Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my laptop is infected by Remote administration tool(trojan or backdoor)


  • This topic is locked This topic is locked
23 replies to this topic

#1 areu3

areu3

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 26 May 2013 - 11:48 PM

I just bought this used laptop. and I think preowner sold this to me for some reason. and I want to know if it is infected by trojan or backdoor. I know there always has been alot of RAT from underground hacking forum where ppl learn how to infect other's computers. 

can anyone check this for me??

Iv already checked "netstat -ano" command on cmd to see if any established PID is related to suspicious process name and source.

i couldnt find any suspicious process by doing this. but still, Im wondering if there can be any trojan or backdoor process running on my computer even though it is not listed on the process lists in task manager. Anyway, I thought it would be better to ask top of the line experts here so that I can have a peace of mind while using my laptop.


Edited by areu3, 27 May 2013 - 03:34 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 29 May 2013 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 29 May 2013 - 08:28 PM

hello. thanks for this guideline. but I dont really care about adware or malware. My computer speed is up to its capacity. I have no problem using it.

BUT, I want to check if my computer is infected by backdoor or trojan by someone who intentionally try to see my screen or turn on my webcam. 

you know this thing? I want to clear this trojan or backdoor that even antivirus software can not catch it if the it is encrypted.

Can you help me with this issue??



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 30 May 2013 - 07:41 AM

hello. thanks for this guideline. but I dont really care about adware or malware

Well I do. Please post the logs it's the only way I can help you.

#5 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 30 May 2013 - 02:43 PM

# AdwCleaner v2.301 - Logfile created 05/30/2013 at 12:06:09
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : hp owner - HPOWNER-HP
# Boot Mode : Normal
# Running from : C:\Users\hp owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\hp owner\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Grand Virtual
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1863 octets] - [30/05/2013 12:06:09]

