Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan:win32/alureon.fo


  • This topic is locked This topic is locked
32 replies to this topic

#1 Aceofspace

Aceofspace

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 11 November 2012 - 10:52 PM

Looks like I have a few issues and will try to be as accurate as possible of these events in that order or so. :blink:

OS: Win7 ultimate/
Browser: IE



I was surfing on the net and noticed the comp slowing down, so I checked & believe window was trying to update. Looking closer I noticed something I didn’t before, the update have failed. They have failed since 10-22-12 and have not updated since that time. The last update was on 10/10/12.
The update window & security that has failed are these.

KB2661254
KB2731771
KB2756822
KB2724197
KB2756822

I tried and couldn’t get them too installed and they will freeze up the comp and the blue screen will show it face

I tried the MS “Fix it” under the win update tab and it said it fixed the problem, (repair window update & repair default window update location) but still couldn’t get the updates, but this time No update Error Code came up: 80070570windowupdate_dt000”

I now checked Norton360 and nothing comes up. Also TSskiller (just found out i had a very old version) at sometime. Most of all the events were either in normal mod or safe mod. I went to back on the web & used Microsoft Safety Scanner online and ran it & it found- Trojan:Win32/Alureon.fo. It cleaned it some of it, but said I had to manually removed the rest. I click on the link to show me how to remove it manually and wasn’t responding and believe the blue screen came up after sometime.I ran it again and nothing showed.

Now I am running on safe mod & writing this. If I use normal setting, after sometime it will slow down, a black screen will come on, page will load up again, and if any had click on a link or whatever you were doing, will show it trying to connected and wont let you do anything else. After sometime, a hard boot was needed to come back.

I haven’t had the IE trying to redirect me anywhere. I have Comcast as my internet service and got this in the email from them

XFINITY identified one or more of your computers may be infected with a bot. You might have already seen an Alert from XFINITY informing you about bot activity.
We strongly recommend you take action to remove malicious software from your computers.
We appreciate your prompt attention to this important security notice.
Sincerely,
Constant Guard from XFINITY
Follow self-guided instructions for help removing bots and malicious software:
1. Check Operating System
2. Validate or Download Security Software
3. Get Windows Malware Removal Tool
4. Add Advanced Software Protection


I had a old TSSKiller on the comp and the new one did pick up something. I didnt cure just skip and got the info. Thanks for your time- I believe that is it, it's late so hope I got it all and make sense....

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 11 November 2012 - 11:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 November 2012 - 04:22 PM

Thanks, Gringo!

Here is the info you requested:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16450
Run by Rare1 at 16:11:05 on 2012-11-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2701 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [NPSStartup] <no file>
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121030.002\BHDrvx86.sys [2012-11-5 995488]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121109.001\IDSvix86.sys [2012-11-9 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-7-16 299640]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-4-17 238952]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-4-7 101904]
S3 cpuz135;cpuz135;c:\program files\cpuid\pc wizard 2012\pcwiz_x32.sys [2012-4-6 24328]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-9 106656]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-4-17 36608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-2 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-2 1343400]
.
=============== Created Last 30 ================
.
2012-11-11 23:05:03 -------- d-----w- c:\users\rare1\appdata\roaming\Malwarebytes
2012-11-11 23:04:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 23:04:52 -------- d-----w- c:\programdata\Malwarebytes
2012-11-11 23:04:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-11-10 15:41:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:41:13 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
============= FINISH: 16:12:51.19 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2012 1:17:01 AM
System Uptime: 11/12/2012 4:05:39 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0DT029
Processor: Intel® Xeon® CPU 5130 @ 2.00GHz | Microprocessor | 1995/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 64.257 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP97: 11/12/2012 3:33:33 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Illustrator 10.0.3
Adobe Reader X (10.1.4)
Adobe SVG Viewer 3.0
AnswerWorks 5.0 English Runtime
Compatibility Pack for the 2007 Office system
Dell Resource CD
Google Toolbar for Internet Explorer
Google Update Helper
Internet Explorer (Enable DEP)
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 31
magicJack
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Pro Photo Tools
Microsoft Silverlight
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
PC Wizard 2012.2.0
PhotoME Beta-Release
Quicken 2009
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV
VLC media player 2.0.2
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 9:16:01 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/9/2012 8:29:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cb0c50, 0x8d52bb4c, 0x8d52b730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110912-88702-01.
11/9/2012 5:54:15 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).
11/9/2012 5:31:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x86ec2864, 0x8d51fb70, 0x8d51f750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110912-80122-01.
11/9/2012 4:48:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/5/2012 2:52:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/12/2012 4:09:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
11/12/2012 4:08:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/12/2012 4:08:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/12/2012 4:08:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/12/2012 4:08:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/12/2012 4:08:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/12/2012 4:08:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/12/2012 4:08:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/12/2012 4:08:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 discache eeCtrl IDSVix86 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
11/12/2012 3:49:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/12/2012 3:49:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
11/12/2012 3:49:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
11/12/2012 3:48:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:47:10 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/12/2012 3:43:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/12/2012 3:39:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2724197).
11/12/2012 3:26:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
11/12/2012 3:26:09 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2012 3:26:09 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2012 9:23:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
11/11/2012 9:23:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2012 9:23:43 AM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2012 9:22:09 AM, Error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
11/11/2012 9:15:39 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/11/2012 9:15:39 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/11/2012 9:15:39 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/11/2012 8:50:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
11/11/2012 8:28:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
11/11/2012 8:27:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
11/11/2012 8:01:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
11/11/2012 8:01:02 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2012 7:55:12 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
11/11/2012 7:53:11 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/11/2012 7:14:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x86e98864, 0xac103b70, 0xac103750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111112-100963-01.
11/11/2012 7:10:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/11/2012 10:34:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
11/11/2012 10:02:06 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
11/11/2012 10:02:06 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
11/11/2012 10:02:06 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 9:15:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
11/10/2012 9:14:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/10/2012 8:45:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82ce5c50, 0xabb7fb4c, 0xabb7f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111012-104395-01.
11/10/2012 6:43:05 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/10/2012 6:32:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
11/10/2012 6:27:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2012 5:57:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
11/10/2012 5:55:53 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/10/2012 5:55:53 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/10/2012 5:55:53 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2012 5:44:02 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
11/10/2012 5:44:02 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2012 5:44:02 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2012 5:44:02 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/10/2012 5:44:02 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/10/2012 5:44:02 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/10/2012 5:44:02 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/10/2012 5:18:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/10/2012 5:18:52 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2012 10:49:32 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 12 November 2012 - 04:31 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 November 2012 - 05:47 PM

AdwCleaner v2.007 - Logfile created 11/12/2012 at 17:02:32
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Rare1 - RARE1-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Rare1\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Rare1\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKLM\Software\Freeze.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.


