Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed exploit.drop.9 but still have search redirects


  • Please log in to reply
25 replies to this topic

#1 barnstormer

barnstormer

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 12:53 AM

I am using Windows 7 x 64. I recently started experiencing redirects when using Google for searches. At first, most redirects went to scour.com. I ran TDSSkiller and aswMBR and removed a file called exploit.drop.9. The redirects became less frequent and stopped sending me to scour.com, but continue most times I use Google. I have tried running HitmanPro and Norton and no problems were detected, yet the redirects continue. Any assistance would be greatly appreciated.

Edited by Andrew, 18 November 2012 - 05:52 AM.
Mod Edit: Moved to AII for removal help - AA


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 AM

Posted 18 November 2012 - 05:48 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 09:38 AM

This is the TDSSkiller report:

09:35:03.0358 3148 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:35:03.0859 3148 ============================================================
09:35:03.0859 3148 Current date / time: 2012/11/18 09:35:03.0859
09:35:03.0859 3148 SystemInfo:
09:35:03.0860 3148
09:35:03.0860 3148 OS Version: 6.1.7601 ServicePack: 1.0
09:35:03.0860 3148 Product type: Workstation
09:35:03.0860 3148 ComputerName: HANCOCK-PC
09:35:03.0864 3148 UserName: hancock
09:35:03.0864 3148 Windows directory: C:\windows
09:35:03.0864 3148 System windows directory: C:\windows
09:35:03.0864 3148 Running under WOW64
09:35:03.0864 3148 Processor architecture: Intel x64
09:35:03.0864 3148 Number of processors: 2
09:35:03.0864 3148 Page size: 0x1000
09:35:03.0864 3148 Boot type: Normal boot
09:35:03.0864 3148 ============================================================
09:35:04.0374 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:35:04.0378 3148 ============================================================
09:35:04.0378 3148 \Device\Harddisk0\DR0:
09:35:04.0378 3148 MBR partitions:
09:35:04.0378 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3833E800
09:35:04.0378 3148 ============================================================
09:35:04.0478 3148 C: <-> \Device\Harddisk0\DR0\Partition1
09:35:04.0478 3148 ============================================================
09:35:04.0478 3148 Initialize success
09:35:04.0478 3148 ============================================================
09:35:22.0619 2932 ============================================================
09:35:22.0620 2932 Scan started
09:35:22.0620 2932 Mode: Manual; TDLFS;
09:35:22.0620 2932 ============================================================
09:35:25.0282 2932 ================ Scan system memory ========================
09:35:25.0282 2932 System memory - ok
09:35:25.0283 2932 ================ Scan services =============================
09:35:25.0830 2932 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
09:35:25.0834 2932 1394ohci - ok
09:35:25.0880 2932 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
09:35:25.0884 2932 ACPI - ok
09:35:25.0954 2932 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
09:35:26.0193 2932 AcpiPmi - ok
09:35:26.0794 2932 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:35:26.0795 2932 AdobeARMservice - ok
09:35:27.0365 2932 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:35:27.0367 2932 AdobeFlashPlayerUpdateSvc - ok
09:35:27.0702 2932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
09:35:28.0301 2932 adp94xx - ok
09:35:28.0370 2932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
09:35:28.0375 2932 adpahci - ok
09:35:28.0447 2932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
09:35:28.0451 2932 adpu320 - ok
09:35:28.0486 2932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
09:35:28.0487 2932 AeLookupSvc - ok
09:35:28.0807 2932 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
09:35:28.0810 2932 AFD - ok
09:35:28.0863 2932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
09:35:28.0865 2932 agp440 - ok
09:35:28.0920 2932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
09:35:28.0922 2932 ALG - ok
09:35:29.0010 2932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
09:35:29.0013 2932 aliide - ok
09:35:29.0074 2932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
09:35:29.0076 2932 amdide - ok
09:35:29.0206 2932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
09:35:29.0208 2932 AmdK8 - ok
09:35:29.0251 2932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
09:35:29.0254 2932 AmdPPM - ok
09:35:29.0293 2932 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
09:35:29.0296 2932 amdsata - ok
09:35:29.0343 2932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
09:35:29.0348 2932 amdsbs - ok
09:35:29.0379 2932 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
09:35:29.0382 2932 amdxata - ok
09:35:29.0506 2932 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
09:35:29.0510 2932 AppID - ok
09:35:29.0588 2932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
09:35:29.0591 2932 AppIDSvc - ok
09:35:29.0739 2932 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
09:35:29.0741 2932 Appinfo - ok
09:35:29.0849 2932 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:35:29.0852 2932 Apple Mobile Device - ok
09:35:29.0925 2932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
09:35:29.0929 2932 arc - ok
09:35:30.0001 2932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
09:35:30.0005 2932 arcsas - ok
09:35:30.0053 2932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
09:35:30.0055 2932 AsyncMac - ok
09:35:30.0086 2932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
09:35:30.0087 2932 atapi - ok
09:35:30.0120 2932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:35:30.0124 2932 AudioEndpointBuilder - ok
09:35:30.0133 2932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
09:35:30.0137 2932 AudioSrv - ok
09:35:30.0188 2932 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
09:35:30.0190 2932 AxInstSV - ok
09:35:30.0249 2932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
09:35:30.0255 2932 b06bdrv - ok
09:35:30.0330 2932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
09:35:30.0338 2932 b57nd60a - ok
09:35:30.0398 2932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
09:35:30.0403 2932 BDESVC - ok
09:35:30.0461 2932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
09:35:30.0462 2932 Beep - ok
09:35:30.0577 2932 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
09:35:30.0589 2932 BFE - ok
09:35:31.0069 2932 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx64.sys
09:35:31.0088 2932 BHDrvx64 - ok
09:35:31.0192 2932 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
09:35:31.0208 2932 BITS - ok
09:35:31.0260 2932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
09:35:31.0261 2932 blbdrive - ok
09:35:31.0334 2932 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:35:31.0339 2932 Bonjour Service - ok
09:35:31.0385 2932 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
09:35:31.0387 2932 bowser - ok
09:35:31.0442 2932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
09:35:31.0443 2932 BrFiltLo - ok
09:35:31.0459 2932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
09:35:31.0460 2932 BrFiltUp - ok
09:35:31.0476 2932 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
09:35:31.0478 2932 BridgeMP - ok
09:35:31.0529 2932 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
09:35:31.0530 2932 Browser - ok
09:35:31.0554 2932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
09:35:31.0558 2932 Brserid - ok
09:35:31.0583 2932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
09:35:31.0585 2932 BrSerWdm - ok
09:35:31.0597 2932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
09:35:31.0598 2932 BrUsbMdm - ok
09:35:31.0608 2932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
09:35:31.0609 2932 BrUsbSer - ok
09:35:31.0652 2932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
09:35:31.0654 2932 BTHMODEM - ok
09:35:31.0711 2932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
09:35:31.0713 2932 bthserv - ok
09:35:31.0735 2932 catchme - ok
09:35:31.0851 2932 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys
09:35:31.0852 2932 ccSet_NIS - ok
09:35:31.0891 2932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
09:35:31.0893 2932 cdfs - ok
09:35:32.0006 2932 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
09:35:32.0009 2932 cdrom - ok