########## EOF - C:\AdwCleaner[S1].txt - [1923 octets] ##########

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by hp owner on 30/05/2013 at 12:26:01.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\windows\currentversion\ext\preapproved\{11111111-1111-1111-1111-110011431152}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A00CD85D-EE12-47FB-A27C-F08884C7A662}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A00CD85D-EE12-47FB-A27C-F08884C7A662}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{01B0A750-DDDE-47BB-9717-6F6274853205}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{037BF4AE-D278-45D1-89E3-0CF5381F64CF}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{05209BDF-77A6-4AB4-BFC2-7A8D191615C9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{0606142E-9C70-49D3-87C4-05F493E580C1}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{061541D7-EEA2-43DF-80E0-AAB80E26AF5D}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{067E83A6-E83F-4399-A2DB-8CC3093523D8}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{077978D3-7E06-4756-8489-7769284A24C2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{0B8D8B68-27ED-4EF1-B55E-C45106DDCF48}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{0BDC4B18-97C4-4BD4-A38B-FF24EF7D6933}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{0C2E4AF7-2A00-480D-9A13-6D4C5BEF76DE}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{0E7470EF-391B-47D9-ADC6-66E9FA93F0E2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{11E83D40-E2C8-4BC1-A33A-15E973E1CFDF}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1459D5DF-9EEC-4B6E-B57D-B12E95CAA88A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1707F5B4-F72F-4816-A5D6-AD47F5C0B153}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{17E75590-698B-4D97-9CAA-F9281411EBAC}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{181CBB87-93F5-42AC-B01F-A5F048864FD4}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1B8F9B39-411E-45E5-90F6-545BDF871B80}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1BBB13C0-BA6E-4D1A-933D-9552EC426F19}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1C184994-34BF-47B1-A353-FE40A58FECB6}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1DEDFEA6-BDA2-4596-A32B-D328507D47B3}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1EC20CED-FC5E-4A87-B989-047EC8610318}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{1FABCFBD-5956-4B34-9546-CD8E70781D3D}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{212E8E2B-430B-4A73-9867-618C64BBE791}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{222141FD-4FA1-4C4A-AA1E-869C993B4A50}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{23C571D3-902D-4B2F-AE59-6C24DA1FFA58}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{23FE7326-7A45-46DF-983B-9D9B7F6EAF6C}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{262EC5B3-7A4E-482F-AAA6-0830522C5EB3}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{28A3F668-FFEF-4A18-9CE6-47B51A558143}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{28B05C7D-04DB-47D0-9407-EE1BD4F3F462}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{29C297E8-3E2B-4C91-BF7C-4EF3B0AD31A2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{2B1FA58B-F6D0-4549-873D-07EC570A0A63}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{2B850073-05B6-4171-B43C-0CAA4214230E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{2D38434D-ADA8-470F-B2D5-50E63128BF74}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{2EB76B38-2069-4249-9C54-A9545BE11BEB}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{30F2A6B9-5E99-4C87-A165-4EE21A303AB0}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3128EAB5-CD75-4478-AF97-58DB03FD23A8}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{31461943-EBF7-454F-848A-7AE922923DD0}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3190116B-501D-4F77-859D-5829FC1505D1}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{32234AB7-417D-40DC-8FAD-5D2649CB775E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{35D113D6-3169-47F8-817F-EBC98517B5A5}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{37820E65-6239-42FB-899D-D67D3CF23C0F}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3809A518-D218-4958-BE29-492D08DCFF45}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3C9D118F-42E4-4E92-A7E8-84822518BBEC}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3D7EA5FA-2FDC-4C0F-9B6C-2521D69CC0C6}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3EBEC262-1FF7-4823-8D12-DCB2EBF30D96}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3F2A10D4-C347-496B-85DA-DCADDF3D9243}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{3FD20E43-3831-47DE-8BFB-F4920F4991E4}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{42D156A6-7BB3-4BAE-9052-6561651CE66D}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{478EEE24-5547-47E8-9475-676E83F51D8A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{47E7C099-132F-4DF2-B87D-3030DDD3D4F3}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{483ABC66-E07C-4A28-B02A-7175C31A3072}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{487C3B66-1CBB-40B6-B12B-F514513D70A1}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{49AA1104-97D5-4745-89B1-5873F886A854}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{4C7916A4-F6E9-4CA8-ADCF-7140C3D66B14}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{4EBD17B8-C3D1-4711-9A9F-F2322AFE44D0}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{4ED1B8FD-05B5-48AB-85F8-4FA527D2DCC7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{52DEF3D1-8978-4418-BA4A-B4CFB389A489}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{53FCE2E4-602A-431F-9B38-28EEEEE18BA7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{574C3E2C-AFE0-44D3-8330-6BC890FCF788}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{57A9BBAC-854E-4495-AD54-735CB1C7CF2D}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{597A3B37-D3B1-4C35-85A7-142639912EE2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{5CCF5F87-3A3C-401C-9E11-63AF49C8C8FD}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{5CD09A11-BA6A-40CA-B7DA-F9E9E0A17F91}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{5DA193E3-C623-49EB-BD9A-09055CCC8584}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{5E8154CA-04E1-4E54-B0A3-BD91836F3200}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{61C806DE-AC07-4934-AB88-900EBF0E91B0}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{61DEDAE0-E410-4673-BAF2-EB99E1FE1953}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{62751730-BBC7-47C1-AE99-E709A7F9EF35}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{62B71948-618F-44AF-89D9-72724078F843}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{640B5BF8-BA34-4259-B829-761AE2202C6A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{66EF902E-B697-41BF-8B7A-9C45E3DB601E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{67775B44-14B5-4F28-93E1-9298F2F6283C}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{68C89B8B-CA5F-4504-AA48-03B6C3637972}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{6921C022-DF2C-4746-829E-7FA74C556A85}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{6B004764-10CC-4A9C-A765-286172B6913B}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{6B46BD82-F9D7-4B58-9FC7-5DCA65CE9B67}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{6B76DF05-0C5A-4E2F-B649-F70BF42F0C55}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{6C8CF988-A64B-4F4A-B73B-D612C6BFF9DB}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{70B602BA-86A3-4ADA-9CC7-15915FE5EE0A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{71BAA93D-6925-4DF3-A27B-30167947AD5F}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{71E4BC44-AF26-41E7-A99F-C2C2701E3F01}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{725FB7C6-E4A9-47FC-9853-76D211F3B7AF}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{746A14CE-2D2E-46F6-8C2D-DA0862F79516}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{7556566A-9944-49F7-8E71-4D55626DB28A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{75F5494B-96B5-4CDB-BEB3-9CB5CBCCFE5C}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{779E0B1C-0474-4931-B34C-4FC3CD859CB5}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{77D16676-E000-4D16-A9F4-BB8C61830944}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{7838D2B2-E90F-422A-ADAA-81EBD4D00C1A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{79BD4546-7D36-4903-A26C-D2204B0D390A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{7ABCC9F9-2F6B-4918-8204-E97460968C56}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{7BBD256A-FA44-43CB-9DF9-6A204BB8B24E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{7D58DD5A-DA80-4FB9-B12E-EB6F8378CC67}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{7EB6CE0F-DBC1-4778-B3AB-AF48C686CD25}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{817267CF-B705-4994-BE71-7DDAD6B6AD1E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{82ACA0CE-A947-4CB1-8625-AACEF143C38F}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{82AF0E61-AA72-4526-B138-CCE3DD941432}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{834E5D43-9F68-48B7-926E-7FCA3B60E0AD}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{841479A2-7C76-4A85-BE93-0319332DBB81}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{856C55F8-726B-4F80-8F0A-17994A4DEF14}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{85C46FE8-94E6-4E1F-ABB4-069EF31DD8E1}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{8A297479-D3C6-4BD3-810A-0138B3E06D5F}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{8E2DA674-C556-4094-BDC6-6BD1A4BE6F73}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{8E5A2061-E4D8-4AE7-AB4F-E2A069BE5635}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{91253314-EAB4-44B1-9B72-7E75DD88E88B}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{94830E30-7BD3-4FF4-8DA7-E757991F6600}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{96F3253B-9376-4580-AE60-8A4EFC9C6C66}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{9750ED86-A445-462C-AE8C-1A61921AB2B1}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{9903C66E-5580-46C9-B95D-E6C0D6EC0BBC}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{99B0FCC9-5BE3-4E6F-B726-DC0B7F1B1574}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{99F21B85-0F25-4FC3-A3EB-19688FA50CD9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{9BAC00AD-3CBC-46E6-84D1-AFB3076A39B9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{9D0DB4D5-0EB3-465A-894F-5AE10C47A1BD}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{9EFE5E8D-5809-410B-8FFB-7A6F03E609D1}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{A278578C-1258-4EAC-9C55-92BBA6AAD8B7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{A4BCE91C-F8A2-45ED-A19D-5C4F8DCA1EE9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{A66CF8CA-D4F6-4E04-A75E-974D9F3699A9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{A80B4C8D-0B47-4471-8562-0293A712EEFE}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{A8E8FD95-4976-4021-B082-534366E0197D}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{A9507515-C7A9-4246-9641-BA3D05EFE32E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AA38524D-9EFD-415A-9F10-5640114BEC85}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AA79A6B1-82B7-4212-AF33-E36274B154E5}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AA864F55-61B5-440B