*************************

AdwCleaner[S1].txt - [1066 octets] - [12/11/2012 17:02:32]

########## EOF - C:\AdwCleaner[S1].txt - [1126 octets] ##########

Edited by Aceofspace, 12 November 2012 - 05:49 PM.


#6 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 November 2012 - 05:51 PM

RogueKiller loaded up. It Prescan,when done, hit the Scan button- scanned but stopped working with a message"RogueKiller Stopped working" when it was reading MBR.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 12 November 2012 - 07:20 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 November 2012 - 09:11 PM

I turned off Norton, but get the blue screen in normal mode. I tried it on safe mode, but even if Norton is off, combo fix still picks it up as it running. I ran it a few times on normal mode. Run smooth then blue screen....

Edited by Aceofspace, 12 November 2012 - 09:11 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 12 November 2012 - 09:53 PM

go ahead and run it in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 November 2012 - 10:37 PM

I did run it in safe mode. Even if Norton is off, combo fix still says it's active.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 12 November 2012 - 11:24 PM

even with it complaining about norton go ahead and run it - you should be able to OK it to get by it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 13 November 2012 - 11:58 AM

Ran on normal mode....


ComboFix 12-11-12.03 - Rare1 11/13/2012 11:39:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2038 [GMT -5:00]
Running from: c:\users\Rare1\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 16:46 . 2012-11-13 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 01:43 . 2012-11-13 01:43 -------- d-----w- c:\users\Rare1\AppData\Roaming\Tific
2012-11-12 22:37 . 2012-11-12 22:42 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-11 23:05 . 2012-11-11 23:05 -------- d-----w- c:\users\Rare1\AppData\Roaming\Malwarebytes
2012-11-11 23:04 . 2012-11-11 23:04 -------- d-----w- c:\programdata\Malwarebytes
2012-11-11 23:04 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 23:04 . 2012-11-11 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-10 15:41 . 2012-11-10 15:42 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-10 15:41 . 2012-04-03 03:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:41 . 2012-04-03 03:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 19:30 . 2012-04-10 20:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-11-09 19:30 . 2012-04-19 20:13 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-09 19:30 . 2012-04-19 20:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-08 17:27 . 2012-04-19 20:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-08 17:27 . 2012-04-10 20:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-08 17:27 . 2012-04-10 20:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-06 18:28 . 2012-04-10 20:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-31 20:25 . 2012-04-28 05:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-31 17:18 . 2012-10-09 23:12 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 16:57 . 2012-10-10 07:03 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 20:45 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 20:45 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 20:45 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 20:45 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 22:57 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-08 22:42 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:41]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdbf5b19346826.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 15:41]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 15:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ATA_____ rev.2E04 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CF44B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86cfb93c]; MOV EAX, [0x86cfbab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C7655A] -> \Device\Harddisk0\DR0[0x868BA420]
3 CLASSPNP[0x8B77D59E] -> ntkrnlpa!IofCallDriver[0x82C7655A] -> [0x86E10538]
\Driver\LSI_SAS[0x86D306A8] -> IRP_MJ_CREATE -> 0x86CF44B1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000063 -> \??\SCSI#Disk&Ven_ATA&Prod_WDC_WD1600JS-75N#6&3423271c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3684)
c:\windows\system32\msi.dll
.
Completion time: 2012-11-13 11:51:35
ComboFix-quarantined-files.txt 2012-11-13 16:51
.
Pre-Run: 68,368,994,304 bytes free
Post-Run: 70,698,680,320 bytes free
.
- - End Of File - - 12D693F6C8382F8E0DBA33A73A7D34D3

#13 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 13 November 2012 - 01:07 PM

As far as the comp running. When I logged back to the internet, it ask "Would you like to make IE your defaulted browers." It is the default brower. I just clicked on X for now. First time I got that. Not sure if if that had anything to do with combofix?

It was running on normal with no problems & went to a few forums that I always go to. I left and when I came back, maybe 10mins or so, & tried to refresh bleeping comp, it ask if I wanted to try to recover this web page. I closed off the web page and as as well as the modem to the internet. The same thing happened when at window after I turend everything off.Seems to happen when I leave the internet connected, if I turn it off, and back on when I want to use it, I have no problems. Right now I'm back on safe mode not wanting to hard restart over and over if it happens again

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 13 November 2012 - 01:13 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Aceofspace

Aceofspace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 13 November 2012 - 01:25 PM