09:35:32.0069 2932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
09:35:32.0071 2932 CertPropSvc - ok
09:35:32.0102 2932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
09:35:32.0104 2932 circlass - ok
09:35:32.0124 2932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
09:35:32.0129 2932 CLFS - ok
09:35:32.0180 2932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:32.0182 2932 clr_optimization_v2.0.50727_32 - ok
09:35:32.0224 2932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:35:32.0226 2932 clr_optimization_v2.0.50727_64 - ok
09:35:32.0314 2932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:35:32.0315 2932 clr_optimization_v4.0.30319_32 - ok
09:35:32.0362 2932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:35:32.0363 2932 clr_optimization_v4.0.30319_64 - ok
09:35:32.0414 2932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
09:35:32.0415 2932 CmBatt - ok
09:35:32.0438 2932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
09:35:32.0441 2932 cmdide - ok
09:35:32.0475 2932 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
09:35:32.0481 2932 CNG - ok
09:35:32.0585 2932 [ 20506F12AFAD3DB588D007EA9325FBBC ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
09:35:32.0595 2932 CnxtHdAudService - ok
09:35:32.0683 2932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
09:35:32.0684 2932 Compbatt - ok
09:35:32.0730 2932 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
09:35:32.0731 2932 CompositeBus - ok
09:35:32.0754 2932 COMSysApp - ok
09:35:32.0873 2932 cpuz134 - ok
09:35:32.0904 2932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
09:35:32.0907 2932 crcdisk - ok
09:35:32.0966 2932 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
09:35:32.0967 2932 CryptSvc - ok
09:35:33.0042 2932 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:35:33.0047 2932 cvhsvc - ok
09:35:33.0129 2932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
09:35:33.0134 2932 DcomLaunch - ok
09:35:33.0201 2932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
09:35:33.0204 2932 defragsvc - ok
09:35:33.0254 2932 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
09:35:33.0255 2932 DfsC - ok
09:35:33.0324 2932 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
09:35:33.0326 2932 Dhcp - ok
09:35:33.0354 2932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
09:35:33.0355 2932 discache - ok
09:35:33.0409 2932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
09:35:33.0411 2932 Disk - ok
09:35:33.0463 2932 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
09:35:33.0465 2932 Dnscache - ok
09:35:33.0489 2932 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
09:35:33.0494 2932 dot3svc - ok
09:35:33.0501 2932 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
09:35:33.0503 2932 DPS - ok
09:35:33.0547 2932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
09:35:33.0549 2932 drmkaud - ok
09:35:33.0605 2932 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
09:35:33.0615 2932 DXGKrnl - ok
09:35:33.0648 2932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
09:35:33.0649 2932 EapHost - ok
09:35:33.0754 2932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
09:35:33.0786 2932 ebdrv - ok
09:35:33.0870 2932 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:35:33.0873 2932 eeCtrl - ok
09:35:33.0905 2932 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
09:35:33.0906 2932 EFS - ok
09:35:33.0964 2932 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
09:35:33.0972 2932 ehRecvr - ok
09:35:34.0012 2932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
09:35:34.0015 2932 ehSched - ok
09:35:34.0084 2932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
09:35:34.0090 2932 elxstor - ok
09:35:34.0152 2932 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:35:34.0153 2932 EraserUtilRebootDrv - ok
09:35:34.0180 2932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
09:35:34.0182 2932 ErrDev - ok
09:35:34.0244 2932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
09:35:34.0247 2932 EventSystem - ok
09:35:34.0296 2932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
09:35:34.0299 2932 exfat - ok
09:35:34.0322 2932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
09:35:34.0325 2932 fastfat - ok
09:35:34.0399 2932 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
09:35:34.0407 2932 Fax - ok
09:35:34.0454 2932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
09:35:34.0456 2932 fdc - ok
09:35:34.0490 2932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
09:35:34.0491 2932 fdPHost - ok
09:35:34.0498 2932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
09:35:34.0499 2932 FDResPub - ok
09:35:34.0549 2932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
09:35:34.0551 2932 FileInfo - ok
09:35:34.0576 2932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
09:35:34.0577 2932 Filetrace - ok
09:35:34.0625 2932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
09:35:34.0627 2932 flpydisk - ok
09:35:34.0635 2932 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
09:35:34.0638 2932 FltMgr - ok
09:35:34.0693 2932 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
09:35:34.0701 2932 FontCache - ok
09:35:34.0753 2932 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:35:34.0755 2932 FontCache3.0.0.0 - ok
09:35:34.0797 2932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
09:35:34.0799 2932 FsDepends - ok
09:35:34.0847 2932 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
09:35:34.0848 2932 Fs_Rec - ok
09:35:34.0889 2932 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
09:35:34.0891 2932 fvevol - ok
09:35:34.0946 2932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
09:35:34.0948 2932 gagp30kx - ok
09:35:35.0040 2932 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:35:35.0043 2932 GamesAppService - ok
09:35:35.0071 2932 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:35:35.0072 2932 GEARAspiWDM - ok
09:35:35.0130 2932 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
09:35:35.0135 2932 gpsvc - ok
09:35:35.0214 2932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:35:35.0215 2932 gupdate - ok
09:35:35.0239 2932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:35:35.0240 2932 gupdatem - ok
09:35:35.0262 2932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:35:35.0264 2932 gusvc - ok
09:35:35.0286 2932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
09:35:35.0287 2932 hcw85cir - ok
09:35:35.0304 2932 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:35:35.0308 2932 HdAudAddService - ok
09:35:35.0325 2932 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
09:35:35.0326 2932 HDAudBus - ok
09:35:35.0347 2932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
09:35:35.0348 2932 HidBatt - ok
09:35:35.0370 2932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
09:35:35.0372 2932 HidBth - ok
09:35:35.0419 2932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
09:35:35.0420 2932 HidIr - ok
09:35:35.0442 2932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
09:35:35.0444 2932 hidserv - ok
09:35:35.0495 2932 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
09:35:35.0496 2932 HidUsb - ok
09:35:35.0550 2932 [ 874073073B79FF7161AA66F809B05137 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
09:35:35.0551 2932 HitmanProScheduler - ok
09:35:35.0578 2932 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
09:35:35.0579 2932 hkmsvc - ok
09:35:35.0599 2932 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:35:35.0601 2932 HomeGroupListener - ok
09:35:35.0637 2932 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:35:35.0639 2932 HomeGroupProvider - ok
09:35:35.0698 2932 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
09:35:35.0701 2932 HpSAMD - ok
09:35:35.0758 2932 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
09:35:35.0766 2932 HTTP - ok
09:35:35.0778 2932 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
09:35:35.0779 2932 hwpolicy - ok
09:35:35.0812 2932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
09:35:35.0813 2932 i8042prt - ok
09:35:35.0887 2932 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
09:35:35.0891 2932 iaStor - ok
09:35:35.0962 2932 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
09:35:35.0967 2932 iaStorV - ok
09:35:36.0072 2932 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:35:36.0074 2932 IDriverT - ok
09:35:36.0124 2932 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:35:36.0133 2932 idsvc - ok