-A3B3-27CDEDE6760A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AA8912C2-651A-42E0-8FF5-80E8FBDAF68A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AB25F942-DAA4-4FFF-95C9-497E84696D23}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AC50C1A7-D46D-46E3-8D91-B4A7675CDC6B}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AC9F1FCC-8B68-4756-BF7E-3F072557F6F5}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AD48DAE6-E263-4843-88FD-1CC89C646CC4}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AF6B88F8-DC40-4CB9-8A8F-41AE419B009F}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{AFF6CD8C-F09E-4523-8268-05376012C302}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B07C15C3-B7A7-4F17-9912-477571B926A6}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B10DE9A9-291E-4A71-B0BD-1D8BA0E1B641}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B1F37227-E5FC-4077-BC17-E646DBDC10F2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B340EB7A-5D82-4B12-927C-855FD9EC470C}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B4246031-7CDC-443C-8246-5428C5775375}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B46AEFE9-5C82-4AAF-9C4F-F9CE9305756E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B81E233A-846B-41A0-9CD0-A854F0FDCC17}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B8862C51-57AD-459A-A87D-D66938145715}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B9039014-6F47-4534-B9F0-7D71C6551432}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{B9F74A87-B7EC-4FF1-B02E-D1EC940147C5}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{BB49AFB6-353E-4E65-9B0C-9725E39B914B}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{BB7915F3-EF43-4A59-89AA-4599B2C617EA}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{BBDCC2F2-A016-407D-B503-E2D32038720E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{BE432478-AD97-4DB5-ADBD-251D912019F7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{BF68B3DE-48EC-4FC9-B789-31E83967CD7F}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C11D1046-46B7-4DF9-A8D7-19E1D3411FE6}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C24CA213-3EF1-44E8-9D2F-85618034F98B}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C2912E53-DBC8-4457-B15E-AB1AA3E5AB5E}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C2D44307-FF5F-40A3-AC27-5A4E26AAD178}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C4CE6C66-DD04-4674-BE17-B64E7B6FBF41}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C70908B8-3FBA-4971-AE7B-E82E04777C85}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{C78EABFF-CCDA-4C42-8AED-D534AE122471}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CBA9B3AE-D4AC-4FC1-8DD1-6E0E927D9060}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CC0B98BD-3E93-4AB9-8E66-23DF8D2C9D15}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CC292CBC-A1ED-4B85-A9EC-08A21DD1CCCA}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CDDFA5E7-C29C-458E-816A-25D88EABF31D}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CE0D7843-CB24-4442-BF67-8BD4DD1F4411}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CF5A1BA6-D78E-40B1-8899-5A7F39B7AA2A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{CFD69F6E-8648-4FC6-BD6B-963C79FB64ED}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{D4CBCFC8-4EFF-49C9-8CF8-BE48BB1E5BC2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{D552B9CF-DCCF-433F-A195-A33A8A061992}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{D5C3F1F1-8DEE-4137-A11E-0C7E4BC046A2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{D9D01A29-85EB-4ED1-B1FD-13463C334A85}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{DD8C0272-6354-408B-9DD5-35A04A3DE3F3}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{DE433FEF-91FA-4750-B575-194EBF1298E9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{DE760835-7254-4941-8880-8765F2658321}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E165557A-F6AE-4B30-BC3C-B1ADD848C447}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E1BFB421-6E2A-4158-B1AC-238FD7E15C49}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E20127FB-1DCD-4360-B34A-7CED950EF30A}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E23825EB-6E84-4871-B65E-9D5DD5D077AC}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E44B4A3D-81DB-4AA2-86A9-3D18F2FCDCB2}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E64CD94F-3170-4146-990B-9841CB7CE755}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E69E51DD-5308-4FC2-B19B-A5A4DDA87D23}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{E794E3C6-EF02-4A64-B4E4-8A8501AF4E26}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{EA91A62A-FA75-4D03-A6C6-414C93DAEE86}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{ED1172B7-279B-4074-A087-9E02E72A5EB7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F29E18A1-32C2-4658-B4FA-9EBF321BABE7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F2B8082A-E4AD-4AB6-8FE3-321EDB9E1C54}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F47035D3-CC2B-4AEA-8C38-A395FF5FD03C}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F56A07F7-BD18-44FF-B3A6-E1F54C019221}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F5A87919-E10F-41C5-B450-98C4FEC8B1C7}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F765F2C4-75C5-461E-8B01-450010D6B0DF}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F893A30E-5DBF-4AEB-BF22-75CFB6B75EAA}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{F9C3A4B5-9AFD-4E35-BBD0-98526E6332E9}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{FA0DF5DA-2579-4640-80BB-E837D68C6C50}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{FAAADF77-48AC-429C-BB3C-CFB1852CC9FD}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{FD263421-FA99-42B1-81DC-C9E5104F9DC4}
Successfully deleted: [Empty Folder] C:\Users\hp owner\appdata\local\{FDB763D5-9015-4FA9-A36B-2866BA1F19FE}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/05/2013 at 12:34:45.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by hp owner at 12:36:47 on 2013-05-30
Microsoft Windows 7 Home Premium   6.1.7601.1.949.82.1033.18.5611.4117 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NAT Service\natsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mWinlogon: Userinit = userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: ³×AI¹o Aø¹U μμ¿i¹I: {67C41E9E-2EBF-4F2B-AF74-314F0D793172} -
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
uRun: [SMemo Start] "C:\SMYSoft\SMemo\SMemo.exe" /login
uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HOfficeViewerUpdate] C:\Program Files (x86)\HNC\HOfficeViewer80\HncUtils\HncViewerChecker.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {5B4E41CE-D17D-4672-84E9-7BD1BD7A26E8} - hxxp://www.sfu.ca/networkservices/xpressconnect/tools/xc_loader_activex.ocx
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://sps.lottecard.co.kr/TouchEnKey/TouchEnkey31010_32k.cab
DPF: {6E797B02-AB4D-4486-8894-FAF2CDEDBDF8} - hxxp://www.tdisk.co.kr/mmsv/TdiskControl.CAB
DPF: {7230A75F-F08D-4C91-858D-B61AB73E4A62} - hxxp://222.122.79.166:8101/cab001/WebSchoolPlayer1194.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://sps.lottecard.co.kr/XecureObject/XecureWeb/v7.2.5.8/xw_install.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://mail.naver.com/activex/NaverAXGuide.cab
DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} - hxxps://www.isaackorea.net/update/ansim/ilkactx.cab
TCP: NameServer = 64.59.144.93 64.59.150.139
TCP: Interfaces\{54464D56-15BF-4622-A739-B4BC2242B70B} : DHCPNameServer = 64.59.144.93 64.59.150.139
TCP: Interfaces\{54464D56-15BF-4622-A739-B4BC2242B70B}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
TCP: Interfaces\{54464D56-15BF-4622-A739-B4BC2242B70B}\9757A696E603833313 : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{54464D56-15BF-4622-A739-B4BC2242B70B}\C696E6B6379737 : DHCPNameServer = 64.59.144.93 64.59.150.139
TCP: Interfaces\{EBDDB92F-DA39-4C89-85A5-791E97278C08} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://yescardacs.keb.co.kr/npkcx/CKKeyPro3023_64k.cab
x64-DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://yescardacs.keb.co.kr/XecureObject/xw_install.cab
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-5-23 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-5-23 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-15 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-5-23 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130529.001\IDSviA64.sys [2013-5-29 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-5-23 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-5-23 405624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-1 2451456]
R2 NATService;NATService;C:\Program Files (x86)\NAT Service\natsvc.exe [2013-1-9 655960]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-5-23 138272]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-6-9 11839488]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-13 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-23 138912]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-11-1 339600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-9 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2011-10-13 133160]
S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2011-10-13 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2011-10-13 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-13 39976]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2012-7-5 141848]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 NPIDS;NPIDS;C:\Windows\System32\NPIdsVt64.sys [2012-7-5 88384]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-30 19:19:05 -------- d-----w- C:\Windows\ERUNT
2013-05-30 19:18:34 -------- d-----w- C:\JRT
2013-05-23 17:10:02 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys
2013-05-23 17:10:02 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys
2013-05-23 17:10:01 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\srtsp64.sys
2013-05-23 17:10:01 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys
2013-05-23 17:10:01 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\srtspx64.sys
2013-05-23 17:10:01 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys
2013-05-23 17:10:01 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys
2013-05-23 17:09:49 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309010.00E
2013-05-23 07:23:04 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-05-23 07:23:04 -------- d-----w- C:\Program Files\Symantec
2013-05-23 07:23:04 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-05-23 07:22:09 -------- d-----w- C:\Windows\System32\drivers\NISx64
2013-05-23 07:22:05 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-05-23 07:21:56 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-05-15 10:04:30 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-15 10:04:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 10:02:00 182896 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-05-15 10:02:00 149632 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-05-15 05:57:24 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M  ====================
.
2013-05-16 06:53:41 19888 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2013-05-16 06:53:41 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2013-05-15 08:34:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 08:34:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 12:38:08.09 ===============
 

