok
11:45:20.0210 3572 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:45:20.0210 3572 hkmsvc - ok
11:45:20.0335 3572 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:45:20.0335 3572 HomeGroupListener - ok
11:45:20.0429 3572 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:45:20.0429 3572 HomeGroupProvider - ok
11:45:20.0663 3572 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:45:20.0663 3572 HpSAMD - ok
11:45:21.0131 3572 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:45:21.0131 3572 HTTP - ok
11:45:21.0193 3572 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:45:21.0193 3572 hwpolicy - ok
11:45:21.0287 3572 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:45:21.0287 3572 i8042prt - ok
11:45:21.0489 3572 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:45:21.0489 3572 iaStorV - ok
11:45:22.0051 3572 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:45:22.0113 3572 idsvc - ok
11:45:24.0329 3572 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121109.001\IDSvia64.sys
11:45:24.0329 3572 IDSVia64 - ok
11:45:24.0563 3572 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:45:24.0563 3572 iirsp - ok
11:45:24.0641 3572 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:45:24.0641 3572 IKEEXT - ok
11:45:24.0750 3572 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:45:24.0750 3572 intelide - ok
11:45:24.0843 3572 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:45:24.0843 3572 intelppm - ok
11:45:25.0296 3572 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:45:25.0296 3572 IntuitUpdateServiceV4 - ok
11:45:25.0358 3572 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:45:25.0358 3572 IPBusEnum - ok
11:45:25.0421 3572 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:45:25.0421 3572 IpFilterDriver - ok
11:45:25.0514 3572 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:45:25.0530 3572 iphlpsvc - ok
11:45:25.0577 3572 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:45:25.0577 3572 IPMIDRV - ok
11:45:25.0592 3572 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:45:25.0592 3572 IPNAT - ok
11:45:25.0873 3572 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:45:25.0873 3572 iPod Service - ok
11:45:26.0076 3572 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:45:26.0076 3572 IRENUM - ok
11:45:26.0294 3572 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:45:26.0294 3572 isapnp - ok
11:45:26.0310 3572 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:45:26.0325 3572 iScsiPrt - ok
11:45:26.0684 3572 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:45:26.0684 3572 kbdclass - ok
11:45:26.0996 3572 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:45:26.0996 3572 kbdhid - ok
11:45:27.0027 3572 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:45:27.0027 3572 KeyIso - ok
11:45:27.0183 3572 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:45:27.0199 3572 KSecDD - ok
11:45:27.0246 3572 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:45:27.0246 3572 KSecPkg - ok
11:45:27.0449 3572 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:45:27.0449 3572 ksthunk - ok
11:45:27.0745 3572 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:45:27.0745 3572 KtmRm - ok
11:45:28.0213 3572 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:45:28.0229 3572 LanmanServer - ok
11:45:28.0369 3572 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:45:28.0369 3572 LanmanWorkstation - ok
11:45:29.0835 3572 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE
11:45:29.0976 3572 LiveUpdate - ok
11:45:30.0241 3572 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:45:30.0241 3572 lltdio - ok
11:45:30.0397 3572 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:45:30.0397 3572 lltdsvc - ok
11:45:30.0803 3572 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:45:30.0803 3572 lmhosts - ok
11:45:30.0912 3572 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:45:30.0927 3572 LSI_FC - ok
11:45:31.0052 3572 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:45:31.0052 3572 LSI_SAS - ok
11:45:31.0099 3572 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:45:31.0099 3572 LSI_SAS2 - ok
11:45:31.0208 3572 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:45:31.0208 3572 LSI_SCSI - ok
11:45:31.0442 3572 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:45:31.0442 3572 luafv - ok
11:45:31.0661 3572 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:45:31.0661 3572 LVPr2M64 - ok
11:45:31.0817 3572 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:45:31.0817 3572 LVPr2Mon - ok
11:45:32.0378 3572 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:45:32.0378 3572 LVPrcS64 - ok
11:45:32.0597 3572 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:45:32.0612 3572 LVRS64 - ok
11:45:33.0189 3572 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:45:33.0205 3572 LVUVC64 - ok
11:45:33.0595 3572 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:45:33.0595 3572 MBAMProtector - ok
11:45:34.0297 3572 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:45:34.0313 3572 MBAMScheduler - ok
11:45:35.0139 3572 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:45:35.0139 3572 MBAMService - ok
11:45:35.0295 3572 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:45:35.0763 3572 Mcx2Svc - ok
11:45:35.0919 3572 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:45:35.0951 3572 megasas - ok
11:45:36.0294 3572 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:45:36.0372 3572 MegaSR - ok
11:45:36.0684 3572 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:45:36.0684 3572 MMCSS - ok
11:45:36.0809 3572 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:45:36.0809 3572 Modem - ok
11:45:36.0871 3572 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:45:36.0871 3572 monitor - ok
11:45:36.0902 3572 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:45:36.0902 3572 mouclass - ok
11:45:36.0902 3572 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:45:36.0902 3572 mouhid - ok
11:45:36.0980 3572 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:45:36.0980 3572 mountmgr - ok
11:45:37.0121 3572 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:45:37.0136 3572 MozillaMaintenance - ok
11:45:37.0199 3572 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:45:37.0199 3572 mpio - ok
11:45:37.0245 3572 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:45:37.0245 3572 mpsdrv - ok
11:45:37.0401 3572 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:45:37.0401 3572 MpsSvc - ok
11:45:37.0479 3572 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:45:37.0479 3572 MRxDAV - ok
11:45:37.0682 3572 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:45:37.0682 3572 mrxsmb - ok
11:45:37.0823 3572 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:45:37.0823 3572 mrxsmb10 - ok
11:45:37.0854 3572 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:45:37.0854 3572 mrxsmb20 - ok
11:45:38.0103 3572 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:45:38.0103 3572 msahci - ok
11:45:38.0478 3572 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:45:38.0540 3572 msdsm - ok
11:45:38.0961 3572 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:45:39.0055 3572 MSDTC - ok
11:45:39.0195 3572 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:45:39.0195 3572 Msfs - ok
11:45:39.0258 3572 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:45:39.0258 3572 mshidkmdf - ok
11:45:39.0398 3572 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:45:39.0398 3572 msisadrv - ok
11:45:39.0804 3572 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:45:39.0866 3572 MSiSCSI - ok
11:45:39.0866 3572 msiserver - ok
11:45:40.0038 3572 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:45:40.0038 3572 MSKSSRV - ok
11:45:40.0053 3572 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:45:40.0053 3572 MSPCLOCK - ok
11:45:40.0256 3572 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:45:40.0256 3572 MSPQM - ok
11:45:40.0381 3572 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:45:40.0381 3572 MsRPC - ok
11:45:40.0412 3572 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:45:40.0412 3572 mssmbios - ok
11:45:40.0459 3572 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:45:40.0459 3572 MSTEE - ok
11:45:40.0490 3572 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:45:40.0490 3572 MTConfig - ok
11:45:40.0506 3572 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:45:40.0506 3572 Mup - ok
11:45:40.0584 3572 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:45:40.0584 3572 napagent - ok
11:45:40.0818 3572 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:45:40.0818 3572 NativeWifiP - ok
11:45:41.0379 3572 [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
11:45:41.0395 3572 NAUpdate - ok
11:45:41.0957 3572 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121110.006\ENG64.SYS