09:35:36.0279 2932 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121116.001\IDSvia64.sys
09:35:36.0282 2932 IDSVia64 - ok
09:35:36.0628 2932 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
09:35:36.0819 2932 igfx - ok
09:35:36.0861 2932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
09:35:36.0863 2932 iirsp - ok
09:35:36.0938 2932 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
09:35:36.0943 2932 IKEEXT - ok
09:35:37.0007 2932 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
09:35:37.0009 2932 IntcDAud - ok
09:35:37.0046 2932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
09:35:37.0048 2932 intelide - ok
09:35:37.0094 2932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
09:35:37.0095 2932 intelppm - ok
09:35:37.0122 2932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
09:35:37.0125 2932 IPBusEnum - ok
09:35:37.0140 2932 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
09:35:37.0142 2932 IpFilterDriver - ok
09:35:37.0222 2932 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
09:35:37.0226 2932 iphlpsvc - ok
09:35:37.0272 2932 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
09:35:37.0274 2932 IPMIDRV - ok
09:35:37.0316 2932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
09:35:37.0318 2932 IPNAT - ok
09:35:37.0382 2932 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:35:37.0388 2932 iPod Service - ok
09:35:37.0437 2932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
09:35:37.0438 2932 IRENUM - ok
09:35:37.0456 2932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
09:35:37.0458 2932 isapnp - ok
09:35:37.0493 2932 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
09:35:37.0497 2932 iScsiPrt - ok
09:35:37.0513 2932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
09:35:37.0514 2932 kbdclass - ok
09:35:37.0559 2932 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
09:35:37.0561 2932 kbdhid - ok
09:35:37.0582 2932 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
09:35:37.0584 2932 KeyIso - ok
09:35:37.0613 2932 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
09:35:37.0615 2932 KSecDD - ok
09:35:37.0633 2932 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
09:35:37.0636 2932 KSecPkg - ok
09:35:37.0661 2932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
09:35:37.0665 2932 ksthunk - ok
09:35:37.0726 2932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
09:35:37.0732 2932 KtmRm - ok
09:35:37.0791 2932 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
09:35:37.0791 2932 L1C - ok
09:35:37.0817 2932 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
09:35:37.0819 2932 LanmanServer - ok
09:35:37.0873 2932 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:35:37.0876 2932 LanmanWorkstation - ok
09:35:37.0927 2932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
09:35:37.0928 2932 lltdio - ok
09:35:37.0994 2932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
09:35:37.0999 2932 lltdsvc - ok
09:35:38.0022 2932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
09:35:38.0023 2932 lmhosts - ok
09:35:38.0130 2932 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:35:38.0132 2932 LMS - ok
09:35:38.0198 2932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
09:35:38.0200 2932 LSI_FC - ok
09:35:38.0218 2932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
09:35:38.0220 2932 LSI_SAS - ok
09:35:38.0238 2932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
09:35:38.0240 2932 LSI_SAS2 - ok
09:35:38.0259 2932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
09:35:38.0261 2932 LSI_SCSI - ok
09:35:38.0284 2932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
09:35:38.0285 2932 luafv - ok
09:35:38.0340 2932 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
09:35:38.0340 2932 MBAMProtector - ok
09:35:38.0408 2932 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:35:38.0411 2932 MBAMScheduler - ok
09:35:38.0441 2932 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:35:38.0445 2932 MBAMService - ok
09:35:38.0540 2932 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
09:35:38.0542 2932 McComponentHostService - ok
09:35:38.0589 2932 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
09:35:38.0592 2932 Mcx2Svc - ok
09:35:38.0625 2932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
09:35:38.0626 2932 megasas - ok
09:35:38.0642 2932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
09:35:38.0647 2932 MegaSR - ok
09:35:38.0701 2932 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
09:35:38.0702 2932 MEIx64 - ok
09:35:38.0726 2932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
09:35:38.0728 2932 MMCSS - ok
09:35:38.0755 2932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
09:35:38.0757 2932 Modem - ok
09:35:38.0806 2932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
09:35:38.0807 2932 monitor - ok
09:35:38.0853 2932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
09:35:38.0854 2932 mouclass - ok
09:35:38.0887 2932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
09:35:38.0888 2932 mouhid - ok
09:35:38.0911 2932 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
09:35:38.0912 2932 mountmgr - ok
09:35:38.0933 2932 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
09:35:38.0937 2932 mpio - ok
09:35:38.0944 2932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
09:35:38.0945 2932 mpsdrv - ok
09:35:39.0013 2932 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
09:35:39.0019 2932 MpsSvc - ok
09:35:39.0042 2932 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
09:35:39.0045 2932 MRxDAV - ok
09:35:39.0067 2932 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
09:35:39.0070 2932 mrxsmb - ok
09:35:39.0090 2932 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
09:35:39.0094 2932 mrxsmb10 - ok
09:35:39.0101 2932 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
09:35:39.0103 2932 mrxsmb20 - ok
09:35:39.0117 2932 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
09:35:39.0118 2932 msahci - ok
09:35:39.0133 2932 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
09:35:39.0136 2932 msdsm - ok
09:35:39.0160 2932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
09:35:39.0163 2932 MSDTC - ok
09:35:39.0208 2932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
09:35:39.0209 2932 Msfs - ok
09:35:39.0223 2932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
09:35:39.0224 2932 mshidkmdf - ok
09:35:39.0243 2932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
09:35:39.0244 2932 msisadrv - ok
09:35:39.0290 2932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
09:35:39.0293 2932 MSiSCSI - ok
09:35:39.0300 2932 msiserver - ok
09:35:39.0347 2932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
09:35:39.0348 2932 MSKSSRV - ok
09:35:39.0365 2932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
09:35:39.0367 2932 MSPCLOCK - ok
09:35:39.0374 2932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
09:35:39.0375 2932 MSPQM - ok
09:35:39.0398 2932 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
09:35:39.0402 2932 MsRPC - ok
09:35:39.0419 2932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
09:35:39.0420 2932 mssmbios - ok
09:35:39.0427 2932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
09:35:39.0428 2932 MSTEE - ok
09:35:39.0444 2932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
09:35:39.0445 2932 MTConfig - ok
09:35:39.0452 2932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
09:35:39.0454 2932 Mup - ok
09:35:39.0513 2932 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
09:35:39.0519 2932 napagent - ok
09:35:39.0584 2932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
09:35:39.0588 2932 NativeWifiP - ok
09:35:39.0703 2932 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121117.005\ENG64.SYS
09:35:39.0705 2932 NAVENG - ok
09:35:39.0758 2932 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121117.005\EX64.SYS
09:35:39.0769 2932 NAVEX15 - ok
09:35:39.0843 2932 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
09:35:39.0853 2932 NDIS - ok
09:35:40.0285 2932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
09:35:40.0337 2932 NdisCap - ok
09:35:40.0468 2932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
09:35:40.0470 2932 NdisTapi - ok
09:35:40.0508 2932 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
09:35:40.0509 2932 Ndisuio - ok
09:35:40.0545 2932 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
09:35:40.0548 2932 NdisWan - ok
09:35:40.0552 2932 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