 

 

----------------------------------------------------------------------------------------------------------------------------

I tried to run securitycheck but it was left with this message.

 UNSUPPORTED OPERATING SYSTEM! ABORTED!
 

 

 

 



#6 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 30 May 2013 - 04:41 PM

please destroy backdoor for me. Thanks in advance.

beside doing what you told me to do. I just typed netstat -ano at cmd again yesterday. From the result of netstat command, I found one established PID that just disappeared from process list in taskmanager as soon as I command netstat -ano. so the unknown established PID from the result of netstat was not on the process list anymore. I guess the hacker just hided it as soon as he found me typing the command on cmd. so I tracked the foreign ip address of that established TCP with unknown PID, it turned out it was located in USA and KOREA. can it be evidence that this trojan or backdoor is shared by two people( one in USA another in KOREA)? ??

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 31 May 2013 - 07:33 AM

Nothing suspicious was found on your logs.

The SecurityCheck tool is ready for Windows 7 and 8.
Please run the .exe file as an Administrator.
Post the log if you can.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#8 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 31 May 2013 - 05:16 PM

for the securitycheck, it still shows UNSUPPORTED OPERATING SYSTEM! ABORTED! even when I ran it as administrator.

for ESET OnlineScan, I found 6 threat which starts witn WIN32.xxxx. but I couldnt export file due to error right after completing scan.

are those kinds of virus whose name begin with WIN32 backdoor or trojan?????


Edited by areu3, 31 May 2013 - 06:42 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 01 June 2013 - 07:46 AM

I found 6 threat which starts witn WIN32.xxxx. but I couldnt export file due to error right after completing scan.
are those kinds of virus whose name begin with WIN32 backdoor or trojan?????

Need the complete and exact name to check further.
Can you post one or two with the complete PATH where they are located?

===

Let see what this may find.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#10 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 01 June 2013 - 11:03 AM

is there any log file automatically saved from esset onlinecan??

I found like dozens of them at first try..

but error occured so I cant show them to you what those were.

 

ANYWAY.

here is log file for Roughkiller

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : hp owner [Admin rights]
Mode : Remove -- Date : 06/01/2013 08:56:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] 70ef81d5f7793dd7a70bf64cebf0e59f
[BSP] 43c333498b6b72241df419e9a4ff7f2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 695520 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1424834560 | Size: 15621 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1456826368 | Size: 4062 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6188a850254829a0a14f459105056671
[BSP] 43c333498b6b72241df419e9a4ff7f2d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo

Finished : << RKreport[2]_D_06012013_02d0856.txt >>
RKreport[1]_S_06012013_02d0848.txt ; RKreport[2]_D_06012013_02d0856.txt

 

 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 01 June 2013 - 12:45 PM

Lets check your BIOS.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.


#12 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 01 June 2013 - 03:33 PM