3:15:50.0441 3244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:15:50.0769 3244 ============================================================
13:15:50.0769 3244 Current date / time: 2012/11/13 13:15:50.0769
13:15:50.0769 3244 SystemInfo:
13:15:50.0769 3244
13:15:50.0769 3244 OS Version: 6.1.7601 ServicePack: 1.0
13:15:50.0769 3244 Product type: Workstation
13:15:50.0769 3244 ComputerName: RARE1-PC
13:15:50.0769 3244 UserName: Rare1
13:15:50.0769 3244 Windows directory: C:\Windows
13:15:50.0769 3244 System windows directory: C:\Windows
13:15:50.0769 3244 Processor architecture: Intel x86
13:15:50.0769 3244 Number of processors: 2
13:15:50.0769 3244 Page size: 0x1000
13:15:50.0769 3244 Boot type: Safe boot with network
13:15:50.0769 3244 ============================================================
13:15:51.0814 3244 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:15:51.0814 3244 ============================================================
13:15:51.0814 3244 \Device\Harddisk0\DR0:
13:15:51.0814 3244 MBR partitions:
13:15:51.0814 3244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12205B33
13:15:51.0845 3244 ============================================================
13:15:51.0892 3244 C: <-> \Device\Harddisk0\DR0\Partition1
13:15:51.0892 3244 ============================================================
13:15:51.0892 3244 Initialize success
13:15:51.0892 3244 ============================================================
13:15:54.0466 1692 ============================================================
13:15:54.0466 1692 Scan started
13:15:54.0466 1692 Mode: Manual;
13:15:54.0466 1692 ============================================================
13:15:55.0589 1692 ================ Scan system memory ========================
13:15:55.0589 1692 System memory - ok
13:15:55.0589 1692 ================ Scan services =============================
13:15:55.0917 1692 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:15:55.0917 1692 1394ohci - ok
13:15:55.0964 1692 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:15:55.0964 1692 ACPI - ok
13:15:56.0042 1692 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:15:56.0042 1692 AcpiPmi - ok
13:15:56.0213 1692 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:15:56.0229 1692 AdobeARMservice - ok
13:15:56.0291 1692 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:15:56.0291 1692 AdobeFlashPlayerUpdateSvc - ok
13:15:56.0338 1692 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:15:56.0338 1692 adp94xx - ok
13:15:56.0369 1692 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:15:56.0369 1692 adpahci - ok
13:15:56.0385 1692 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:15:56.0385 1692 adpu320 - ok
13:15:56.0400 1692 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:15:56.0416 1692 AeLookupSvc - ok
13:15:56.0510 1692 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:15:56.0510 1692 AFD - ok
13:15:56.0556 1692 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:15:56.0556 1692 agp440 - ok
13:15:56.0588 1692 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:15:56.0588 1692 aic78xx - ok
13:15:56.0619 1692 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:15:56.0619 1692 ALG - ok
13:15:56.0697 1692 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:15:56.0697 1692 aliide - ok
13:15:56.0759 1692 [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:15:56.0759 1692 AMD External Events Utility - ok
13:15:56.0775 1692 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:15:56.0775 1692 amdagp - ok
13:15:56.0790 1692 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:15:56.0790 1692 amdide - ok
13:15:56.0837 1692 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:15:56.0837 1692 AmdK8 - ok
13:15:57.0087 1692 [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:15:57.0305 1692 amdkmdag - ok
13:15:57.0321 1692 [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:15:57.0321 1692 amdkmdap - ok
13:15:57.0336 1692 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:15:57.0336 1692 AmdPPM - ok
13:15:57.0399 1692 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:15:57.0399 1692 amdsata - ok
13:15:57.0414 1692 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:15:57.0414 1692 amdsbs - ok
13:15:57.0446 1692 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:15:57.0446 1692 amdxata - ok
13:15:57.0524 1692 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:15:57.0524 1692 AppID - ok
13:15:57.0570 1692 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:15:57.0570 1692 AppIDSvc - ok
13:15:57.0617 1692 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
13:15:57.0617 1692 Appinfo - ok
13:15:57.0664 1692 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:15:57.0664 1692 AppMgmt - ok
13:15:57.0695 1692 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:15:57.0695 1692 arc - ok
13:15:57.0711 1692 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:15:57.0711 1692 arcsas - ok
13:15:57.0742 1692 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:15:57.0742 1692 AsyncMac - ok
13:15:57.0820 1692 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:15:57.0820 1692 atapi - ok
13:15:57.0867 1692 [ 35207458C90F55C61247DE139A6A243A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
13:15:57.0867 1692 AtiHDAudioService - ok
13:15:57.0929 1692 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:15:57.0929 1692 AudioEndpointBuilder - ok
13:15:57.0945 1692 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:15:57.0945 1692 Audiosrv - ok
13:15:58.0007 1692 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:15:58.0007 1692 AxInstSV - ok
13:15:58.0038 1692 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:15:58.0054 1692 b06bdrv - ok
13:15:58.0070 1692 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:15:58.0070 1692 b57nd60x - ok
13:15:58.0132 1692 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:15:58.0132 1692 BDESVC - ok
13:15:58.0148 1692 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:15:58.0148 1692 Beep - ok
13:15:58.0226 1692 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:15:58.0241 1692 BFE - ok
13:15:58.0428 1692 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
13:15:58.0475 1692 BHDrvx86 - ok
13:15:58.0569 1692 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
13:15:58.0631 1692 BITS - ok
13:15:58.0647 1692 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:15:58.0647 1692 blbdrive - ok
13:15:58.0709 1692 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:15:58.0709 1692 bowser - ok
13:15:58.0725 1692 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:15:58.0725 1692 BrFiltLo - ok
13:15:58.0740 1692 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:15:58.0740 1692 BrFiltUp - ok
13:15:58.0772 1692 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:15:58.0772 1692 BridgeMP - ok
13:15:58.0834 1692 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:15:58.0834 1692 Browser - ok
13:15:58.0850 1692 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:15:58.0865 1692 Brserid - ok
13:15:58.0881 1692 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:15:58.0881 1692 BrSerWdm - ok
13:15:58.0896 1692 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:15:58.0896 1692 BrUsbMdm - ok
13:15:58.0928 1692 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:15:58.0928 1692 BrUsbSer - ok
13:15:58.0943 1692 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:15:58.0943 1692 BTHMODEM - ok
13:15:58.0990 1692 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:15:58.0990 1692 bthserv - ok
13:15:59.0099 1692 catchme - ok
13:15:59.0130 1692 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:15:59.0130 1692 cdfs - ok