09:35:40.0553 2932 NDProxy - ok
09:35:40.0590 2932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
09:35:40.0590 2932 NetBIOS - ok
09:35:40.0597 2932 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
09:35:40.0599 2932 NetBT - ok
09:35:40.0627 2932 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
09:35:40.0628 2932 Netlogon - ok
09:35:40.0692 2932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
09:35:40.0695 2932 Netman - ok
09:35:40.0727 2932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
09:35:40.0731 2932 netprofm - ok
09:35:40.0760 2932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:35:40.0762 2932 NetTcpPortSharing - ok
09:35:40.0825 2932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
09:35:40.0828 2932 nfrd960 - ok
09:35:41.0031 2932 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
09:35:41.0032 2932 NIS - ok
09:35:41.0081 2932 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
09:35:41.0084 2932 NlaSvc - ok
09:35:41.0120 2932 Norton PC Checkup Application Launcher - ok
09:35:41.0140 2932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
09:35:41.0141 2932 Npfs - ok
09:35:41.0162 2932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
09:35:41.0164 2932 nsi - ok
09:35:41.0174 2932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
09:35:41.0175 2932 nsiproxy - ok
09:35:41.0235 2932 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
09:35:41.0251 2932 Ntfs - ok
09:35:41.0292 2932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
09:35:41.0293 2932 Null - ok
09:35:41.0314 2932 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
09:35:41.0317 2932 nvraid - ok
09:35:41.0333 2932 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
09:35:41.0336 2932 nvstor - ok
09:35:41.0349 2932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
09:35:41.0352 2932 nv_agp - ok
09:35:41.0359 2932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
09:35:41.0361 2932 ohci1394 - ok
09:35:41.0389 2932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:41.0390 2932 ose - ok
09:35:41.0504 2932 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:35:41.0578 2932 osppsvc - ok
09:35:41.0611 2932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
09:35:41.0615 2932 p2pimsvc - ok
09:35:41.0635 2932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
09:35:41.0639 2932 p2psvc - ok
09:35:41.0668 2932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
09:35:41.0671 2932 Parport - ok
09:35:41.0701 2932 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
09:35:41.0702 2932 partmgr - ok
09:35:41.0731 2932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
09:35:41.0734 2932 PcaSvc - ok
09:35:41.0759 2932 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
09:35:41.0760 2932 PCCUJobMgr - ok
09:35:41.0786 2932 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
09:35:41.0789 2932 pci - ok
09:35:41.0804 2932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
09:35:41.0805 2932 pciide - ok
09:35:41.0823 2932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
09:35:41.0827 2932 pcmcia - ok
09:35:41.0834 2932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
09:35:41.0835 2932 pcw - ok
09:35:41.0861 2932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
09:35:41.0869 2932 PEAUTH - ok
09:35:41.0943 2932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
09:35:41.0946 2932 PerfHost - ok
09:35:42.0005 2932 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
09:35:42.0006 2932 PGEffect - ok
09:35:42.0058 2932 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
09:35:42.0075 2932 pla - ok
09:35:42.0144 2932 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
09:35:42.0148 2932 PlugPlay - ok
09:35:42.0176 2932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
09:35:42.0178 2932 PNRPAutoReg - ok
09:35:42.0201 2932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
09:35:42.0204 2932 PNRPsvc - ok
09:35:42.0248 2932 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
09:35:42.0252 2932 PolicyAgent - ok
09:35:42.0274 2932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
09:35:42.0277 2932 Power - ok
09:35:42.0333 2932 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
09:35:42.0335 2932 PptpMiniport - ok
09:35:42.0353 2932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
09:35:42.0355 2932 Processor - ok
09:35:42.0392 2932 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
09:35:42.0394 2932 ProfSvc - ok
09:35:42.0405 2932 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:35:42.0406 2932 ProtectedStorage - ok
09:35:42.0450 2932 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
09:35:42.0451 2932 Psched - ok
09:35:42.0508 2932 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
09:35:42.0509 2932 QIOMem - ok
09:35:42.0552 2932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
09:35:42.0567 2932 ql2300 - ok
09:35:42.0603 2932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
09:35:42.0606 2932 ql40xx - ok
09:35:42.0638 2932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
09:35:42.0643 2932 QWAVE - ok
09:35:42.0652 2932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
09:35:42.0654 2932 QWAVEdrv - ok
09:35:42.0665 2932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
09:35:42.0666 2932 RasAcd - ok
09:35:42.0713 2932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
09:35:42.0714 2932 RasAgileVpn - ok
09:35:42.0726 2932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
09:35:42.0729 2932 RasAuto - ok
09:35:42.0734 2932 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
09:35:42.0736 2932 Rasl2tp - ok
09:35:42.0768 2932 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
09:35:42.0771 2932 RasMan - ok
09:35:42.0787 2932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
09:35:42.0789 2932 RasPppoe - ok
09:35:42.0794 2932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
09:35:42.0795 2932 RasSstp - ok
09:35:42.0814 2932 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
09:35:42.0816 2932 rdbss - ok
09:35:42.0831 2932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
09:35:42.0833 2932 rdpbus - ok
09:35:42.0876 2932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
09:35:42.0876 2932 RDPCDD - ok
09:35:42.0883 2932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
09:35:42.0884 2932 RDPENCDD - ok
09:35:42.0900 2932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
09:35:42.0900 2932 RDPREFMP - ok
09:35:42.0934 2932 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
09:35:42.0943 2932 RDPWD - ok
09:35:43.0005 2932 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
09:35:43.0008 2932 rdyboost - ok
09:35:43.0063 2932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
09:35:43.0066 2932 RemoteAccess - ok
09:35:43.0093 2932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
09:35:43.0097 2932 RemoteRegistry - ok
09:35:43.0167 2932 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\windows\system32\DRIVERS\revoflt.sys
09:35:43.0168 2932 Revoflt - ok
09:35:43.0189 2932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
09:35:43.0191 2932 RpcEptMapper - ok
09:35:43.0210 2932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
09:35:43.0212 2932 RpcLocator - ok
09:35:43.0240 2932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
09:35:43.0245 2932 RpcSs - ok
09:35:43.0294 2932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
09:35:43.0296 2932 rspndr - ok
09:35:43.0355 2932 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
09:35:43.0358 2932 RSUSBSTOR - ok
09:35:43.0379 2932 [ E5DC911D0FEB72CAFF2BBDD6E7C3672F ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys
09:35:43.0383 2932 RSUSBVSTOR - ok
09:35:43.0448 2932 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
09:35:43.0459 2932 RTL8192Ce - ok
09:35:43.0471 2932 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
09:35:43.0472 2932 SamSs - ok
09:35:43.0502 2932 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
09:35:43.0504 2932 sbp2port - ok
09:35:43.0538 2932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
09:35:43.0543 2932 SCardSvr - ok
09:35:43.0565 2932 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
09:35:43.0567 2932 scfilter - ok
09:35:43.0603 2932 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
09:35:43.0611 2932 Schedule - ok
09:35:43.0636 2932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
09:35:43.0637 2932 SCPolicySvc - ok
09:35:43.0670 2932 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