13:20:34.0151 5316  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:20:35.0009 5316  ============================================================
13:20:35.0009 5316  Current date / time: 2013/06/01 13:20:35.0009
13:20:35.0009 5316  SystemInfo:
13:20:35.0009 5316 
13:20:35.0009 5316  OS Version: 6.1.7601 ServicePack: 1.0
13:20:35.0009 5316  Product type: Workstation
13:20:35.0009 5316  ComputerName: HPOWNER-HP
13:20:35.0009 5316  UserName: hp owner
13:20:35.0009 5316  Windows directory: C:\Windows
13:20:35.0009 5316  System windows directory: C:\Windows
13:20:35.0009 5316  Running under WOW64
13:20:35.0009 5316  Processor architecture: Intel x64
13:20:35.0009 5316  Number of processors: 4
13:20:35.0009 5316  Page size: 0x1000
13:20:35.0009 5316  Boot type: Normal boot
13:20:35.0009 5316  ============================================================
13:20:36.0273 5316  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:20:36.0288 5316  ============================================================
13:20:36.0288 5316  \Device\Harddisk0\DR0:
13:20:36.0288 5316  MBR partitions:
13:20:36.0288 5316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:20:36.0288 5316  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x54E70000
13:20:36.0288 5316  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54ED4000, BlocksNum 0x1E82800
13:20:36.0288 5316  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x56D56800, BlocksNum 0x7EF6F0
13:20:36.0288 5316  ============================================================
13:20:36.0335 5316  C: <-> \Device\Harddisk0\DR0\Partition2
13:20:36.0382 5316  D: <-> \Device\Harddisk0\DR0\Partition3
13:20:36.0398 5316  E: <-> \Device\Harddisk0\DR0\Partition4
13:20:36.0398 5316  ============================================================
13:20:36.0398 5316  Initialize success
13:20:36.0398 5316  ============================================================
13:20:46.0725 4676  ============================================================
13:20:46.0725 4676  Scan started
13:20:46.0725 4676  Mode: Manual; SigCheck; TDLFS;
13:20:46.0725 4676  ============================================================
13:20:47.0723 4676  ================ Scan system memory ========================
13:20:47.0723 4676  System memory - ok
13:20:47.0723 4676  ================ Scan services =============================
13:20:47.0973 4676  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:20:48.0176 4676  1394ohci - ok
13:20:48.0222 4676  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:20:48.0254 4676  ACPI - ok
13:20:48.0300 4676  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:20:48.0394 4676  AcpiPmi - ok
13:20:48.0488 4676  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:20:48.0534 4676  AdobeARMservice - ok
13:20:48.0690 4676  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:20:48.0722 4676  AdobeFlashPlayerUpdateSvc - ok
13:20:48.0800 4676  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:20:48.0878 4676  adp94xx - ok
13:20:48.0924 4676  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:20:48.0956 4676  adpahci - ok
13:20:48.0987 4676  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:20:49.0018 4676  adpu320 - ok
13:20:49.0049 4676  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:20:49.0236 4676  AeLookupSvc - ok
13:20:49.0299 4676  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:20:49.0377 4676  AFD - ok
13:20:49.0424 4676  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:20:49.0470 4676  agp440 - ok
13:20:49.0486 4676  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:20:49.0564 4676  ALG - ok
13:20:49.0595 4676  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:20:49.0626 4676  aliide - ok
13:20:49.0876 4676  ALSysIO - ok
13:20:50.0001 4676  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:20:50.0110 4676  AMD External Events Utility - ok
13:20:50.0188 4676  AMD FUEL Service - ok
13:20:50.0250 4676  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:20:50.0282 4676  amdide - ok
13:20:50.0313 4676  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
13:20:50.0344 4676  amdiox64 - ok
13:20:50.0391 4676  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:20:50.0453 4676  AmdK8 - ok
13:20:50.0734 4676  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:20:51.0124 4676  amdkmdag - ok
13:20:51.0202 4676  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:20:51.0264 4676  amdkmdap - ok
13:20:51.0311 4676  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:20:51.0374 4676  AmdPPM - ok
13:20:51.0467 4676  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:20:51.0498 4676  amdsata - ok
13:20:51.0530 4676  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:20:51.0545 4676  amdsbs - ok
13:20:51.0576 4676  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:20:51.0592 4676  amdxata - ok
13:20:51.0623 4676  [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
13:20:51.0639 4676  amd_sata - ok
13:20:51.0654 4676  [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
13:20:51.0670 4676  amd_xata - ok
13:20:51.0732 4676  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:20:51.0764 4676  AODDriver4.1 - ok
13:20:51.0810 4676  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:20:51.0998 4676  AppID - ok
13:20:52.0029 4676  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:20:52.0122 4676  AppIDSvc - ok
13:20:52.0200 4676  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
13:20:52.0294 4676  Appinfo - ok
13:20:52.0419 4676  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:20:52.0450 4676  Apple Mobile Device - ok
13:20:52.0497 4676  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:20:52.0544 4676  arc - ok
13:20:52.0575 4676  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:20:52.0590 4676  arcsas - ok
13:20:52.0653 4676  aspnet_state - ok
13:20:52.0684 4676  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:20:52.0762 4676  AsyncMac - ok
13:20:52.0809 4676  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:20:52.0824 4676  atapi - ok
13:20:52.0887 4676  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:20:52.0918 4676  AtiHDAudioService - ok
13:20:52.0949 4676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:20:53.0043 4676  AudioEndpointBuilder - ok
13:20:53.0058 4676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:20:53.0121 4676  AudioSrv - ok
13:20:53.0168 4676  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:20:53.0292 4676  AxInstSV - ok
13:20:53.0339 4676  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:20:53.0417 4676  b06bdrv - ok
13:20:53.0464 4676  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:20:53.0526 4676  b57nd60a - ok
13:20:53.0589 4676  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:20:53.0636 4676  BBSvc - ok
13:20:53.0682 4676  [ 7F46A03C1890D47EF594995DD374C637 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
13:20:53.0729 4676  bcbtums - ok
13:20:53.0854 4676  [ 461E574D7967E895640109A371A912A5 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:20:53.0994 4676  BCM43XX - ok
13:20:54.0026 4676  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:20:54.0088 4676  BDESVC - ok
13:20:54.0119 4676  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:20:54.0213 4676  Beep - ok
13:20:54.0275 4676  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:20:54.0384 4676  BFE - ok
13:20:54.0618 4676  [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130515.001\BHDrvx64.sys
13:20:54.0681 4676  BHDrvx64 - ok
13:20:54.0728 4676  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:20:54.0821 4676  BITS - ok
13:20:54.0868 4676  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:20:54.0915 4676  blbdrive - ok
13:20:54.0977 4676  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:20:55.0008 4676  Bonjour Service - ok
13:20:55.0040 4676  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:20:55.0102 4676  bowser - ok
13:20:55.0118 4676  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:20:55.0164 4676  BrFiltLo - ok
13:20:55.0196 4676  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:20:55.0227 4676  BrFiltUp - ok
13:20:55.0274 4676  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:20:55.0305 4676  Browser - ok
13:20:55.0320 4676  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:20:55.0414 4676  Brserid - ok
13:20:55.0445 4676  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:20:55.0492 4676  BrSerWdm - ok
13:20:55.0523 4676  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:20:55.0570 4676  BrUsbMdm - ok
13:20:55.0570 4676  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:20:55.0601 4676  BrUsbSer - ok
13:20:55.0679 4676  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:20:55.0742 4676  BthEnum - ok
13:20:55.0773 4676  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:20:55.0835 4676  BTHMODEM - ok
13:20:55.0866 4676  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:20:55.0944 4676  BthPan - ok