13:15:59.0208 1692 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:15:59.0208 1692 cdrom - ok
13:15:59.0271 1692 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:15:59.0271 1692 CertPropSvc - ok
13:15:59.0286 1692 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:15:59.0286 1692 circlass - ok
13:15:59.0318 1692 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:15:59.0318 1692 CLFS - ok
13:15:59.0396 1692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:59.0396 1692 clr_optimization_v2.0.50727_32 - ok
13:15:59.0505 1692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:15:59.0552 1692 clr_optimization_v4.0.30319_32 - ok
13:15:59.0583 1692 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:15:59.0583 1692 CmBatt - ok
13:15:59.0598 1692 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:15:59.0598 1692 cmdide - ok
13:15:59.0661 1692 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:15:59.0661 1692 CNG - ok
13:15:59.0692 1692 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:15:59.0692 1692 Compbatt - ok
13:15:59.0739 1692 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:15:59.0754 1692 CompositeBus - ok
13:15:59.0754 1692 COMSysApp - ok
13:15:59.0770 1692 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:15:59.0770 1692 crcdisk - ok
13:15:59.0832 1692 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:15:59.0832 1692 CryptSvc - ok
13:15:59.0895 1692 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
13:15:59.0910 1692 CSC - ok
13:15:59.0957 1692 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
13:15:59.0973 1692 CscService - ok
13:15:59.0988 1692 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:16:00.0004 1692 DcomLaunch - ok
13:16:00.0035 1692 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:16:00.0035 1692 defragsvc - ok
13:16:00.0113 1692 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:16:00.0113 1692 DfsC - ok
13:16:00.0176 1692 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:16:00.0176 1692 Dhcp - ok
13:16:00.0191 1692 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:16:00.0191 1692 discache - ok
13:16:00.0207 1692 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:16:00.0222 1692 Disk - ok
13:16:00.0269 1692 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:16:00.0269 1692 Dnscache - ok
13:16:00.0316 1692 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:16:00.0332 1692 dot3svc - ok
13:16:00.0378 1692 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:16:00.0378 1692 DPS - ok
13:16:00.0410 1692 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:16:00.0410 1692 drmkaud - ok
13:16:00.0503 1692 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:16:00.0534 1692 DXGKrnl - ok
13:16:00.0581 1692 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:16:00.0581 1692 EapHost - ok
13:16:00.0690 1692 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:16:00.0753 1692 ebdrv - ok
13:16:00.0878 1692 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:16:00.0909 1692 eeCtrl - ok
13:16:00.0940 1692 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:16:00.0940 1692 EFS - ok
13:16:01.0034 1692 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:16:01.0034 1692 ehRecvr - ok
13:16:01.0065 1692 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:16:01.0065 1692 ehSched - ok
13:16:01.0112 1692 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:16:01.0112 1692 elxstor - ok
13:16:01.0190 1692 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:16:01.0190 1692 EraserUtilRebootDrv - ok
13:16:01.0221 1692 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:16:01.0221 1692 ErrDev - ok
13:16:01.0252 1692 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:16:01.0268 1692 EventSystem - ok
13:16:01.0268 1692 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:16:01.0283 1692 exfat - ok
13:16:01.0299 1692 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:16:01.0299 1692 fastfat - ok
13:16:01.0361 1692 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:16:01.0361 1692 Fax - ok
13:16:01.0392 1692 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:16:01.0408 1692 fdc - ok
13:16:01.0424 1692 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:16:01.0424 1692 fdPHost - ok
13:16:01.0439 1692 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:16:01.0439 1692 FDResPub - ok
13:16:01.0455 1692 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:16:01.0455 1692 FileInfo - ok
13:16:01.0470 1692 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:16:01.0470 1692 Filetrace - ok
13:16:01.0486 1692 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:16:01.0486 1692 flpydisk - ok
13:16:01.0486 1692 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:16:01.0502 1692 FltMgr - ok
13:16:01.0580 1692 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
13:16:01.0595 1692 FontCache - ok
13:16:01.0658 1692 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:16:01.0658 1692 FontCache3.0.0.0 - ok
13:16:01.0673 1692 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:16:01.0673 1692 FsDepends - ok
13:16:01.0704 1692 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
13:16:01.0704 1692 FsUsbExDisk - ok
13:16:01.0720 1692 [ A076B370DC216142E7CC6D244FC74B2D ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
13:16:01.0736 1692 FsUsbExService - ok
13:16:01.0782 1692 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:16:01.0782 1692 Fs_Rec - ok
13:16:01.0845 1692 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:16:01.0845 1692 fvevol - ok
13:16:01.0876 1692 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:16:01.0876 1692 gagp30kx - ok
13:16:01.0907 1692 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:16:01.0907 1692 GEARAspiWDM - ok
13:16:01.0970 1692 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:16:01.0985 1692 gpsvc - ok
13:16:02.0094 1692 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:16:02.0110 1692 gupdate - ok
13:16:02.0141 1692 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:16:02.0141 1692 gupdatem - ok
13:16:02.0204 1692 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:16:02.0204 1692 gusvc - ok
13:16:02.0219 1692 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:16:02.0219 1692 hcw85cir - ok
13:16:02.0266 1692 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:16:02.0266 1692 HdAudAddService - ok
13:16:02.0328 1692 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:16:02.0328 1692 HDAudBus - ok
13:16:02.0344 1692 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:16:02.0344 1692 HidBatt - ok
13:16:02.0360 1692 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:16:02.0360 1692 HidBth - ok
13:16:02.0391 1692 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:16:02.0391 1692 HidIr - ok
13:16:02.0406 1692 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
13:16:02.0422 1692 hidserv - ok
13:16:02.0469 1692 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:16:02.0469 1692 HidUsb - ok
13:16:02.0516 1692 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:16:02.0531 1692 hkmsvc - ok
13:16:02.0578 1692 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:16:02.0578 1692 HomeGroupListener - ok
13:16:02.0640 1692 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:16:02.0640 1692 HomeGroupProvider - ok
13:16:02.0703 1692 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:16:02.0703 1692 HpSAMD - ok
13:16:02.0765 1692 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:16:02.0765 1692 HTTP - ok
13:16:02.0828 1692 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:16:02.0828 1692 hwpolicy - ok
13:16:02.0906 1692 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:16:02.0906 1692 i8042prt - ok