11:45:42.0128 3572 NAVENG - ok
11:45:43.0329 3572 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121110.006\EX64.SYS
11:45:43.0563 3572 NAVEX15 - ok
11:45:43.0626 3572 [ 7B2D90BBBBED11C8DFBA441D34AE901E ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
11:45:43.0626 3572 NBVol - ok
11:45:43.0657 3572 [ 4FE7B5757279D82C4D171E9F7FD52A75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
11:45:43.0657 3572 NBVolUp - ok
11:45:43.0735 3572 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:45:43.0735 3572 NDIS - ok
11:45:43.0797 3572 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:45:43.0797 3572 NdisCap - ok
11:45:43.0938 3572 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:45:43.0938 3572 NdisTapi - ok
11:45:43.0969 3572 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:45:43.0969 3572 Ndisuio - ok
11:45:44.0031 3572 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:45:44.0031 3572 NdisWan - ok
11:45:44.0577 3572 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:45:44.0577 3572 NDProxy - ok
11:45:44.0671 3572 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:45:44.0671 3572 NetBIOS - ok
11:45:44.0718 3572 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:45:44.0718 3572 NetBT - ok
11:45:44.0843 3572 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:45:44.0843 3572 Netlogon - ok
11:45:44.0952 3572 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:45:44.0952 3572 Netman - ok
11:45:45.0030 3572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:45:45.0139 3572 NetMsmqActivator - ok
11:45:45.0139 3572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:45:45.0139 3572 NetPipeActivator - ok
11:45:45.0217 3572 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:45:45.0217 3572 netprofm - ok
11:45:45.0217 3572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:45:45.0217 3572 NetTcpActivator - ok
11:45:45.0233 3572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:45:45.0233 3572 NetTcpPortSharing - ok
11:45:45.0295 3572 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:45:45.0295 3572 nfrd960 - ok
11:45:45.0623 3572 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
11:45:45.0638 3572 NIS - ok
11:45:45.0779 3572 [ 7F98566A311CEB1FE2994F8C2A05FBC1 ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
11:45:45.0794 3572 NitroDriverReadSpool - ok
11:45:46.0044 3572 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:45:46.0060 3572 NlaSvc - ok
11:45:46.0169 3572 [ 7BFA0C5D8A4A2F1C46A6A3A698BDE3E5 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
11:45:46.0169 3572 nlsX86cc - ok
11:45:48.0463 3572 [ A1787754952A0B700E386DC7C5FA5726 ] Norton Ghost C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
11:45:48.0479 3572 Norton Ghost - ok
11:45:48.0572 3572 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:45:48.0572 3572 Npfs - ok
11:45:48.0759 3572 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:45:48.0791 3572 nsi - ok
11:45:48.0869 3572 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:45:48.0869 3572 nsiproxy - ok
11:45:49.0383 3572 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:45:49.0415 3572 Ntfs - ok
11:45:49.0524 3572 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:45:49.0524 3572 Null - ok
11:45:49.0680 3572 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:45:49.0680 3572 nvraid - ok
11:45:49.0711 3572 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:45:49.0727 3572 nvstor - ok
11:45:49.0742 3572 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:45:49.0742 3572 nv_agp - ok
11:45:49.0789 3572 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:45:49.0789 3572 ohci1394 - ok
11:45:50.0023 3572 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:45:50.0054 3572 ose - ok
11:45:51.0536 3572 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:45:51.0723 3572 osppsvc - ok
11:45:52.0051 3572 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:45:52.0067 3572 p2pimsvc - ok
11:45:52.0145 3572 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:45:52.0145 3572 p2psvc - ok
11:45:52.0207 3572 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:45:52.0207 3572 Parport - ok
11:45:52.0254 3572 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:45:52.0269 3572 partmgr - ok
11:45:52.0363 3572 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:45:52.0379 3572 PcaSvc - ok
11:45:52.0425 3572 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:45:52.0441 3572 pci - ok
11:45:52.0472 3572 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:45:52.0472 3572 pciide - ok
11:45:52.0519 3572 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:45:52.0519 3572 pcmcia - ok
11:45:52.0550 3572 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:45:52.0550 3572 pcw - ok
11:45:52.0644 3572 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:45:52.0644 3572 PEAUTH - ok
11:45:52.0847 3572 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:45:53.0034 3572 PeerDistSvc - ok
11:45:53.0502 3572 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:45:54.0141 3572 PerfHost - ok
11:45:54.0266 3572 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:45:54.0282 3572 pla - ok
11:45:54.0375 3572 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:45:54.0375 3572 PlugPlay - ok
11:45:54.0422 3572 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:45:54.0500 3572 PNRPAutoReg - ok
11:45:54.0625 3572 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:45:54.0641 3572 PNRPsvc - ok
11:45:54.0890 3572 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:45:54.0890 3572 PolicyAgent - ok
11:45:54.0999 3572 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:45:54.0999 3572 Power - ok
11:45:55.0109 3572 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:45:55.0109 3572 PptpMiniport - ok
11:45:55.0280 3572 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:45:55.0280 3572 Processor - ok
11:45:55.0499 3572 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:45:55.0499 3572 ProfSvc - ok
11:45:55.0530 3572 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:45:55.0530 3572 ProtectedStorage - ok
11:45:55.0592 3572 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:45:55.0592 3572 Psched - ok
11:45:56.0029 3572 [ 5D17052A59754A1C74DA571C27A0557E ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:45:56.0029 3572 QBCFMonitorService - ok
11:45:56.0154 3572 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:45:56.0154 3572 QBFCService - ok
11:45:56.0372 3572 [ 25FC19BADF78B7FB1D835AAC4B0B91A5 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
11:45:56.0388 3572 QBVSS - ok
11:45:57.0121 3572 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:45:57.0308 3572 ql2300 - ok
11:45:57.0511 3572 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:45:57.0823 3572 ql40xx - ok
11:45:58.0197 3572 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:45:58.0260 3572 QWAVE - ok
11:45:58.0353 3572 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:45:58.0400 3572 QWAVEdrv - ok
11:45:59.0055 3572 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
11:45:59.0071 3572 RapportCerberus_43926 - ok
11:46:01.0973 3572 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
11:46:04.0406 3572 RapportEI64 - ok
11:46:04.0625 3572 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
11:46:04.0625 3572 RapportKE64 - ok
11:46:04.0874 3572 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
11:46:04.0874 3572 RapportMgmtService - ok
11:46:04.0983 3572 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
11:46:04.0983 3572 RapportPG64 - ok
11:46:05.0015 3572 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:46:05.0015 3572 RasAcd - ok
11:46:05.0171 3572 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:05.0171 3572 RasAgileVpn - ok
11:46:05.0467 3572 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:46:05.0483 3572 RasAuto - ok
11:46:05.0654 3572 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:05.0654 3572 Rasl2tp - ok
11:46:06.0011 3572 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:46:06.0021 3572 RasMan - ok
11:46:06.0061 3572 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:06.0061 3572 RasPppoe - ok
11:46:06.0111 3572 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:46:06.0111 3572 RasSstp - ok
11:46:06.0411 3572 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:46:06.0421 3572 rdbss - ok
11:46:06.0651 3572 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:06.0651 3572 rdpbus - ok
11:46:06.0701 3572 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:06.0701 3572 RDPCDD - ok
11:46:06.0861 3572 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:46:06.0901 3572 RDPDR - ok
11:46:07.0011 3572 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:46:07.0011 3572 RDPENCDD - ok
11:46:07.0111 3572 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:46:07.0111 3572 RDPREFMP - ok