09:35:43.0676 2932 SDRSVC - ok
09:35:43.0721 2932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
09:35:43.0722 2932 secdrv - ok
09:35:43.0735 2932 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
09:35:43.0737 2932 seclogon - ok
09:35:43.0758 2932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
09:35:43.0760 2932 SENS - ok
09:35:43.0813 2932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
09:35:43.0816 2932 SensrSvc - ok
09:35:43.0863 2932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
09:35:43.0865 2932 Serenum - ok
09:35:43.0911 2932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
09:35:43.0914 2932 Serial - ok
09:35:43.0921 2932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
09:35:43.0922 2932 sermouse - ok
09:35:43.0954 2932 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
09:35:43.0957 2932 SessionEnv - ok
09:35:43.0964 2932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
09:35:43.0966 2932 sffdisk - ok
09:35:43.0985 2932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
09:35:43.0987 2932 sffp_mmc - ok
09:35:43.0994 2932 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
09:35:43.0996 2932 sffp_sd - ok
09:35:44.0002 2932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
09:35:44.0004 2932 sfloppy - ok
09:35:44.0077 2932 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
09:35:44.0084 2932 Sftfs - ok
09:35:44.0172 2932 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:35:44.0179 2932 sftlist - ok
09:35:44.0209 2932 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
09:35:44.0213 2932 Sftplay - ok
09:35:44.0230 2932 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
09:35:44.0231 2932 Sftredir - ok
09:35:44.0251 2932 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
09:35:44.0252 2932 Sftvol - ok
09:35:44.0277 2932 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:35:44.0280 2932 sftvsa - ok
09:35:44.0343 2932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
09:35:44.0347 2932 SharedAccess - ok
09:35:44.0388 2932 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:35:44.0391 2932 ShellHWDetection - ok
09:35:44.0429 2932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
09:35:44.0431 2932 SiSRaid2 - ok
09:35:44.0454 2932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
09:35:44.0456 2932 SiSRaid4 - ok
09:35:44.0497 2932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
09:35:44.0499 2932 Smb - ok
09:35:44.0557 2932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
09:35:44.0559 2932 SNMPTRAP - ok
09:35:44.0574 2932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
09:35:44.0575 2932 spldr - ok
09:35:44.0609 2932 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
09:35:44.0616 2932 Spooler - ok
09:35:44.0696 2932 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
09:35:44.0727 2932 sppsvc - ok
09:35:44.0745 2932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
09:35:44.0748 2932 sppuinotify - ok
09:35:44.0858 2932 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
09:35:44.0863 2932 SRTSP - ok
09:35:44.0888 2932 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
09:35:44.0888 2932 SRTSPX - ok
09:35:44.0929 2932 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
09:35:44.0934 2932 srv - ok
09:35:44.0944 2932 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
09:35:44.0950 2932 srv2 - ok
09:35:45.0024 2932 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
09:35:45.0028 2932 SrvHsfHDA - ok
09:35:45.0062 2932 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
09:35:45.0077 2932 SrvHsfV92 - ok
09:35:45.0107 2932 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
09:35:45.0115 2932 SrvHsfWinac - ok
09:35:45.0134 2932 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
09:35:45.0136 2932 srvnet - ok
09:35:45.0196 2932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
09:35:45.0198 2932 SSDPSRV - ok
09:35:45.0212 2932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
09:35:45.0214 2932 SstpSvc - ok
09:35:45.0250 2932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
09:35:45.0251 2932 stexstor - ok
09:35:45.0300 2932 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
09:35:45.0305 2932 stisvc - ok
09:35:45.0317 2932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
09:35:45.0318 2932 swenum - ok
09:35:45.0376 2932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
09:35:45.0383 2932 swprv - ok
09:35:45.0428 2932 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
09:35:45.0431 2932 SymDS - ok
09:35:45.0502 2932 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
09:35:45.0509 2932 SymEFA - ok
09:35:45.0548 2932 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
09:35:45.0550 2932 SymEvent - ok
09:35:45.0581 2932 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS
09:35:45.0582 2932 SymIRON - ok
09:35:45.0630 2932 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
09:35:45.0633 2932 SymNetS - ok
09:35:45.0713 2932 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
09:35:45.0727 2932 SynTP - ok
09:35:45.0785 2932 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
09:35:45.0800 2932 SysMain - ok
09:35:45.0807 2932 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:35:45.0811 2932 TabletInputService - ok
09:35:45.0821 2932 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
09:35:45.0824 2932 TapiSrv - ok
09:35:45.0838 2932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
09:35:45.0840 2932 TBS - ok
09:35:45.0948 2932 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
09:35:45.0967 2932 Tcpip - ok
09:35:46.0009 2932 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
09:35:46.0020 2932 TCPIP6 - ok
09:35:46.0059 2932 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
09:35:46.0060 2932 tcpipreg - ok
09:35:46.0112 2932 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
09:35:46.0113 2932 tdcmdpst - ok
09:35:46.0147 2932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
09:35:46.0148 2932 TDPIPE - ok
09:35:46.0188 2932 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
09:35:46.0189 2932 TDTCP - ok
09:35:46.0213 2932 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
09:35:46.0214 2932 tdx - ok
09:35:46.0258 2932 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
09:35:46.0259 2932 TermDD - ok
09:35:46.0306 2932 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
09:35:46.0314 2932 TermService - ok
09:35:46.0334 2932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
09:35:46.0336 2932 Themes - ok
09:35:46.0371 2932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
09:35:46.0372 2932 THREADORDER - ok
09:35:46.0452 2932 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:35:46.0452 2932 TMachInfo - ok
09:35:46.0514 2932 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe
09:35:46.0516 2932 TODDSrv - ok
09:35:46.0631 2932 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:35:46.0637 2932 TosCoSrv - ok
09:35:46.0695 2932 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
09:35:46.0698 2932 TOSHIBA eco Utility Service - ok
09:35:46.0786 2932 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:35:46.0787 2932 TOSHIBA HDD SSD Alert Service - ok
09:35:46.0856 2932 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
09:35:46.0861 2932 tos_sps64 - ok
09:35:46.0918 2932 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
09:35:46.0923 2932 TPCHSrv - ok
09:35:46.0962 2932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
09:35:46.0964 2932 TrkWks - ok
09:35:47.0023 2932 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:35:47.0025 2932 TrustedInstaller - ok
09:35:47.0049 2932 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
09:35:47.0051 2932 tssecsrv - ok
09:35:47.0094 2932 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
09:35:47.0096 2932 TsUsbFlt - ok
09:35:47.0111 2932 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
09:35:47.0113 2932 TsUsbGD - ok
09:35:47.0171 2932 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
09:35:47.0172 2932 tunnel - ok
09:35:47.0211 2932 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:35:47.0212 2932 TVALZ - ok
09:35:47.0238 2932 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
09:35:47.0239 2932 TVALZFL - ok
09:35:47.0264 2932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
09:35:47.0266 2932 uagp35 - ok
09:35:47.0284 2932 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
09:35:47.0289 2932 udfs - ok
09:35:47.0326 2932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