13:16:02.0952 1692 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:16:02.0968 1692 iaStorV - ok
13:16:03.0046 1692 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:16:03.0062 1692 idsvc - ok
13:16:03.0171 1692 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSvix86.sys
13:16:03.0171 1692 IDSVix86 - ok
13:16:03.0218 1692 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:16:03.0218 1692 iirsp - ok
13:16:03.0280 1692 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:16:03.0296 1692 IKEEXT - ok
13:16:03.0311 1692 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:16:03.0311 1692 intelide - ok
13:16:03.0327 1692 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:16:03.0327 1692 intelppm - ok
13:16:03.0358 1692 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:16:03.0358 1692 IPBusEnum - ok
13:16:03.0374 1692 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:03.0374 1692 IpFilterDriver - ok
13:16:03.0452 1692 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:16:03.0467 1692 iphlpsvc - ok
13:16:03.0514 1692 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:16:03.0514 1692 IPMIDRV - ok
13:16:03.0530 1692 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:16:03.0530 1692 IPNAT - ok
13:16:03.0545 1692 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:16:03.0561 1692 IRENUM - ok
13:16:03.0654 1692 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:16:03.0654 1692 isapnp - ok
13:16:03.0670 1692 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:16:03.0670 1692 iScsiPrt - ok
13:16:03.0701 1692 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:16:03.0701 1692 kbdclass - ok
13:16:03.0732 1692 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:16:03.0732 1692 kbdhid - ok
13:16:03.0732 1692 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:16:03.0748 1692 KeyIso - ok
13:16:03.0810 1692 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:16:03.0810 1692 KSecDD - ok
13:16:03.0857 1692 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:16:03.0857 1692 KSecPkg - ok
13:16:03.0888 1692 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:16:03.0904 1692 KtmRm - ok
13:16:03.0951 1692 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
13:16:03.0951 1692 LanmanServer - ok
13:16:03.0966 1692 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:16:03.0982 1692 LanmanWorkstation - ok
13:16:04.0029 1692 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:16:04.0029 1692 lltdio - ok
13:16:04.0060 1692 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:16:04.0060 1692 lltdsvc - ok
13:16:04.0091 1692 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:16:04.0091 1692 lmhosts - ok
13:16:04.0138 1692 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:16:04.0138 1692 LSI_FC - ok
13:16:04.0200 1692 [ F3CAC6A739C44CAA33D6B5CE3370B38C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:16:04.0200 1692 LSI_SAS - ok
13:16:04.0200 1692 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:16:04.0200 1692 LSI_SAS2 - ok
13:16:04.0216 1692 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:16:04.0216 1692 LSI_SCSI - ok
13:16:04.0232 1692 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:16:04.0232 1692 luafv - ok
13:16:04.0278 1692 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:16:04.0294 1692 Mcx2Svc - ok
13:16:04.0341 1692 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:16:04.0356 1692 MDM - ok
13:16:04.0372 1692 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:16:04.0372 1692 megasas - ok
13:16:04.0434 1692 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:16:04.0434 1692 MegaSR - ok
13:16:04.0481 1692 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:16:04.0481 1692 MMCSS - ok
13:16:04.0497 1692 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:16:04.0497 1692 Modem - ok
13:16:04.0528 1692 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:16:04.0528 1692 monitor - ok
13:16:04.0575 1692 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:16:04.0575 1692 mouclass - ok
13:16:04.0622 1692 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:16:04.0622 1692 mouhid - ok
13:16:04.0668 1692 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:16:04.0668 1692 mountmgr - ok
13:16:04.0700 1692 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:16:04.0700 1692 mpio - ok
13:16:04.0731 1692 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:16:04.0731 1692 mpsdrv - ok
13:16:04.0793 1692 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:16:04.0793 1692 MpsSvc - ok
13:16:04.0840 1692 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:16:04.0856 1692 MRxDAV - ok
13:16:04.0902 1692 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:04.0902 1692 mrxsmb - ok
13:16:04.0918 1692 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:04.0918 1692 mrxsmb10 - ok
13:16:04.0980 1692 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:04.0980 1692 mrxsmb20 - ok
13:16:05.0027 1692 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:16:05.0027 1692 msahci - ok
13:16:05.0090 1692 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:16:05.0090 1692 msdsm - ok
13:16:05.0105 1692 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:16:05.0105 1692 MSDTC - ok
13:16:05.0121 1692 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:16:05.0121 1692 Msfs - ok
13:16:05.0152 1692 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:16:05.0152 1692 mshidkmdf - ok
13:16:05.0168 1692 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:16:05.0168 1692 msisadrv - ok
13:16:05.0199 1692 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:16:05.0199 1692 MSiSCSI - ok
13:16:05.0214 1692 msiserver - ok
13:16:05.0230 1692 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:16:05.0230 1692 MSKSSRV - ok
13:16:05.0261 1692 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:05.0261 1692 MSPCLOCK - ok
13:16:05.0277 1692 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:16:05.0277 1692 MSPQM - ok
13:16:05.0292 1692 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:16:05.0292 1692 MsRPC - ok
13:16:05.0355 1692 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:16:05.0355 1692 mssmbios - ok
13:16:05.0370 1692 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:16:05.0370 1692 MSTEE - ok
13:16:05.0370 1692 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:16:05.0386 1692 MTConfig - ok
13:16:05.0433 1692 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:16:05.0433 1692 Mup - ok
13:16:05.0526 1692 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
13:16:05.0542 1692 N360 - ok
13:16:05.0589 1692 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:16:05.0604 1692 napagent - ok
13:16:05.0620 1692 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:16:05.0636 1692 NativeWifiP - ok
13:16:05.0745 1692 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121111.008\NAVENG.SYS
13:16:05.0745 1692 NAVENG - ok
13:16:05.0823 1692 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121111.008\NAVEX15.SYS
13:16:05.0870 1692 NAVEX15 - ok
13:16:05.0932 1692 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:16:05.0948 1692 NDIS - ok
13:16:06.0010 1692 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:16:06.0010 1692 NdisCap - ok
13:16:06.0041 1692 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:06.0041 1692 NdisTapi - ok
13:16:06.0104 1692 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:06.0104 1692 Ndisuio - ok
13:16:06.0135 1692 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:06.0150 1692 NdisWan - ok
13:16:06.0150 1692 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:16:06.0150 1692 NDProxy - ok
13:16:06.0182 1692 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:16:06.0197 1692 NetBIOS - ok