11:46:07.0191 3572 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:46:07.0191 3572 RdpVideoMiniport - ok
11:46:07.0261 3572 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:46:07.0261 3572 RDPWD - ok
11:46:07.0351 3572 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:46:07.0351 3572 rdyboost - ok
11:46:07.0421 3572 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:46:07.0541 3572 RemoteAccess - ok
11:46:07.0601 3572 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:46:07.0631 3572 RemoteRegistry - ok
11:46:07.0691 3572 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:46:07.0691 3572 RpcEptMapper - ok
11:46:07.0771 3572 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:46:07.0771 3572 RpcLocator - ok
11:46:07.0941 3572 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:46:07.0941 3572 RpcSs - ok
11:46:08.0081 3572 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:46:08.0081 3572 rspndr - ok
11:46:08.0442 3572 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:46:08.0452 3572 RTL8167 - ok
11:46:08.0652 3572 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:46:08.0652 3572 s3cap - ok
11:46:08.0702 3572 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:46:08.0702 3572 SamSs - ok
11:46:08.0722 3572 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:46:08.0722 3572 sbp2port - ok
11:46:08.0762 3572 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:46:08.0772 3572 SCardSvr - ok
11:46:08.0812 3572 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:46:08.0812 3572 scfilter - ok
11:46:08.0922 3572 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:46:08.0932 3572 Schedule - ok
11:46:08.0992 3572 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:46:08.0992 3572 SCPolicySvc - ok
11:46:09.0032 3572 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:46:09.0032 3572 SDRSVC - ok
11:46:09.0092 3572 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:46:09.0102 3572 secdrv - ok
11:46:09.0342 3572 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:46:09.0342 3572 seclogon - ok
11:46:09.0636 3572 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:46:09.0639 3572 SENS - ok
11:46:09.0726 3572 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:46:09.0736 3572 SensrSvc - ok
11:46:09.0816 3572 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:46:09.0816 3572 Serenum - ok
11:46:09.0936 3572 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:46:09.0936 3572 Serial - ok
11:46:10.0116 3572 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:46:10.0116 3572 sermouse - ok
11:46:10.0256 3572 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:46:10.0266 3572 SessionEnv - ok
11:46:10.0316 3572 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:46:10.0316 3572 sffdisk - ok
11:46:10.0406 3572 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:46:10.0406 3572 sffp_mmc - ok
11:46:10.0556 3572 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:46:10.0586 3572 sffp_sd - ok
11:46:10.0656 3572 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:46:10.0656 3572 sfloppy - ok
11:46:10.0706 3572 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:46:10.0706 3572 SharedAccess - ok
11:46:10.0796 3572 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:46:10.0816 3572 ShellHWDetection - ok
11:46:10.0968 3572 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:46:10.0988 3572 SiSRaid2 - ok
11:46:11.0158 3572 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:46:11.0158 3572 SiSRaid4 - ok
11:46:11.0308 3572 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:46:11.0328 3572 Smb - ok
11:46:11.0370 3572 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:46:11.0370 3572 SNMPTRAP - ok
11:46:11.0480 3572 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:46:11.0520 3572 spldr - ok
11:46:12.0050 3572 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:46:12.0050 3572 Spooler - ok
11:46:12.0896 3572 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:46:13.0115 3572 sppsvc - ok
11:46:13.0130 3572 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:46:13.0130 3572 sppuinotify - ok
11:46:13.0364 3572 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
11:46:13.0427 3572 SRTSP - ok
11:46:13.0645 3572 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
11:46:13.0645 3572 SRTSPX - ok
11:46:13.0739 3572 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:46:13.0739 3572 srv - ok
11:46:13.0910 3572 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:46:13.0910 3572 srv2 - ok
11:46:14.0144 3572 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:46:14.0144 3572 srvnet - ok
11:46:14.0229 3572 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:46:14.0229 3572 SSDPSRV - ok
11:46:14.0320 3572 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:46:14.0320 3572 SstpSvc - ok
11:46:14.0460 3572 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:46:14.0694 3572 stexstor - ok
11:46:14.0788 3572 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:46:14.0835 3572 StillCam - ok
11:46:14.0975 3572 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:46:14.0975 3572 stisvc - ok
11:46:15.0006 3572 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:46:15.0069 3572 storflt - ok
11:46:15.0240 3572 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:46:15.0272 3572 StorSvc - ok
11:46:15.0646 3572 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:46:15.0708 3572 storvsc - ok
11:46:15.0864 3572 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:46:15.0864 3572 swenum - ok
11:46:15.0958 3572 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:46:16.0036 3572 swprv - ok
11:46:16.0176 3572 Symantec SymSnap VSS Provider - ok
11:46:16.0722 3572 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
11:46:16.0722 3572 SymDS - ok
11:46:17.0066 3572 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
11:46:17.0097 3572 SymEFA - ok
11:46:17.0190 3572 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:46:17.0190 3572 SymEvent - ok
11:46:17.0362 3572 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
11:46:17.0362 3572 SymIM - ok
11:46:17.0471 3572 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
11:46:17.0487 3572 SymIRON - ok
11:46:17.0736 3572 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
11:46:17.0736 3572 SymNetS - ok
11:46:17.0783 3572 [ 2D9B2746F7DEA46D1572B84A06311566 ] symsnap C:\Windows\system32\DRIVERS\symsnap.sys
11:46:17.0783 3572 symsnap - ok
11:46:18.0111 3572 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:46:18.0111 3572 SysMain - ok
11:46:18.0251 3572 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:46:18.0282 3572 TabletInputService - ok
11:46:18.0423 3572 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:46:18.0470 3572 TapiSrv - ok
11:46:18.0579 3572 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:46:18.0579 3572 TBS - ok
11:46:19.0000 3572 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:46:19.0047 3572 Tcpip - ok
11:46:19.0125 3572 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:46:19.0140 3572 TCPIP6 - ok
11:46:19.0172 3572 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:46:19.0172 3572 tcpipreg - ok
11:46:19.0203 3572 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:46:19.0203 3572 TDPIPE - ok
11:46:19.0281 3572 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:46:19.0281 3572 TDTCP - ok
11:46:19.0328 3572 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:46:19.0328 3572 tdx - ok
11:46:19.0468 3572 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:46:19.0468 3572 TermDD - ok
11:46:19.0686 3572 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:46:19.0702 3572 TermService - ok
11:46:19.0733 3572 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:46:19.0733 3572 Themes - ok
11:46:19.0796 3572 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:46:19.0796 3572 THREADORDER - ok
11:46:20.0217 3572 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:46:20.0217 3572 TrkWks - ok
11:46:20.0357 3572 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:46:20.0357 3572 TrustedInstaller - ok
11:46:20.0373 3572 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:46:20.0373 3572 tssecsrv - ok
11:46:20.0669 3572 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:46:20.0685 3572 TsUsbFlt - ok
11:46:20.0919 3572 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:46:20.0934 3572 TsUsbGD - ok
11:46:21.0106 3572 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:46:21.0106 3572 tunnel - ok
11:46:21.0262 3572 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:46:21.0340 3572 uagp35 - ok
11:46:21.0496 3572 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:46:21.0574 3572 udfs - ok
11:46:21.0699 3572 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:46:21.0699 3572 UI0Detect - ok
11:46:21.0808 3572 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:46:21.0808 3572 uliagpkx - ok