13:20:55.0991 4676  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:20:56.0054 4676  BTHPORT - ok
13:20:56.0085 4676  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:20:56.0147 4676  bthserv - ok
13:20:56.0194 4676  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:20:56.0241 4676  BTHUSB - ok
13:20:56.0303 4676  [ 0D9F24D24FE52D16F97E758F36FA54BB ] btwampfl        C:\Windows\system32\DRIVERS\btwampfl.sys
13:20:56.0334 4676  btwampfl - ok
13:20:56.0366 4676  [ 1D007889460CEE1BDF1009E054379706 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
13:20:56.0397 4676  btwaudio - ok
13:20:56.0428 4676  [ 3DF5971BE52709618FD3959033E654F7 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
13:20:56.0444 4676  btwavdt - ok
13:20:56.0537 4676  [ EB3C8EB163E437CEAE2B738ED99F35C5 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:20:56.0584 4676  btwdins - ok
13:20:56.0615 4676  [ 41933521A618475644B6E8D8487AF326 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
13:20:56.0631 4676  BTWDPAN - ok
13:20:56.0646 4676  [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
13:20:56.0662 4676  btwl2cap - ok
13:20:56.0709 4676  [ 745D388376D354B806102B78CE1DE611 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
13:20:56.0724 4676  btwrchid - ok
13:20:56.0834 4676  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
13:20:56.0880 4676  ccSet_NIS - ok
13:20:56.0912 4676  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:20:56.0990 4676  cdfs - ok
13:20:57.0068 4676  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:20:57.0146 4676  cdrom - ok
13:20:57.0192 4676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:20:57.0270 4676  CertPropSvc - ok
13:20:57.0333 4676  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:20:57.0380 4676  circlass - ok
13:20:57.0426 4676  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:20:57.0458 4676  CLFS - ok
13:20:57.0489 4676  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:57.0536 4676  clr_optimization_v2.0.50727_32 - ok
13:20:57.0598 4676  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:20:57.0629 4676  clr_optimization_v2.0.50727_64 - ok
13:20:57.0707 4676  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:20:57.0738 4676  clr_optimization_v4.0.30319_32 - ok
13:20:57.0816 4676  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:20:57.0832 4676  clr_optimization_v4.0.30319_64 - ok
13:20:57.0863 4676  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
13:20:57.0879 4676  clwvd - ok
13:20:57.0910 4676  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:20:57.0957 4676  CmBatt - ok
13:20:57.0988 4676  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:20:58.0004 4676  cmdide - ok
13:20:58.0066 4676  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:20:58.0128 4676  CNG - ok
13:20:58.0175 4676  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:20:58.0191 4676  Compbatt - ok
13:20:58.0206 4676  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:20:58.0269 4676  CompositeBus - ok
13:20:58.0300 4676  COMSysApp - ok
13:20:58.0316 4676  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:20:58.0331 4676  crcdisk - ok
13:20:58.0394 4676  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:20:58.0472 4676  CryptSvc - ok
13:20:58.0518 4676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:20:58.0596 4676  DcomLaunch - ok
13:20:58.0643 4676  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:20:58.0737 4676  defragsvc - ok
13:20:58.0784 4676  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:20:58.0862 4676  DfsC - ok
13:20:58.0924 4676  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:20:59.0002 4676  Dhcp - ok
13:20:59.0033 4676  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:20:59.0111 4676  discache - ok
13:20:59.0158 4676  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:20:59.0174 4676  Disk - ok
13:20:59.0220 4676  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:20:59.0252 4676  Dnscache - ok
13:20:59.0283 4676  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:20:59.0376 4676  dot3svc - ok
13:20:59.0408 4676  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:20:59.0486 4676  DPS - ok
13:20:59.0532 4676  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:20:59.0564 4676  drmkaud - ok
13:20:59.0626 4676  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:20:59.0673 4676  DXGKrnl - ok
13:20:59.0720 4676  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:20:59.0798 4676  EapHost - ok
13:20:59.0907 4676  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:21:00.0063 4676  ebdrv - ok
13:21:00.0141 4676  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:21:00.0172 4676  eeCtrl - ok
13:21:00.0203 4676  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:21:00.0281 4676  EFS - ok
13:21:00.0344 4676  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:21:00.0437 4676  ehRecvr - ok
13:21:00.0468 4676  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:21:00.0515 4676  ehSched - ok
13:21:00.0578 4676  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:21:00.0609 4676  elxstor - ok
13:21:00.0702 4676  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:21:00.0718 4676  EraserUtilRebootDrv - ok
13:21:00.0734 4676  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:21:00.0780 4676  ErrDev - ok
13:21:00.0827 4676  EstRtwIFDrvTemp - ok
13:21:00.0890 4676  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:21:00.0968 4676  EventSystem - ok
13:21:00.0999 4676  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:21:01.0061 4676  exfat - ok
13:21:01.0092 4676  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:21:01.0186 4676  fastfat - ok
13:21:01.0248 4676  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:21:01.0326 4676  Fax - ok
13:21:01.0358 4676  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:21:01.0404 4676  fdc - ok
13:21:01.0451 4676  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:21:01.0560 4676  fdPHost - ok
13:21:01.0592 4676  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:21:01.0654 4676  FDResPub - ok
13:21:01.0685 4676  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:21:01.0701 4676  FileInfo - ok
13:21:01.0732 4676  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:21:01.0810 4676  Filetrace - ok
13:21:01.0841 4676  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:21:01.0872 4676  flpydisk - ok
13:21:01.0888 4676  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:21:01.0919 4676  FltMgr - ok
13:21:01.0966 4676  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
13:21:02.0060 4676  FontCache - ok
13:21:02.0106 4676  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:02.0122 4676  FontCache3.0.0.0 - ok
13:21:02.0138 4676  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:21:02.0169 4676  FsDepends - ok
13:21:02.0216 4676  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:21:02.0231 4676  Fs_Rec - ok
13:21:02.0262 4676  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:21:02.0309 4676  fvevol - ok
13:21:02.0340 4676  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:21:02.0356 4676  gagp30kx - ok
13:21:02.0403 4676  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:21:02.0434 4676  GamesAppService - ok
13:21:02.0496 4676  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:21:02.0512 4676  GEARAspiWDM - ok
13:21:02.0559 4676  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:21:02.0637 4676  gpsvc - ok
13:21:02.0699 4676  [ ADB4348DA1345877B04E22203AFC8993 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
13:21:02.0746 4676  hcmon - ok
13:21:02.0777 4676  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:21:02.0855 4676  hcw85cir - ok
13:21:02.0902 4676  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:21:02.0980 4676  HdAudAddService - ok
13:21:03.0027 4676  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:21:03.0074 4676  HDAudBus - ok
13:21:03.0105 4676  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:21:03.0120 4676  HidBatt - ok
13:21:03.0167 4676  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:21:03.0214 4676  HidBth - ok
13:21:03.0245 4676  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:21:03.0276 4676  HidIr - ok
13:21:03.0292 4676  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:21:03.0386 4676  hidserv - ok
13:21:03.0432 4676  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:21:03.0464 4676  HidUsb - ok
13:21:03.0495 4676  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:21:03.0573 4676  hkmsvc - ok
13:21:03.0604 4676  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:21:03.0682 4676  HomeGroupListener - ok
13:21:03.0713 4676  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:21:03.0760 4676  HomeGroupProvider - ok
13:21:03.0854 4676  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:21:03.0900 4676  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