09:35:47.0329 2932 UI0Detect - ok
09:35:47.0344 2932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
09:35:47.0346 2932 uliagpkx - ok
09:35:47.0382 2932 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
09:35:47.0383 2932 umbus - ok
09:35:47.0445 2932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
09:35:47.0447 2932 UmPass - ok
09:35:47.0572 2932 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:35:47.0588 2932 UNS - ok
09:35:47.0620 2932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
09:35:47.0623 2932 upnphost - ok
09:35:47.0675 2932 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
09:35:47.0676 2932 USBAAPL64 - ok
09:35:47.0716 2932 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
09:35:47.0718 2932 usbccgp - ok
09:35:47.0742 2932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
09:35:47.0744 2932 usbcir - ok
09:35:47.0752 2932 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
09:35:47.0752 2932 usbehci - ok
09:35:47.0777 2932 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
09:35:47.0781 2932 usbhub - ok
09:35:47.0802 2932 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
09:35:47.0803 2932 usbohci - ok
09:35:47.0829 2932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
09:35:47.0831 2932 usbprint - ok
09:35:47.0871 2932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
09:35:47.0873 2932 usbscan - ok
09:35:47.0916 2932 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
09:35:47.0918 2932 USBSTOR - ok
09:35:47.0956 2932 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
09:35:47.0958 2932 usbuhci - ok
09:35:47.0994 2932 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
09:35:47.0997 2932 usbvideo - ok
09:35:48.0042 2932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
09:35:48.0044 2932 UxSms - ok
09:35:48.0082 2932 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
09:35:48.0083 2932 VaultSvc - ok
09:35:48.0141 2932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
09:35:48.0142 2932 vdrvroot - ok
09:35:48.0204 2932 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
09:35:48.0211 2932 vds - ok
09:35:48.0255 2932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
09:35:48.0256 2932 vga - ok
09:35:48.0269 2932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
09:35:48.0270 2932 VgaSave - ok
09:35:48.0291 2932 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
09:35:48.0294 2932 vhdmp - ok
09:35:48.0323 2932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
09:35:48.0324 2932 viaide - ok
09:35:48.0340 2932 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
09:35:48.0342 2932 volmgr - ok
09:35:48.0350 2932 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
09:35:48.0354 2932 volmgrx - ok
09:35:48.0378 2932 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
09:35:48.0382 2932 volsnap - ok
09:35:48.0544 2932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
09:35:48.0550 2932 vsmraid - ok
09:35:48.0696 2932 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
09:35:48.0712 2932 VSS - ok
09:35:48.0736 2932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
09:35:48.0737 2932 vwifibus - ok
09:35:48.0783 2932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
09:35:48.0783 2932 vwififlt - ok
09:35:48.0801 2932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
09:35:48.0806 2932 W32Time - ok
09:35:48.0823 2932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
09:35:48.0825 2932 WacomPen - ok
09:35:48.0855 2932 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
09:35:48.0856 2932 WANARP - ok
09:35:48.0861 2932 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
09:35:48.0862 2932 Wanarpv6 - ok
09:35:48.0942 2932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
09:35:48.0955 2932 WatAdminSvc - ok
09:35:49.0014 2932 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
09:35:49.0031 2932 wbengine - ok
09:35:49.0038 2932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
09:35:49.0042 2932 WbioSrvc - ok
09:35:49.0050 2932 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
09:35:49.0056 2932 wcncsvc - ok
09:35:49.0069 2932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:35:49.0072 2932 WcsPlugInService - ok
09:35:49.0098 2932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
09:35:49.0099 2932 Wd - ok
09:35:49.0136 2932 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
09:35:49.0144 2932 Wdf01000 - ok
09:35:49.0180 2932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
09:35:49.0182 2932 WdiServiceHost - ok
09:35:49.0189 2932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
09:35:49.0191 2932 WdiSystemHost - ok
09:35:49.0205 2932 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
09:35:49.0210 2932 WebClient - ok
09:35:49.0229 2932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
09:35:49.0234 2932 Wecsvc - ok
09:35:49.0248 2932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
09:35:49.0251 2932 wercplsupport - ok
09:35:49.0298 2932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
09:35:49.0300 2932 WerSvc - ok
09:35:49.0361 2932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
09:35:49.0361 2932 WfpLwf - ok
09:35:49.0378 2932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
09:35:49.0379 2932 WIMMount - ok
09:35:49.0424 2932 WinDefend - ok
09:35:49.0434 2932 WinHttpAutoProxySvc - ok
09:35:49.0484 2932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
09:35:49.0486 2932 Winmgmt - ok
09:35:49.0536 2932 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
09:35:49.0559 2932 WinRM - ok
09:35:49.0646 2932 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
09:35:49.0648 2932 WinUsb - ok
09:35:49.0714 2932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
09:35:49.0721 2932 Wlansvc - ok
09:35:49.0801 2932 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:35:49.0802 2932 wlcrasvc - ok
09:35:49.0897 2932 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:35:49.0920 2932 wlidsvc - ok
09:35:49.0974 2932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
09:35:49.0975 2932 WmiAcpi - ok
09:35:50.0000 2932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
09:35:50.0004 2932 wmiApSrv - ok
09:35:50.0063 2932 WMPNetworkSvc - ok
09:35:50.0083 2932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
09:35:50.0086 2932 WPCSvc - ok
09:35:50.0111 2932 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
09:35:50.0113 2932 WPDBusEnum - ok
09:35:50.0148 2932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
09:35:50.0149 2932 ws2ifsl - ok
09:35:50.0184 2932 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
09:35:50.0187 2932 wscsvc - ok
09:35:50.0192 2932 WSearch - ok
09:35:50.0308 2932 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
09:35:50.0328 2932 wuauserv - ok
09:35:50.0374 2932 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
09:35:50.0376 2932 WudfPf - ok
09:35:50.0417 2932 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
09:35:50.0420 2932 WUDFRd - ok
09:35:50.0464 2932 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
09:35:50.0466 2932 wudfsvc - ok
09:35:50.0516 2932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
09:35:50.0520 2932 WwanSvc - ok
09:35:50.0603 2932 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:35:50.0607 2932 YahooAUService - ok
09:35:50.0654 2932 ================ Scan global ===============================
09:35:50.0675 2932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:35:50.0713 2932 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
09:35:50.0720 2932 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
09:35:50.0788 2932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:35:50.0823 2932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:35:50.0826 2932 [Global] - ok
09:35:50.0826 2932 ================ Scan MBR ==================================
09:35:50.0844 2932 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
09:35:51.0069 2932 \Device\Harddisk0\DR0 - ok
09:35:51.0069 2932 ================ Scan VBR ==================================
09:35:51.0094 2932 [ EF4E68F9EC02AABEC2867B5DE2945259 ] \Device\Harddisk0\DR0\Partition1
09:35:51.0095 2932 \Device\Harddisk0\DR0\Partition1 - ok
09:35:51.0095 2932 ============================================================
09:35:51.0095 2932 Scan finished
09:35:51.0095 2932 ============================================================
09:35:51.0106 1632 Detected object count: 0
09:35:51.0106 1632 Actual detected object count: 0