11:46:21.0870 3572 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:46:21.0870 3572 umbus - ok
11:46:21.0964 3572 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:46:21.0964 3572 UmPass - ok
11:46:22.0058 3572 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:46:22.0073 3572 UmRdpService - ok
11:46:22.0120 3572 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:46:22.0136 3572 upnphost - ok
11:46:22.0198 3572 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:46:22.0214 3572 usbaudio - ok
11:46:22.0292 3572 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:46:22.0292 3572 usbccgp - ok
11:46:22.0354 3572 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:46:22.0354 3572 usbcir - ok
11:46:22.0416 3572 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:46:22.0416 3572 usbehci - ok
11:46:22.0479 3572 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:46:22.0479 3572 usbhub - ok
11:46:22.0526 3572 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:46:22.0526 3572 usbohci - ok
11:46:22.0604 3572 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:46:22.0604 3572 usbprint - ok
11:46:22.0666 3572 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:46:22.0666 3572 usbscan - ok
11:46:22.0728 3572 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:46:22.0728 3572 USBSTOR - ok
11:46:22.0869 3572 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:46:22.0869 3572 usbuhci - ok
11:46:23.0087 3572 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:46:23.0181 3572 usbvideo - ok
11:46:23.0290 3572 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:46:23.0290 3572 UxSms - ok
11:46:23.0337 3572 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:46:23.0337 3572 VaultSvc - ok
11:46:23.0586 3572 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:46:23.0633 3572 vdrvroot - ok
11:46:23.0867 3572 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:46:23.0930 3572 vds - ok
11:46:24.0008 3572 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:46:24.0008 3572 vga - ok
11:46:24.0070 3572 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:46:24.0070 3572 VgaSave - ok
11:46:24.0148 3572 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:46:24.0164 3572 vhdmp - ok
11:46:24.0257 3572 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:46:24.0257 3572 viaide - ok
11:46:24.0366 3572 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:46:24.0366 3572 vmbus - ok
11:46:24.0444 3572 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:46:24.0444 3572 VMBusHID - ok
11:46:24.0507 3572 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:46:24.0507 3572 volmgr - ok
11:46:24.0569 3572 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:46:24.0569 3572 volmgrx - ok
11:46:24.0647 3572 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:46:24.0663 3572 volsnap - ok
11:46:24.0772 3572 [ 8B7454930230DB4BC4BA35A467BE09AA ] VProEventMonitor C:\Windows\system32\DRIVERS\vproeventmonitor.sys
11:46:24.0772 3572 VProEventMonitor - ok
11:46:24.0897 3572 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:46:24.0897 3572 vsmraid - ok
11:46:25.0209 3572 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:46:25.0380 3572 VSS - ok
11:46:25.0412 3572 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:46:25.0412 3572 vwifibus - ok
11:46:25.0552 3572 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:46:25.0630 3572 W32Time - ok
11:46:25.0724 3572 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:46:25.0739 3572 WacomPen - ok
11:46:25.0802 3572 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:46:25.0802 3572 WANARP - ok
11:46:25.0817 3572 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:46:25.0817 3572 Wanarpv6 - ok
11:46:26.0348 3572 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:46:26.0410 3572 WatAdminSvc - ok
11:46:26.0550 3572 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:46:26.0613 3572 wbengine - ok
11:46:26.0644 3572 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:46:26.0644 3572 WbioSrvc - ok
11:46:26.0706 3572 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:46:26.0722 3572 wcncsvc - ok
11:46:26.0769 3572 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:46:26.0769 3572 WcsPlugInService - ok
11:46:26.0800 3572 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:46:26.0816 3572 Wd - ok
11:46:26.0878 3572 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:46:26.0894 3572 Wdf01000 - ok
11:46:27.0128 3572 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:46:27.0128 3572 WdiServiceHost - ok
11:46:27.0143 3572 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:46:27.0159 3572 WdiSystemHost - ok
11:46:27.0549 3572 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:46:27.0549 3572 WebClient - ok
11:46:27.0720 3572 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:46:27.0767 3572 Wecsvc - ok
11:46:27.0861 3572 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:46:28.0110 3572 wercplsupport - ok
11:46:28.0329 3572 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:46:28.0344 3572 WerSvc - ok
11:46:28.0407 3572 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:46:28.0407 3572 WfpLwf - ok
11:46:28.0547 3572 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:46:28.0547 3572 WimFltr - ok
11:46:28.0703 3572 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:46:28.0703 3572 WIMMount - ok
11:46:28.0890 3572 WinDefend - ok
11:46:28.0906 3572 WinHttpAutoProxySvc - ok
11:46:29.0390 3572 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:46:29.0390 3572 Winmgmt - ok
11:46:30.0014 3572 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:46:30.0060 3572 WinRM - ok
11:46:30.0341 3572 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:46:30.0341 3572 WinUsb - ok
11:46:30.0450 3572 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:46:30.0450 3572 Wlansvc - ok
11:46:30.0497 3572 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:46:30.0513 3572 WmiAcpi - ok
11:46:30.0560 3572 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:46:30.0575 3572 wmiApSrv - ok
11:46:30.0731 3572 WMPNetworkSvc - ok
11:46:30.0872 3572 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:46:30.0872 3572 WPCSvc - ok
11:46:31.0199 3572 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:46:31.0199 3572 WPDBusEnum - ok
11:46:31.0277 3572 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:46:31.0277 3572 ws2ifsl - ok
11:46:31.0324 3572 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:46:31.0324 3572 wscsvc - ok
11:46:31.0324 3572 WSearch - ok
11:46:32.0291 3572 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:46:32.0307 3572 wuauserv - ok
11:46:32.0400 3572 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:46:32.0400 3572 WudfPf - ok
11:46:32.0697 3572 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:46:32.0697 3572 WUDFRd - ok
11:46:32.0775 3572 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:46:32.0775 3572 wudfsvc - ok
11:46:32.0853 3572 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:46:32.0853 3572 WwanSvc - ok
11:46:32.0931 3572 ================ Scan global ===============================
11:46:33.0102 3572 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:46:33.0118 3572 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:46:33.0134 3572 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:46:33.0212 3572 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:46:33.0290 3572 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:46:33.0290 3572 [Global] - ok
11:46:33.0290 3572 ================ Scan MBR ==================================
11:46:33.0290 3572 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
11:46:33.0305 3572 \Device\Harddisk1\DR1 - ok
11:46:33.0617 3572 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:46:35.0255 3572 \Device\Harddisk0\DR0 - ok
11:46:35.0271 3572 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk2\DR2
11:46:35.0630 3572 \Device\Harddisk2\DR2 - ok
11:46:35.0630 3572 ================ Scan VBR ==================================
11:46:35.0630 3572 [ 1662BC84B7DF11038FA2107C67BC3BCB ] \Device\Harddisk1\DR1\Partition1
11:46:35.0630 3572 \Device\Harddisk1\DR1\Partition1 - ok
11:46:35.0708 3572 [ D27B35990CA42BCC20472018D2D98AEF ] \Device\Harddisk0\DR0\Partition1
11:46:35.0708 3572 \Device\Harddisk0\DR0\Partition1 - ok
11:46:35.0723 3572 [ 2184BF201C94CA0F8BFFD8C1CFC5FBC6 ] \Device\Harddisk0\DR0\Partition2
11:46:35.0832 3572 \Device\Harddisk0\DR0\Partition2 - ok
11:46:35.0832 3572 [ 893BE2AD9A822AF227F0A2036EFC27F3 ] \Device\Harddisk2\DR2\Partition1
11:46:35.0832 3572 \Device\Harddisk2\DR2\Partition1 - ok
11:46:35.0832 3572 ============================================================
11:46:35.0832 3572 Scan finished
11:46:35.0832 3572 ============================================================
11:46:35.0848 3504 Detected object count: 0
11:46:35.0848 3504 Actual detected object count: 0
11:46:44.0350 3616 Deinitialize success