13:16:06.0244 1692 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:16:06.0244 1692 NetBT - ok
13:16:06.0260 1692 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:16:06.0260 1692 Netlogon - ok
13:16:06.0306 1692 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:16:06.0322 1692 Netman - ok
13:16:06.0338 1692 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:16:06.0353 1692 netprofm - ok
13:16:06.0400 1692 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:06.0400 1692 NetTcpPortSharing - ok
13:16:06.0462 1692 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:16:06.0462 1692 nfrd960 - ok
13:16:06.0540 1692 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:16:06.0540 1692 NlaSvc - ok
13:16:06.0556 1692 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:16:06.0556 1692 Npfs - ok
13:16:06.0587 1692 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:16:06.0587 1692 nsi - ok
13:16:06.0603 1692 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:16:06.0603 1692 nsiproxy - ok
13:16:06.0681 1692 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:16:06.0712 1692 Ntfs - ok
13:16:06.0743 1692 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:16:06.0743 1692 Null - ok
13:16:06.0790 1692 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:16:06.0790 1692 nvraid - ok
13:16:06.0837 1692 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:16:06.0837 1692 nvstor - ok
13:16:06.0899 1692 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:16:06.0899 1692 nv_agp - ok
13:16:06.0946 1692 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:16:06.0946 1692 ohci1394 - ok
13:16:06.0977 1692 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:16:06.0977 1692 ose - ok
13:16:07.0024 1692 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:16:07.0024 1692 p2pimsvc - ok
13:16:07.0055 1692 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:16:07.0055 1692 p2psvc - ok
13:16:07.0102 1692 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:16:07.0102 1692 Parport - ok
13:16:07.0164 1692 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:16:07.0164 1692 partmgr - ok
13:16:07.0180 1692 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:16:07.0180 1692 Parvdm - ok
13:16:07.0196 1692 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:16:07.0196 1692 PcaSvc - ok
13:16:07.0211 1692 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:16:07.0211 1692 pci - ok
13:16:07.0227 1692 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:16:07.0227 1692 pciide - ok
13:16:07.0258 1692 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:16:07.0258 1692 pcmcia - ok
13:16:07.0258 1692 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:16:07.0258 1692 pcw - ok
13:16:07.0305 1692 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:16:07.0305 1692 PEAUTH - ok
13:16:07.0367 1692 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:16:07.0398 1692 PeerDistSvc - ok
13:16:07.0492 1692 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:16:07.0523 1692 pla - ok
13:16:07.0601 1692 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:16:07.0601 1692 PlugPlay - ok
13:16:07.0632 1692 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:16:07.0632 1692 PNRPAutoReg - ok
13:16:07.0664 1692 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:16:07.0664 1692 PNRPsvc - ok
13:16:07.0679 1692 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:16:07.0679 1692 PolicyAgent - ok
13:16:07.0742 1692 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:16:07.0742 1692 Power - ok
13:16:07.0773 1692 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:16:07.0773 1692 PptpMiniport - ok
13:16:07.0788 1692 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:16:07.0788 1692 Processor - ok
13:16:07.0835 1692 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:16:07.0851 1692 ProfSvc - ok
13:16:07.0851 1692 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:16:07.0851 1692 ProtectedStorage - ok
13:16:07.0882 1692 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:16:07.0882 1692 Psched - ok
13:16:07.0944 1692 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:16:07.0976 1692 ql2300 - ok
13:16:08.0007 1692 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:16:08.0007 1692 ql40xx - ok
13:16:08.0054 1692 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:16:08.0054 1692 QWAVE - ok
13:16:08.0069 1692 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:16:08.0069 1692 QWAVEdrv - ok
13:16:08.0085 1692 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:16:08.0085 1692 RasAcd - ok
13:16:08.0147 1692 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:16:08.0147 1692 RasAgileVpn - ok
13:16:08.0178 1692 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:16:08.0194 1692 RasAuto - ok
13:16:08.0194 1692 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:08.0194 1692 Rasl2tp - ok
13:16:08.0272 1692 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:16:08.0272 1692 RasMan - ok
13:16:08.0303 1692 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:08.0303 1692 RasPppoe - ok
13:16:08.0319 1692 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:16:08.0319 1692 RasSstp - ok
13:16:08.0366 1692 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:16:08.0412 1692 rdbss - ok
13:16:08.0459 1692 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:16:08.0459 1692 rdpbus - ok
13:16:08.0506 1692 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:08.0506 1692 RDPCDD - ok
13:16:08.0600 1692 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:16:08.0600 1692 RDPDR - ok
13:16:08.0631 1692 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:16:08.0631 1692 RDPENCDD - ok
13:16:08.0662 1692 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:16:08.0662 1692 RDPREFMP - ok
13:16:08.0724 1692 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:16:08.0724 1692 RdpVideoMiniport - ok
13:16:08.0771 1692 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:16:08.0771 1692 RDPWD - ok
13:16:08.0834 1692 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:16:08.0834 1692 rdyboost - ok
13:16:08.0865 1692 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:16:08.0865 1692 RemoteAccess - ok
13:16:08.0896 1692 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:16:08.0912 1692 RemoteRegistry - ok
13:16:08.0927 1692 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:16:08.0927 1692 RpcEptMapper - ok
13:16:08.0943 1692 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:16:08.0943 1692 RpcLocator - ok
13:16:08.0974 1692 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:16:08.0990 1692 RpcSs - ok
13:16:08.0990 1692 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:16:08.0990 1692 rspndr - ok
13:16:09.0036 1692 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:16:09.0036 1692 s3cap - ok
13:16:09.0068 1692 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:16:09.0068 1692 SamSs - ok
13:16:09.0114 1692 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:16:09.0114 1692 sbp2port - ok
13:16:09.0146 1692 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:16:09.0146 1692 SCardSvr - ok
13:16:09.0161 1692 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:16:09.0161 1692 scfilter - ok
13:16:09.0224 1692 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:16:09.0255 1692 Schedule - ok
13:16:09.0270 1692 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:16:09.0270 1692 SCPolicySvc - ok
13:16:09.0333 1692 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:16:09.0333 1692 SDRSVC - ok
13:16:09.0364 1692 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:16:09.0364 1692 secdrv - ok
13:16:09.0364 1692 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:16:09.0380 1692 seclogon - ok