#4 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 09:45 AM

aswMBR did crash. Will run now in safe mode with networking. This is the message Windows gave me following reboot in safe mode:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000007e
BCP1: FFFFFFFFC0000005
BCP2: 0000000000000000
BCP3: FFFFF8800391E958
BCP4: FFFFF8800391E1B0
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\111812-23150-01.dmp
C:\Users\hancock\AppData\Local\Temp\WER-44444-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt

#5 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 09:58 AM

Here is the log from aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-18 09:46:08
-----------------------------
09:46:08.848 OS Version: Windows x64 6.1.7601 Service Pack 1
09:46:08.848 Number of processors: 2 586 0x2A07
09:46:08.848 ComputerName: HANCOCK-PC UserName: hancock
09:46:11.328 Initialize success
09:46:20.610 AVAST engine defs: 12111700
09:47:38.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:47:38.080 Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
09:47:38.111 Disk 0 MBR read successfully
09:47:38.111 Disk 0 MBR scan
09:47:38.111 Disk 0 Windows VISTA default MBR code
09:47:38.127 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
09:47:38.142 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460413 MB offset 3074048
09:47:38.158 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15026 MB offset 945999872
09:47:38.205 Disk 0 scanning C:\windows\system32\drivers
09:47:46.301 Service scanning
09:48:23.679 Modules scanning
09:48:23.679 Disk 0 trace - called modules:
09:48:23.710 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:48:23.710 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004aca060]
09:48:23.725 3 CLASSPNP.SYS[fffff88001cae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003fd7050]
09:48:25.348 AVAST engine scan C:\windows
09:48:28.125 AVAST engine scan C:\windows\system32
09:50:20.601 AVAST engine scan C:\windows\system32\drivers
09:50:31.490 AVAST engine scan C:\Users\hancock
09:55:10.075 AVAST engine scan C:\ProgramData
09:56:35.937 Scan finished successfully
09:57:05.328 Disk 0 MBR has been saved successfully to "C:\Users\hancock\Documents\MBR.dat"
09:57:05.328 The log file has been saved successfully to "C:\Users\hancock\Documents\aswMBR2.txt"

#6 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 10:11 AM

I downloaded ESET Online Scanner and when I try to run it, it gets to 4% and says "Can not get update. Is proxy configured?" I have tried re-installing it, but get that same message every time I try and run it.

#7 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 10:13 AM

Also, I saved my scan log from the time I ran aswMBR before posting on bleepingcomputer.com. Would posting that here help?