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 11 November 2012 - 01:59 PM

Continue with these scans.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#5 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 November 2012 - 03:44 PM

I ran combofix. The report is below. Now I cannot open a text file or run any program like security check. I get a popup error message "illegal operation attempted on a registry key that has been marked for deletion". The title is "c:\windows\system32\rundll32.exe" or the program that I am trying to run

ComboFix 12-11-10.01 - ravi 11/11/2012 15:14:43.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.3963 [GMT -5:00]
Running from: c:\users\ravi\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ravi\AppData\Local\Microsoft\Windows\Burn\Burn\AUTORUN.inF
c:\users\ravi\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 20:23 . 2012-11-11 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 16:40 . 2012-11-11 16:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 14:13 . 2012-11-11 14:13 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-11 13:54 . 2012-11-11 13:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-11 13:53 . 2012-11-11 13:54 -------- d-----w- c:\program files (x86)\QuickTime
2012-11-11 12:12 . 2012-11-11 12:12 -------- d-----w- c:\users\ravi\AppData\Roaming\Malwarebytes
2012-11-11 12:12 . 2012-11-11 12:12 -------- d-----w- c:\programdata\Malwarebytes
2012-11-11 12:12 . 2012-11-11 12:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-11 12:12 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-29 22:48 . 2012-10-24 17:50 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-29 22:48 . 2012-10-24 17:50 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-05 02:27 . 2012-04-09 00:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-05 02:27 . 2011-12-27 01:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 07:03 . 2012-01-01 15:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-22 20:34 . 2012-05-07 19:56 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-09-14 19:19 . 2012-10-10 07:06 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 07:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 07:06 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 07:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 07:06 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 07:06 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 07:06 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 07:06 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:16 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:16 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:16 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 00:29 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-16 17:13 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2011-12-18 02:14 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2011-12-18 02:14 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 07:06 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 07:06 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 07:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 07:06 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 07:06 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 07:06 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 07:06 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 07:06 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 07:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 07:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 07:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 07:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 07:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 07:06 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 07:06 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-08-28 2305912]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-8-28 6038904]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-8-28 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-8-28 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 17:10 18744 ----a-w- c:\windows\System32\PCANotify.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-02 1255736]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121109.001\IDSvia64.sys [2012-09-06 513184]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-23 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-09-24 341312]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-10 138912]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:27]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 14:40]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 14:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\ravi\AppData\Roaming\Mozilla\Firefox\Profiles\gzh4c3v7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-Norton Ghost 15.0 - c:\program files (x86)\Norton Ghost\Agent\VProTray.exe
SafeBoot-45323601.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d6,47,36,76,03,bc,cd,01
.
[HKEY_USERS\S-1-5-21-3355106150-2835235960-2476616060-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2956"="{4424E292-7D4C-4858-94D1-FEC496FB90C5}"
"g_coUserCommandChannel"="{B934E4CC-76A7-4EE5-B84F-501E5BC86D72}"
"ccSvcHst_UserSession_3788"="{6902389B-B0A2-4EBA-965E-EC2EE8FEBB7F}"
"ccSvcHst_UserSession_2288"="{316120BF-E959-4A86-A1B0-A3E7CDC43CFD}"
"ccSvcHst_UserSession_3220"="{31202FB0-C697-4333-894E-C96A424A16B2}"
"ccSvcHst_UserSession2_920"="{AF886B30-C947-4E0B-9B62-769C5AB88ED7}"
"ccSvcHst_UserSession_2308"="{C2A0D4A3-ECDA-48FC-8859-033CE75FFD75}"