13:16:09.0395 1692 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
13:16:09.0395 1692 SENS - ok
13:16:09.0426 1692 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:16:09.0426 1692 SensrSvc - ok
13:16:09.0442 1692 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:16:09.0442 1692 Serenum - ok
13:16:09.0458 1692 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:16:09.0458 1692 Serial - ok
13:16:09.0520 1692 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:16:09.0520 1692 sermouse - ok
13:16:09.0582 1692 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:16:09.0582 1692 SessionEnv - ok
13:16:09.0614 1692 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:16:09.0614 1692 sffdisk - ok
13:16:09.0660 1692 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:16:09.0660 1692 sffp_mmc - ok
13:16:09.0676 1692 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:16:09.0676 1692 sffp_sd - ok
13:16:09.0692 1692 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:16:09.0692 1692 sfloppy - ok
13:16:09.0723 1692 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:16:09.0723 1692 SharedAccess - ok
13:16:09.0754 1692 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:16:09.0754 1692 ShellHWDetection - ok
13:16:09.0801 1692 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:16:09.0801 1692 sisagp - ok
13:16:09.0832 1692 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:16:09.0832 1692 SiSRaid2 - ok
13:16:09.0848 1692 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:16:09.0848 1692 SiSRaid4 - ok
13:16:09.0894 1692 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:16:09.0894 1692 Smb - ok
13:16:09.0926 1692 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:16:09.0941 1692 SNMPTRAP - ok
13:16:09.0957 1692 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:16:09.0957 1692 spldr - ok
13:16:10.0035 1692 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:16:10.0035 1692 Spooler - ok
13:16:10.0160 1692 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:16:10.0238 1692 sppsvc - ok
13:16:10.0284 1692 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:16:10.0284 1692 sppuinotify - ok
13:16:10.0378 1692 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
13:16:10.0394 1692 SRTSP - ok
13:16:10.0456 1692 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
13:16:10.0456 1692 SRTSPX - ok
13:16:10.0518 1692 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:16:10.0518 1692 srv - ok
13:16:10.0550 1692 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:16:10.0550 1692 srv2 - ok
13:16:10.0596 1692 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:16:10.0612 1692 srvnet - ok
13:16:10.0643 1692 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
13:16:10.0643 1692 sscdbus - ok
13:16:10.0674 1692 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:16:10.0674 1692 sscdmdfl - ok
13:16:10.0690 1692 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
13:16:10.0690 1692 sscdmdm - ok
13:16:10.0737 1692 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
13:16:10.0737 1692 sscdserd - ok
13:16:10.0768 1692 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:16:10.0768 1692 SSDPSRV - ok
13:16:10.0784 1692 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:16:10.0799 1692 SstpSvc - ok
13:16:10.0846 1692 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:16:10.0846 1692 stexstor - ok
13:16:10.0908 1692 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:16:10.0908 1692 StiSvc - ok
13:16:10.0924 1692 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:16:10.0924 1692 storflt - ok
13:16:10.0971 1692 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:16:10.0971 1692 storvsc - ok
13:16:11.0033 1692 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:16:11.0033 1692 swenum - ok
13:16:11.0049 1692 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:16:11.0049 1692 swprv - ok
13:16:11.0096 1692 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
13:16:11.0096 1692 SymDS - ok
13:16:11.0127 1692 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
13:16:11.0174 1692 SymEFA - ok
13:16:11.0205 1692 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
13:16:11.0220 1692 SymEvent - ok
13:16:11.0236 1692 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
13:16:11.0252 1692 SymIRON - ok
13:16:11.0267 1692 [ 2C688094650D23B62B0A809DECD0B12F ] SymNetS C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS
13:16:11.0267 1692 SymNetS - ok
13:16:11.0283 1692 Synth3dVsc - ok
13:16:11.0361 1692 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:16:11.0392 1692 SysMain - ok
13:16:11.0454 1692 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:16:11.0454 1692 TabletInputService - ok
13:16:11.0517 1692 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:16:11.0517 1692 TapiSrv - ok
13:16:11.0548 1692 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:16:11.0548 1692 TBS - ok
13:16:11.0657 1692 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:16:11.0688 1692 Tcpip - ok
13:16:11.0735 1692 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:16:11.0735 1692 TCPIP6 - ok
13:16:11.0798 1692 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:16:11.0798 1692 tcpipreg - ok
13:16:11.0844 1692 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:16:11.0844 1692 TDPIPE - ok
13:16:11.0860 1692 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:16:11.0860 1692 TDTCP - ok
13:16:11.0922 1692 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:16:11.0922 1692 tdx - ok
13:16:11.0938 1692 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:16:11.0938 1692 TermDD - ok
13:16:12.0000 1692 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:16:12.0000 1692 TermService - ok
13:16:12.0016 1692 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:16:12.0016 1692 Themes - ok
13:16:12.0047 1692 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:16:12.0047 1692 THREADORDER - ok
13:16:12.0078 1692 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:16:12.0094 1692 TrkWks - ok
13:16:12.0156 1692 [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
13:16:12.0156 1692 TrueSight - ok
13:16:12.0266 1692 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:16:12.0266 1692 TrustedInstaller - ok
13:16:12.0312 1692 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:12.0312 1692 tssecsrv - ok
13:16:12.0375 1692 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:16:12.0375 1692 TsUsbFlt - ok
13:16:12.0390 1692 tsusbhub - ok
13:16:12.0484 1692 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:16:12.0484 1692 tunnel - ok
13:16:12.0515 1692 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:16:12.0515 1692 uagp35 - ok
13:16:12.0531 1692 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:16:12.0546 1692 udfs - ok
13:16:12.0578 1692 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:16:12.0578 1692 UI0Detect - ok
13:16:12.0593 1692 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:16:12.0593 1692 uliagpkx - ok
13:16:12.0656 1692 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:16:12.0656 1692 umbus - ok
13:16:12.0687 1692 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:16:12.0687 1692 UmPass - ok
13:16:12.0749 1692 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
13:16:12.0749 1692 UmRdpService - ok
13:16:12.0765 1692 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:16:12.0765 1692 upnphost - ok
13:16:12.0827 1692 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:16:12.0827 1692 usbaudio - ok
13:16:12.0874 1692 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:12.0874 1692 usbccgp - ok
13:16:12.0921 1692 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:16:12.0921 1692 usbcir - ok