13:21:03.0900 4676  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
13:21:03.0963 4676  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:21:03.0994 4676  HPClientSvc - ok
13:21:04.0088 4676  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:21:04.0119 4676  HPDrvMntSvc.exe - ok
13:21:04.0150 4676  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:21:04.0197 4676  hpqwmiex - ok
13:21:04.0228 4676  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:21:04.0244 4676  HpSAMD - ok
13:21:04.0290 4676  [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:21:04.0306 4676  HPWMISVC - ok
13:21:04.0337 4676  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:21:04.0431 4676  HTTP - ok
13:21:04.0478 4676  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:21:04.0493 4676  hwpolicy - ok
13:21:04.0524 4676  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:21:04.0556 4676  i8042prt - ok
13:21:04.0571 4676  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:21:04.0602 4676  iaStorV - ok
13:21:04.0727 4676  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
13:21:04.0821 4676  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
13:21:04.0821 4676  IconMan_R - detected UnsignedFile.Multi.Generic (1)
13:21:04.0883 4676  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:04.0961 4676  idsvc - ok
13:21:05.0086 4676  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130531.001\IDSvia64.sys
13:21:05.0133 4676  IDSVia64 - ok
13:21:05.0180 4676  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:21:05.0195 4676  iirsp - ok
13:21:05.0242 4676  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:21:05.0351 4676  IKEEXT - ok
13:21:05.0382 4676  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:21:05.0398 4676  intelide - ok
13:21:05.0429 4676  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
13:21:05.0476 4676  intelppm - ok
13:21:05.0507 4676  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:21:05.0601 4676  IPBusEnum - ok
13:21:05.0632 4676  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:05.0694 4676  IpFilterDriver - ok
13:21:05.0772 4676  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:21:05.0866 4676  iphlpsvc - ok
13:21:05.0897 4676  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:21:05.0960 4676  IPMIDRV - ok
13:21:05.0991 4676  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:21:06.0084 4676  IPNAT - ok
13:21:06.0162 4676  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:21:06.0209 4676  iPod Service - ok
13:21:06.0225 4676  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:21:06.0287 4676  IRENUM - ok
13:21:06.0303 4676  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:21:06.0334 4676  isapnp - ok
13:21:06.0350 4676  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:21:06.0396 4676  iScsiPrt - ok
13:21:06.0412 4676  JRSKD24 - ok
13:21:06.0443 4676  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:06.0474 4676  kbdclass - ok
13:21:06.0490 4676  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:06.0537 4676  kbdhid - ok
13:21:06.0584 4676  [ B2023B8C0ACA7A4FF75A69E877DFB2D4 ] kcrtx64         C:\Windows\system32\kcrtx64.sys
13:21:06.0615 4676  kcrtx64 - ok
13:21:06.0630 4676  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:21:06.0662 4676  KeyIso - ok
13:21:06.0693 4676  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:21:06.0755 4676  KSecDD - ok
13:21:06.0771 4676  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:21:06.0802 4676  KSecPkg - ok
13:21:06.0833 4676  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:21:06.0911 4676  ksthunk - ok
13:21:06.0942 4676  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:21:07.0036 4676  KtmRm - ok
13:21:07.0098 4676  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:21:07.0192 4676  LanmanServer - ok
13:21:07.0239 4676  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:21:07.0301 4676  LanmanWorkstation - ok
13:21:07.0348 4676  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:21:07.0426 4676  lltdio - ok
13:21:07.0457 4676  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:21:07.0551 4676  lltdsvc - ok
13:21:07.0582 4676  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:21:07.0644 4676  lmhosts - ok
13:21:07.0691 4676  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:21:07.0722 4676  LSI_FC - ok
13:21:07.0738 4676  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:21:07.0769 4676  LSI_SAS - ok
13:21:07.0785 4676  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:21:07.0816 4676  LSI_SAS2 - ok
13:21:07.0847 4676  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:21:07.0863 4676  LSI_SCSI - ok
13:21:07.0910 4676  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:21:07.0988 4676  luafv - ok
13:21:08.0034 4676  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:21:08.0081 4676  Mcx2Svc - ok
13:21:08.0112 4676  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:21:08.0128 4676  megasas - ok
13:21:08.0159 4676  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:21:08.0190 4676  MegaSR - ok
13:21:08.0331 4676  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:21:08.0362 4676  Microsoft Office Groove Audit Service - ok
13:21:08.0393 4676  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:21:08.0487 4676  MMCSS - ok
13:21:08.0518 4676  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:21:08.0596 4676  Modem - ok
13:21:08.0627 4676  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:21:08.0674 4676  monitor - ok
13:21:08.0721 4676  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:21:08.0736 4676  mouclass - ok
13:21:08.0768 4676  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:21:08.0814 4676  mouhid - ok
13:21:08.0861 4676  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:21:08.0892 4676  mountmgr - ok
13:21:08.0908 4676  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:21:08.0939 4676  mpio - ok
13:21:08.0955 4676  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:21:09.0017 4676  mpsdrv - ok
13:21:09.0064 4676  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:21:09.0173 4676  MpsSvc - ok
13:21:09.0204 4676  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:21:09.0267 4676  MRxDAV - ok
13:21:09.0282 4676  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:09.0376 4676  mrxsmb - ok
13:21:09.0423 4676  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:09.0454 4676  mrxsmb10 - ok
13:21:09.0485 4676  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:09.0516 4676  mrxsmb20 - ok
13:21:09.0548 4676  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:21:09.0563 4676  msahci - ok
13:21:09.0579 4676  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:21:09.0610 4676  msdsm - ok
13:21:09.0626 4676  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:21:09.0657 4676  MSDTC - ok
13:21:09.0688 4676  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:21:09.0750 4676  Msfs - ok
13:21:09.0766 4676  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:21:09.0844 4676  mshidkmdf - ok
13:21:09.0875 4676  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:21:09.0891 4676  msisadrv - ok
13:21:09.0922 4676  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:21:10.0031 4676  MSiSCSI - ok
13:21:10.0031 4676  msiserver - ok
13:21:10.0062 4676  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:21:10.0156 4676  MSKSSRV - ok
13:21:10.0187 4676  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:10.0250 4676  MSPCLOCK - ok
13:21:10.0250 4676  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:21:10.0328 4676  MSPQM - ok
13:21:10.0359 4676  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:21:10.0390 4676  MsRPC - ok
13:21:10.0406 4676  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:21:10.0437 4676  mssmbios - ok
13:21:10.0452 4676  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:21:10.0546 4676  MSTEE - ok
13:21:10.0562 4676  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:21:10.0577 4676  MTConfig - ok
13:21:10.0608 4676  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:21:10.0640 4676  Mup - ok
13:21:10.0671 4676  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:21:10.0764 4676  napagent - ok
13:21:10.0827 4676  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:21:10.0889 4676  NativeWifiP - ok
13:21:10.0967 4676  [ 96E43CFDCFAD0808BB0ACC6707815C41 ] NATService      C:\Program Files (x86)\NAT Service\natsvc.exe
13:21:10.0998 4676  NATService - ok
13:21:11.0108 4676  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130531.024\ENG64.SYS
13:21:11.0139 4676  NAVENG - ok
13:21:11.0217 4676  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130531.024\EX64.SYS
13:21:11.0279 4676  NAVEX15 - ok
13:21:11.0342 4676  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:21:11.0404 4676  NDIS - ok
13:21:11.0435 4676  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:11.0513 4676  NdisCap - ok