"ccSvcHst_UserSession_4560"="{4596B247-E0F7-4208-9167-0121BF7B0F24}"
"ccSvcHst_UserSession2_2196"="{29368B89-46B5-4DEA-9154-6AEE9C17010C}"
"ccSvcHst_UserSession2_2340"="{2CC0C846-E13D-4E1A-BE39-D61824AC2151}"
"ccSvcHst_UserSession2_2032"="{CFCB3D51-CD68-4FE9-BA5C-B36CF29F0A29}"
"ccSvcHst_UserSession2_2232"="{6E7889C0-C41B-4C1F-83A6-6F5E5B381DEB}"
"ccSvcHst_UserSession2_2356"="{B312A9EA-C900-4160-807B-EEB862164D7F}"
"ccSvcHst_UserSession2_2412"="{09A65A72-517A-4C3A-8613-08F7F1FEEB33}"
"ccSvcHst_UserSession2_2444"="{2BCFD16B-F305-46AE-9F80-BD7EA166FBBC}"
"ccSvcHst_NIS"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ccSvcHst_UserSession2_2392"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"ccGenericEvent_Global_EM"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ccGenericEvent_Global_LM"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ccGenericLog_Manager"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"g_coVistaProxyChannel"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"SNDServiceRequestChannel"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"SymRedirSvcRequestChannel"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"SNDLocationChannel"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ipcChannel_ShastaServer"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"NortonNetServiceIPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"NetMapServiceIPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_isDataPrComm_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ncw_performance_IPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_ProcessDetection_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_AvProdSvcComm_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"isError_Service_IPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"BashIPCChannel"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_ISPOCClient_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_IDataStoreMgr_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_NortonOnlineCommFeatureRequest_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"_HSPlayerCommand_"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"FWAlert"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"IPS_COMMAND_CHANNEL"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"AvProdSession_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"AvProdSession_Options_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"AvProdSession_MessageCenter_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"AvProdSession_Scanless_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"AvProdSession_IPUA_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"AvProdSession_CanIRun_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"clt::AlertChannel2_01"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"g_coUserCommandChannel_S-1-5-21-3355106150-2835235960-2476616060-1000"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"TRUSTCHANNEL"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"SDKCHANNEL1"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"ToasterNotify\\SessionID_1"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"_IPCChannel_PerformAutoLogin_1_"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"
"_ReputationSvcComm_ReputationPublisher"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
"ncw_reputation_scan_server_IPC"="{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{41686F32-B63C-4F1C-90C7-D90282C28F33}"=""
"{4424E292-7D4C-4858-94D1-FEC496FB90C5}"=""
"{C1EF5492-7C3A-48E2-9492-DBF4046F6BEC}"=""
"{3F88B01F-34F3-4CF0-9D8C-3643D3E4E7F2}"=""
"{C1F95A06-163C-4ADC-BB61-BEEC266680A0}"=""
"{2371BDA1-2234-4992-A591-779D70D62F36}"=""
"{C4D646E9-1117-4A66-A294-99F66B93B57A}"=""
"{7C1A6709-FE36-414D-A0D8-A07B8F22FB15}"=""
"{55CEF07C-05AA-42FA-97AC-E341D993A153}"=""
"{0432E9F6-85CE-4B2B-9A6E-5CDD4F879E30}"=""
"{411B46FF-0F4A-45AF-A496-F0E0EB246DE5}"=""
"{7394D360-0E4A-4E45-8CD1-84F7432E4B75}"=""
"{C09CA2D0-D54C-4684-83C9-8C3982CEA681}"=""
"{2B71AD24-9275-453B-AABF-5A18834B83D1}"=""
"{28BBC95F-06C1-40DC-9B04-6F803D07F549}"=""
"{3E53AFE5-4B59-41C9-A4E0-4D42458CC0C4}"=""
"{75E69906-5BBB-4F40-A9F4-F894591D441F}"=""
"{98D04441-86BC-40B1-A301-03154F94936C}"=""
"{4D422FA7-950A-41F7-9C92-43628CDCB40F}"=""
"{542823DD-5791-4C37-BE7F-2DC4C1573173}"=""
"{9BC8C0CD-0DFE-4A47-B581-06D607BD79CE}"=""
"{CC308446-C84C-41FC-9D43-CE7B1243BB57}"=""
"{85E1CF34-1B71-4B99-A902-40A86DF4FA81}"=""
"{D64A4617-D6F5-45C4-9455-ADB21C312D7F}"=""
"{C4C10E74-69C0-4A73-ADF8-7A9960E263DF}"=""
"{D06BA4D3-2F2E-4AA0-BBEA-4BA5F648DAE1}"=""
"{F46D7962-E268-4CFA-8118-60CAFE00FBF2}"=""
"{983F196B-09E3-41B8-B181-51AD66967981}"=""
"{611D6D1D-E70A-4CD2-A72A-8D526DE6C2B1}"=""
"{DEBF519C-D254-49E2-A1BE-1CEE81FC830C}"=""
"{CC12FD92-EFA7-4D2F-8E24-1253199A3506}"=""
"{5AC5954C-BE09-424D-AD2D-613245E3DEF7}"=""
"{222DBF43-D679-42B0-8B76-DD417843887C}"=""
"{60B2ABC4-777E-4DDE-A5BF-C4C27ACEAADF}"=""
"{D1640DE2-BF0F-4FBC-A34D-7E1C613E3F0E}"=""
"{22DDE387-6E3E-49A4-83D7-76A6A2F49FA7}"=""
"{92517509-D154-4EF0-BB90-F041F4D371E5}"=""
"{6902389B-B0A2-4EBA-965E-EC2EE8FEBB7F}"=""
"{404E1D95-5364-4F2F-B841-4EA8DC8451D8}"=""
"{D355C2B0-29BD-44FC-A0DD-24A150EB8726}"=""
"{EE7A9A8F-F954-4586-84A0-E9D07EC50EDD}"=""
"{BFE701E7-01B9-4923-83A1-4F174AC7976A}"=""
"{895AB23B-418C-4494-B201-15F2ACB72209}"=""
"{D3ACFF72-4D83-452B-8B45-FEB0EE22B9C8}"=""
"{F6B4B180-735A-46E3-AE93-DC69DF481243}"=""
"{9F3C40A1-48AD-4ACD-9A92-D446D6551AB0}"=""
"{8DC636E6-E0B3-441C-A9BA-634D712BA64C}"=""
"{A6AF625B-71BB-4411-8142-4832F6F1A443}"=""
"{9D7FE9F2-238F-4D91-BBC6-4A2BABBD3030}"=""