13:16:12.0936 1692 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:16:12.0952 1692 usbehci - ok
13:16:12.0968 1692 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:16:12.0983 1692 usbhub - ok
13:16:13.0014 1692 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:16:13.0014 1692 usbohci - ok
13:16:13.0046 1692 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:16:13.0046 1692 usbprint - ok
13:16:13.0092 1692 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:16:13.0092 1692 usbscan - ok
13:16:13.0124 1692 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:13.0124 1692 USBSTOR - ok
13:16:13.0170 1692 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:13.0170 1692 usbuhci - ok
13:16:13.0186 1692 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:16:13.0186 1692 UxSms - ok
13:16:13.0186 1692 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:16:13.0202 1692 VaultSvc - ok
13:16:13.0217 1692 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:16:13.0217 1692 vdrvroot - ok
13:16:13.0280 1692 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:16:13.0295 1692 vds - ok
13:16:13.0311 1692 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:13.0311 1692 vga - ok
13:16:13.0342 1692 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:16:13.0342 1692 VgaSave - ok
13:16:13.0358 1692 VGPU - ok
13:16:13.0389 1692 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:16:13.0389 1692 vhdmp - ok
13:16:13.0451 1692 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:16:13.0451 1692 viaagp - ok
13:16:13.0498 1692 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:16:13.0498 1692 ViaC7 - ok
13:16:13.0514 1692 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:16:13.0514 1692 viaide - ok
13:16:13.0560 1692 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:16:13.0560 1692 vmbus - ok
13:16:13.0623 1692 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:16:13.0623 1692 VMBusHID - ok
13:16:13.0638 1692 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:16:13.0638 1692 volmgr - ok
13:16:13.0654 1692 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:16:13.0654 1692 volmgrx - ok
13:16:13.0716 1692 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:16:13.0732 1692 volsnap - ok
13:16:13.0763 1692 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:16:13.0763 1692 vsmraid - ok
13:16:13.0826 1692 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:16:13.0857 1692 VSS - ok
13:16:13.0872 1692 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:16:13.0872 1692 vwifibus - ok
13:16:13.0904 1692 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:16:13.0919 1692 W32Time - ok
13:16:13.0935 1692 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:16:13.0935 1692 WacomPen - ok
13:16:13.0997 1692 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:16:13.0997 1692 WANARP - ok
13:16:13.0997 1692 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:16:13.0997 1692 Wanarpv6 - ok
13:16:14.0075 1692 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:16:14.0106 1692 WatAdminSvc - ok
13:16:14.0153 1692 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:16:14.0184 1692 wbengine - ok
13:16:14.0216 1692 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:16:14.0216 1692 WbioSrvc - ok
13:16:14.0262 1692 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:16:14.0278 1692 wcncsvc - ok
13:16:14.0278 1692 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:16:14.0294 1692 WcsPlugInService - ok
13:16:14.0325 1692 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:16:14.0340 1692 Wd - ok
13:16:14.0356 1692 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:16:14.0356 1692 Wdf01000 - ok
13:16:14.0418 1692 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:16:14.0418 1692 WdiServiceHost - ok
13:16:14.0418 1692 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:16:14.0418 1692 WdiSystemHost - ok
13:16:14.0512 1692 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:16:14.0512 1692 WebClient - ok
13:16:14.0543 1692 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:16:14.0543 1692 Wecsvc - ok
13:16:14.0574 1692 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:16:14.0574 1692 wercplsupport - ok
13:16:14.0590 1692 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:16:14.0590 1692 WerSvc - ok
13:16:14.0606 1692 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:16:14.0606 1692 WfpLwf - ok
13:16:14.0621 1692 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:16:14.0621 1692 WIMMount - ok
13:16:14.0699 1692 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:16:14.0715 1692 WinDefend - ok
13:16:14.0730 1692 WinHttpAutoProxySvc - ok
13:16:14.0777 1692 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:16:14.0777 1692 Winmgmt - ok
13:16:14.0855 1692 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:16:14.0886 1692 WinRM - ok
13:16:14.0918 1692 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:16:14.0949 1692 Wlansvc - ok
13:16:15.0011 1692 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:16:15.0011 1692 WmiAcpi - ok
13:16:15.0042 1692 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:16:15.0042 1692 wmiApSrv - ok
13:16:15.0105 1692 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:16:15.0136 1692 WMPNetworkSvc - ok
13:16:15.0167 1692 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:16:15.0167 1692 WPCSvc - ok
13:16:15.0214 1692 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:16:15.0230 1692 WPDBusEnum - ok
13:16:15.0245 1692 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:16:15.0245 1692 ws2ifsl - ok
13:16:15.0261 1692 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
13:16:15.0261 1692 wscsvc - ok
13:16:15.0276 1692 WSearch - ok
13:16:15.0370 1692 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:16:15.0417 1692 wuauserv - ok
13:16:15.0464 1692 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:16:15.0464 1692 WudfPf - ok
13:16:15.0542 1692 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:15.0542 1692 WUDFRd - ok
13:16:15.0542 1692 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:16:15.0557 1692 wudfsvc - ok
13:16:15.0573 1692 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:16:15.0573 1692 WwanSvc - ok
13:16:15.0588 1692 ================ Scan global ===============================
13:16:15.0635 1692 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:16:15.0698 1692 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:16:15.0713 1692 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:16:15.0744 1692 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:16:15.0776 1692 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:16:15.0776 1692 [Global] - ok
13:16:15.0791 1692 ================ Scan MBR ==================================
13:16:15.0791 1692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:16:15.0791 1692 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:16:15.0822 1692 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:16:15.0822 1692 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:16:15.0822 1692 ================ Scan VBR ==================================
13:16:15.0822 1692 [ 4BB3DE5538320B53118A53125EACA139 ] \Device\Harddisk0\DR0\Partition1
13:16:15.0822 1692 \Device\Harddisk0\DR0\Partition1 - ok
13:16:15.0822 1692 ============================================================
13:16:15.0822 1692 Scan finished
13:16:15.0822 1692 ============================================================
13:16:15.0854 2764 Detected object count: 1
13:16:15.0854 2764 Actual detected object count: 1
13:16:32.0327 2764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
13:16:32.0327 2764 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
13:16:38.0489 3332 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users