#8 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 12:18 PM

I was finally able to get ESET to download and run. Here is the threat list:

C:\Qoobox\Quarantine\C\Users\hancock\AppData\Local\Apps\Apple Computer\urpshn.dll.vir a variant of Win32/Kryptik.AOWX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.11.2012_12.58.16\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 AM

Posted 18 November 2012 - 12:50 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#10 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 03:40 PM

The result of the Malware Bytes scan:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
hancock :: HANCOCK-PC [administrator]

Protection: Enabled

11/18/2012 3:11:05 PM
mbam-log-2012-11-18 (15-11-05).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323377
Time elapsed: 28 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 03:48 PM

The mini toolbox result:

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by hancock (administrator) on 18-11-2012 at 15:46:53
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : hancock-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : columbus.rr.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : NB4WDS.COM
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 04-7D-7B-63-B2-1B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : columbus.rr.com
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 9C-B7-0D-77-38-1B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b00d:ec1f:92dc:9bdc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 18, 2012 2:52:50 PM
Lease Expires . . . . . . . . . . : Sunday, November 18, 2012 4:22:51 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 245151501
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-D2-C9-28-9C-B7-0D-77-38-1B
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.columbus.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : columbus.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.NB4WDS.COM:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38a2:ba:519a:b8a8(Preferred)
Link-local IPv6 Address . . . . . : fe80::38a2:ba:519a:b8a8%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4009:802::1006
74.125.225.64
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71
74.125.225.72
74.125.225.73
74.125.225.78


Pinging google.com [74.125.225.46] with 32 bytes of data:
Reply from 74.125.225.46: bytes=32 time=26ms TTL=55
Reply from 74.125.225.46: bytes=32 time=27ms TTL=55

Ping statistics for 74.125.225.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=187ms TTL=49
Reply from 98.139.183.24: bytes=32 time=110ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 187ms, Average = 148ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 5ms, Maximum = 7ms, Average = 6ms
===========================================================================
Interface List
12...04 7d 7b 63 b2 1b ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...9c b7 0d 77 38 1b ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:38a2:ba:519a:b8a8/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::38a2:ba:519a:b8a8/128
On-link
11 281 fe80::b00d:ec1f:92dc:9bdc/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2012 00:34:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11435

Error: (11/18/2012 00:34:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11435

Error: (11/18/2012 00:34:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2012 00:34:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10250

Error: (11/18/2012 00:34:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10250

Error: (11/18/2012 00:34:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2012 00:34:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9251

Error: (11/18/2012 00:34:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9251

Error: (11/18/2012 00:34:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2012 00:34:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8253


System errors:
=============
Error: (11/18/2012 09:57:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:57:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:57:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:52:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:52:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:52:00 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:49:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:49:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:49:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/18/2012 09:44:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/18/2012 00:34:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11435

Error: (11/18/2012 00:34:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11435

Error: (11/18/2012 00:34:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2012 00:34:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10250

Error: (11/18/2012 00:34:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10250

Error: (11/18/2012 00:34:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2012 00:34:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9251

Error: (11/18/2012 00:34:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9251

Error: (11/18/2012 00:34:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/18/2012 00:34:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8253


CodeIntegrity Errors:
===================================
Date: 2012-11-17 15:14:54.192
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-17 15:14:54.176
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader XI (Version: 11.0.00)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Bejeweled 3 (Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.24)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 8.51.2.51)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Chrome (Version: 23.0.1271.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
HitmanPro 3.6 (Version: 3.6.2.174)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2509)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
iTunes (Version: 10.6.0.40)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Letters from Nowhere 2 (Version: 2.2.0.97)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 3.0.285.6)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Netwaiting (Version: 1.0.1)
Norton Internet Security (Version: 20.2.0.19)
Penguins! (Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.15)
Realtek WLAN Driver (Version: 2.00.0013)
RealUpgrade 1.1 (Version: 1.1.0)
Reimage Repair (Version: 1.6.2.9)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9)
Rhapsody
RollerCoaster Tycoon 3: Platinum (Version: 2.2.0.98)
Sansa Updater (Version: 1.313)
Skype Launcher (Version: 2.01)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
Tales of Lagoona (Version: 2.2.0.98)
The Weather Channel App
The Weather Channel Desktop 6
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.0)
Toshiba Book Place (Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Hardware Setup (Version: 4.08.09.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (Version: 2.0.13.11)
TOSHIBA Media Controller (Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.5)
Toshiba Online Backup (Version: 2.0.0.31)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (Version: 1.0.4)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.2001)
TOSHIBA Service Station (Version: 2.2.12)
TOSHIBA Sleep Utility (Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 4.08.09.00)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Web Camera Application (Version: 2.0.3.3)
TOSHIBARegistration (Version: 1.0.7)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.31)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge (Version: 2.2.0.98)

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 4043.86 MB
Available physical RAM: 1404.85 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5361.83 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.94 MB

========================= Partitions: =====================================

1 Drive c: (TI106320W0D) (Fixed) (Total:449.62 GB) (Free:385.82 GB) NTFS

========================= Users: ========================================

User accounts for \\HANCOCK-PC

Administrator Guest hancock

========================= Restore Points ==================================

14-09-2012 07:08:48 Scheduled Checkpoint
25-10-2012 00:34:57 Restore Operation
17-11-2012 20:07:28 ComboFix created restore point
17-11-2012 21:11:39 Revo Uninstaller Pro's restore point - Adobe Reader X (10.1.3) MUI
17-11-2012 21:19:24 Revo Uninstaller Pro's restore point - Java™ 6 Update 25
17-11-2012 21:21:05 Removed Java™ 6 Update 25
17-11-2012 21:33:49 Installed Java 7 Update 9
18-11-2012 00:40:24 Norton_Power_Eraser_20121117194021636
18-11-2012 08:00:21 Windows Update

**** End of log ****

#12 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 03:50 PM

Farbar scan result:

Farbar Service Scanner Version: 09-11-2012
Ran by hancock (administrator) on 18-11-2012 at 15:49:37
Running from "C:\Users\hancock\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-17 15:49] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 03:56 PM

adwCleaner log:

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 15:51:34
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : hancock - HANCOCK-PC
# Boot Mode : Normal
# Running from : C:\Users\hancock\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\hancock\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\hancock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [789 octets] - [18/11/2012 15:51:34]

########## EOF - C:\AdwCleaner[S1].txt - [848 octets] ##########

#14 barnstormer

barnstormer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 November 2012 - 04:06 PM

Junkware removal log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.3.2 (11.18.2012)
OS: Windows 7 Home Premium x64
Ran by hancock on Sun 11/18/2012 at 15:58:44.12
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/18/2012 at 16:04:24.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 AM

Posted 18 November 2012 - 04:08 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users