"{7EF89A80-C70F-47CE-A4DD-35ADA1D8895E}"=""
"{0A7FAEBD-539C-47A9-89B6-E82A14646F9C}"=""
"{27ACA25C-904D-41FD-9213-95EA7FDB00D4}"=""
"{B934E4CC-76A7-4EE5-B84F-501E5BC86D72}"=""
"{B3F41B6D-E99C-47FE-8915-E48DE12C95E4}"=""
"{B68ABA04-5CC2-41EC-950B-5FFC6CBA1BE8}"=""
"{9BA925E1-C586-42AB-9880-C8CF06216AC9}"=""
"{4F4ADD38-366B-416D-A15E-E464E6E76999}"=""
"{5D8348C2-AF95-4639-A22F-D32AF461A27F}"=""
"{25D39636-5340-46DF-B190-290EE506E6B0}"=""
"{3FF583AF-C416-4376-BE03-43FF4873A0C2}"=""
"{0F9AE325-A0EF-41CE-A5B7-7508D45C0160}"=""
"{B2E19ACF-851F-4A01-B802-44352E201C41}"=""
"{4A5E469A-70F2-47ED-A0DF-C85192D409BC}"=""
"{F99900DC-DE5E-4A1D-B5E7-00D5887859A5}"=""
"{33533E0E-1974-48AB-A805-B4AB996EE136}"=""
"{90AA759C-F28B-4EFB-ABE0-402D06933C6D}"=""
"{316120BF-E959-4A86-A1B0-A3E7CDC43CFD}"=""
"{9CE7AAF8-C80C-498F-83BA-DAFCD52C94B9}"=""
"{31202FB0-C697-4333-894E-C96A424A16B2}"=""
"{3AE87A12-CBF0-43C8-96C9-46C811778E06}"=""
"{F1D3E608-FFE6-48A0-822E-5B761C38C98B}"=""
"{F791DE3B-F446-4AA6-A0E4-ED5D6D7895F0}"=""
"{EA9FB5DA-AFB1-4D01-A05B-52DBBC05B5AD}"=""
"{1EF93F96-ACCE-4D14-B986-87B835827A84}"=""
"{B3D10294-DCA8-4D85-8BEA-906D8DE0E9EC}"=""
"{6B2BA093-8F6B-41F1-A107-29D57D2DD208}"=""
"{5EF95A2B-C95E-46B8-9855-9AE499BCCA6B}"=""
"{14EBC217-FE80-4D84-AE71-855EDCB4245C}"=""
"{135825F1-1516-4B47-9ABE-160845E1A0D0}"=""
"{214FD3D0-F088-441F-A0C9-BA74D72AA468}"=""
"{036D9B44-3277-491D-8298-5C5A4157FDE1}"=""
"{31F530A1-93F2-4745-AB6D-30F6358A7EBE}"=""
"{98793464-D9A6-47D8-8F10-4CD13D2E85AD}"=""
"{0A524039-D924-431C-B73F-4AE1B715CB8A}"=""
"{4099BE2F-EDEB-4B87-BED6-BCFAAF03DFBA}"=""
"{DB4FBBF7-9A7C-4209-9CEE-B70B5DD27EF5}"=""
"{AF886B30-C947-4E0B-9B62-769C5AB88ED7}"=""
"{83E659E4-2E6D-425F-9E99-D978EC845775}"=""
"{9F45C354-BED3-41F0-AA09-F677D49C15E2}"=""
"{924E0F1B-C996-4F1E-9D9C-5CC2AFF0124B}"=""
"{C2A0D4A3-ECDA-48FC-8859-033CE75FFD75}"=""
"{8EC867A7-3A04-4A38-A6E6-632F7D251B8D}"=""
"{A4255EDC-F03D-4C7F-9C8F-934D2F99B8A5}"=""
"{B75B2F8C-3FA9-4C46-BC1E-E8EF5976CE8E}"=""
"{C3B7135A-06BC-40A8-B3D9-6377EC2443CB}"=""
"{F2F5CAD0-0DCA-460A-BD3E-DA50C1402D73}"=""
"{0B782416-7AD6-4731-9768-0D89DACAE5CA}"=""
"{6F2E63B8-5C4C-4681-9B21-1B0AE1A5EF84}"=""
"{1A5BBA9E-718D-4635-B7C5-2B1DDF9869AC}"=""
"{E480B8CC-25D1-49BA-9BF1-43F1363A39B8}"=""
"{73D4DC79-FB13-4E0B-8343-1537B2B3045C}"=""
"{99871012-A42F-4A95-AD73-27853908D7A1}"=""
"{9F2A0EA2-78B7-44C0-B333-A55E4F17109D}"=""
"{8CB21B7A-EAEC-4360-8E75-7F8033AE6E28}"=""
"{FEEC68A8-2470-4CF0-A06E-E6743E3F0891}"=""
"{B8F7CB06-FCA5-4174-B339-722724C20E24}"=""
"{973EE1A3-C39D-4951-A7CE-AAB7A0ECC220}"=""
"{48F8990A-9A69-4B15-A945-691276ED9D8B}"=""
"{81EE40ED-2F7B-4884-939F-A3454A40163F}"=""
"{68EA7C0C-0692-43F1-92E0-BFEAEFAC5079}"=""
"{142DCB17-C4DA-44DE-8040-1E6F8E6CB780}"=""
"{60C17292-2977-4273-BEEB-22D04D05F7CF}"=""
"{5A2AE4A1-1E02-4B10-A169-14B33B767893}"=""
"{8FDA071D-AA54-4E10-9D58-6D3045B0FE7A}"=""
"{90D565FA-BE6B-40A0-ACF2-8B8372413391}"=""
"{141B766B-06A2-45A7-80CF-191ED77E4FF1}"=""
"{BB1B5A29-CF7A-446E-A560-47BA073AA1E2}"=""
"{A1311E0C-B513-4CF2-A44B-432539A8946C}"=""
"{E5B86B94-3C78-4744-9370-D9736182FC28}"=""
"{976C29AF-A830-4459-8E40-51AD90C4BC6D}"=""
"{846E9C4A-DC93-444C-9E18-F9F94E01FD29}"=""
"{863B93C3-5A35-44AF-BD7E-A3D05762AFE0}"=""
"{0C7657C0-1452-4D77-A822-D0305624562E}"=""
"{D483F1FF-98CF-4E32-A4DD-16FD6BD42411}"=""
"{1EA33826-C7AC-4E4E-9449-EBDE6B4FE99F}"=""
"{7CDE0825-49E4-466E-8631-2D4B8A248A82}"=""
"{87EF533A-0ADB-4A77-A17C-ED77A04615EF}"=""
"{492D415B-124F-45F2-AA1F-3767B49373E8}"=""
"{17972EBC-04BD-47AB-A3F9-114B99E1E9BF}"=""
"{EFC3465B-0781-4577-A0C5-33F84DCBEE33}"=""
"{0B274583-906C-42ED-A73A-F5E6D5E18FFC}"=""
"{007ABE2E-97FA-4A86-A5B7-5FB74F89B6E4}"=""
"{D9133C41-CD7E-4E95-A9D1-E0C40664A29C}"=""
"{13BAFA90-FF5C-4DB9-8C58-8238D50589B1}"=""
"{4596B247-E0F7-4208-9167-0121BF7B0F24}"=""
"{6E6FB81D-F4C2-4A7E-91E7-647756B66991}"=""
"{D54814A2-4531-47ED-88CB-9BF0398E1498}"=""
"{EA2E62C4-24EC-487C-A43B-854B120EFD59}"=""
"{29368B89-46B5-4DEA-9154-6AEE9C17010C}"=""
"{B8E12932-B9C0-471F-80F1-1324C3F34A5A}"=""
"{03723943-D045-4D58-A7D6-C952BEDA28DE}"=""
"{E577DF1E-E263-45A1-9177-CA1F08E179FC}"=""
"{2CC0C846-E13D-4E1A-BE39-D61824AC2151}"=""
"{A464B952-E6F3-4791-A0B4-BF3C533CE593}"=""
"{CFCB3D51-CD68-4FE9-BA5C-B36CF29F0A29}"=""
"{EF732245-4137-4D86-A3D6-E92768571747}"=""
"{0E35F798-CCA8-4658-A03B-DE9F0B3BBB85}"=""
"{462ECF02-80C1-43F3-8E1A-5E15DD12A176}"=""
"{279D371F-37BF-421D-B956-5180657EE2EB}"=""
"{C89BF5E7-2F87-4136-94CB-907C0D43295C}"=""
"{6E7889C0-C41B-4C1F-83A6-6F5E5B381DEB}"=""
"{BEACC745-C0B7-403C-A431-F5B09B51E238}"=""
"{620B2DCF-B31F-45DC-B152-F6373E9143FC}"=""
"{F816BB92-7B4C-472B-9B51-2194A1C1FC00}"=""
"{D1A5FF43-0996-4C68-AFC8-891F98CF7EC2}"=""
"{1744788B-D8BF-4D3A-9DE0-7E1EB4754A81}"=""
"{B312A9EA-C900-4160-807B-EEB862164D7F}"=""
"{8027B3F3-F3D1-407D-9A0C-E8C089D328DC}"=""
"{9CF7D679-A7E7-4D38-A2AC-D4593C4DC69F}"=""
"{3EBCF4F6-7DBB-4178-B876-3F76320CE936}"=""
"{09A65A72-517A-4C3A-8613-08F7F1FEEB33}"=""
"{2A7C4284-B3FC-46B7-B4A7-73CB750818EB}"=""
"{2BCFD16B-F305-46AE-9F80-BD7EA166FBBC}"=""
"{27D64E6E-5275-435F-B241-D64E82FC61C8}"=""
"{BB0CDA4F-5A1F-445F-B596-75C1B69AD224}"=""
"{0AD4F6F9-1C4C-49B6-9860-DABC510D7BE6}"=""
"{420C74DE-1261-4E1D-943E-C0F2D837D5B9}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASTSRV.EXE
c:\program files (x86)\Symantec\pcAnywhere\awhost32.exe
c:\program files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-11-11 15:32:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-11 20:32
.
Pre-Run: 246,248,923,136 bytes free
Post-Run: 246,399,815,680 bytes free
.
- - End Of File - - 271B8C1D4768159C7E742841D4504101

#6 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 November 2012 - 04:19 PM

oops, forgot to reboot. Rebooting now. will post the results

#7 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 11 November 2012 - 04:30 PM

I ran both security check and adwcleaner. I didn't clean anything with adwcleaner

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Norton Ghost
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

ADWCLEANER

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 16:26:12
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : ravi - ACCOUNTSVOSTRO
# Boot Mode : Normal
# Running from : C:\Users\ravi\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-3355106150-2835235960-2476616060-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\ravi\AppData\Roaming\Mozilla\Firefox\Profiles\gzh4c3v7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ravi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1111 octets] - [11/11/2012 16:26:12]

########## EOF - C:\AdwCleaner[R1].txt - [1171 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 12 November 2012 - 10:31 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart. Close it.

Any remaining issues with this computer?

#9 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 12 November 2012 - 11:23 AM

Nasdaq,
Thank you for your help. The computer is working fine now. The java updater used to run everytime I started and said it is upto date. I guess it meant ver 6 is upto date. I thought I was safe because I had Norton, but looks like it is not enough.
Ravi

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 12 November 2012 - 11:38 AM

Glad to see that all is well.

Are you using this link to check on the latest Java version?
https://www.java.com/en/download/installed.jsp

The latest version is Java ver 7 .09.

Keep me posted.

#11 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 12 November 2012 - 12:01 PM

Now I updated Java from the link you provided. I have to go through the best practices on your website.

Thanks again

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 12 November 2012 - 01:38 PM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#13 raviss

raviss
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 12 November 2012 - 01:45 PM

Can I keep using securitycheck and adwcleaner periodically to check my computer. If not are there other software that do the same thing.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:26 AM

Posted 13 November 2012 - 07:49 AM

Can I keep using securitycheck and adwcleaner

Yes but make sure get the latest version of the programs before using them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users