13:21:11.0560 4676  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:11.0607 4676  NdisTapi - ok
13:21:11.0638 4676  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:11.0700 4676  Ndisuio - ok
13:21:11.0747 4676  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:11.0825 4676  NdisWan - ok
13:21:11.0856 4676  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:21:11.0919 4676  NDProxy - ok
13:21:11.0950 4676  ndwin32ke - ok
13:21:11.0981 4676  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
13:21:12.0059 4676  Netaapl - ok
13:21:12.0090 4676  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:21:12.0184 4676  NetBIOS - ok
13:21:12.0231 4676  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:21:12.0293 4676  NetBT - ok
13:21:12.0309 4676  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:21:12.0324 4676  Netlogon - ok
13:21:12.0371 4676  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:21:12.0465 4676  Netman - ok
13:21:12.0480 4676  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:21:12.0574 4676  netprofm - ok
13:21:12.0621 4676  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:21:12.0636 4676  NetTcpPortSharing - ok
13:21:12.0652 4676  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:21:12.0683 4676  nfrd960 - ok
13:21:12.0792 4676  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
13:21:12.0824 4676  NIS - ok
13:21:12.0870 4676  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:21:12.0933 4676  NlaSvc - ok
13:21:12.0964 4676  NMIndexingService - ok
13:21:12.0995 4676  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:21:13.0058 4676  Npfs - ok
13:21:13.0089 4676  [ 076AC07BADC4B619B6335751A52AC4DF ] NPIDS           C:\Windows\system32\NpIdsVt64.sys
13:21:13.0120 4676  NPIDS - ok
13:21:13.0136 4676  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:21:13.0214 4676  nsi - ok
13:21:13.0260 4676  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:21:13.0370 4676  nsiproxy - ok
13:21:13.0479 4676  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:21:13.0541 4676  Ntfs - ok
13:21:13.0588 4676  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:21:13.0650 4676  Null - ok
13:21:13.0682 4676  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
13:21:13.0760 4676  NVENETFD - ok
13:21:13.0806 4676  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:21:13.0853 4676  nvraid - ok
13:21:13.0869 4676  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:21:13.0900 4676  nvstor - ok
13:21:13.0916 4676  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:21:13.0947 4676  nv_agp - ok
13:21:14.0056 4676  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:21:14.0103 4676  odserv - ok
13:21:14.0118 4676  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:21:14.0150 4676  ohci1394 - ok
13:21:14.0212 4676  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:14.0259 4676  ose - ok
13:21:14.0290 4676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:21:14.0352 4676  p2pimsvc - ok
13:21:14.0399 4676  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:21:14.0430 4676  p2psvc - ok
13:21:14.0462 4676  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:21:14.0493 4676  Parport - ok
13:21:14.0524 4676  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:21:14.0555 4676  partmgr - ok
13:21:14.0571 4676  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:21:14.0633 4676  PcaSvc - ok
13:21:14.0649 4676  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:21:14.0680 4676  pci - ok
13:21:14.0696 4676  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:21:14.0711 4676  pciide - ok
13:21:14.0727 4676  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:21:14.0758 4676  pcmcia - ok
13:21:14.0789 4676  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:21:14.0820 4676  pcw - ok
13:21:14.0852 4676  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:21:14.0945 4676  PEAUTH - ok
13:21:15.0054 4676  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:21:15.0117 4676  PerfHost - ok
13:21:15.0195 4676  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:21:15.0304 4676  pla - ok
13:21:15.0366 4676  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:21:15.0429 4676  PlugPlay - ok
13:21:15.0460 4676  PnkBstrA - ok
13:21:15.0491 4676  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:21:15.0538 4676  PNRPAutoReg - ok
13:21:15.0569 4676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:21:15.0600 4676  PNRPsvc - ok
13:21:15.0632 4676  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:21:15.0725 4676  PolicyAgent - ok
13:21:15.0772 4676  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:21:15.0866 4676  Power - ok
13:21:15.0912 4676  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:21:15.0990 4676  PptpMiniport - ok
13:21:16.0022 4676  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:21:16.0068 4676  Processor - ok
13:21:16.0115 4676  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:21:16.0178 4676  ProfSvc - ok
13:21:16.0193 4676  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:21:16.0224 4676  ProtectedStorage - ok
13:21:16.0240 4676  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:21:16.0318 4676  Psched - ok
13:21:16.0334 4676  PSKTBUS - ok
13:21:16.0365 4676  PSKTOBEX - ok
13:21:16.0365 4676  PSKYMDM - ok
13:21:16.0380 4676  PSKYVSP - ok
13:21:16.0443 4676  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:21:16.0505 4676  ql2300 - ok
13:21:16.0536 4676  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:21:16.0552 4676  ql40xx - ok
13:21:16.0583 4676  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:21:16.0646 4676  QWAVE - ok
13:21:16.0661 4676  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:21:16.0724 4676  QWAVEdrv - ok
13:21:16.0770 4676  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:21:16.0864 4676  RasAcd - ok
13:21:16.0895 4676  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:16.0958 4676  RasAgileVpn - ok
13:21:16.0973 4676  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:21:17.0098 4676  RasAuto - ok
13:21:17.0129 4676  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:17.0207 4676  Rasl2tp - ok
13:21:17.0238 4676  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:21:17.0301 4676  RasMan - ok
13:21:17.0316 4676  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:17.0394 4676  RasPppoe - ok
13:21:17.0441 4676  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:21:17.0519 4676  RasSstp - ok
13:21:17.0550 4676  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:21:17.0644 4676  rdbss - ok
13:21:17.0660 4676  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:21:17.0706 4676  rdpbus - ok
13:21:17.0753 4676  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:17.0831 4676  RDPCDD - ok
13:21:17.0862 4676  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:21:17.0940 4676  RDPENCDD - ok
13:21:17.0987 4676  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:21:18.0034 4676  RDPREFMP - ok
13:21:18.0081 4676  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:21:18.0112 4676  RDPWD - ok
13:21:18.0159 4676  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:21:18.0190 4676  rdyboost - ok
13:21:18.0206 4676  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:21:18.0284 4676  RemoteAccess - ok
13:21:18.0330 4676  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:21:18.0393 4676  RemoteRegistry - ok
13:21:18.0440 4676  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:21:18.0486 4676  RFCOMM - ok
13:21:18.0502 4676  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:21:18.0596 4676  RpcEptMapper - ok
13:21:18.0627 4676  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:21:18.0674 4676  RpcLocator - ok
13:21:18.0705 4676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:21:18.0798 4676  RpcSs - ok
13:21:18.0861 4676  [ 7BFDFD1D2244B444D7BBC55087426518 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
13:21:18.0892 4676  RSPCIESTOR - ok
13:21:18.0923 4676  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:21:18.0986 4676  rspndr - ok
13:21:19.0032 4676  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:21:19.0064 4676  RTL8167 - ok
13:21:19.0079 4676  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:21:19.0110 4676  SamSs - ok
13:21:19.0126 4676  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:21:19.0173 4676  sbp2port - ok
13:21:19.0220 4676  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:21:19.0282 4676  SCardSvr - ok
13:21:19.0313 4676  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:21:19.0391 4676  scfilter - ok
13:21:19.0438 4676  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:21:19.0547 4676  Schedule - ok
13:21:19.0594 4676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:21:19.0656 4676  SCPolicySvc - ok
13:21:19.0688 4676  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:21:19.0766 4676  sdbus - ok
13:21:19.0812 4676  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:21:19.0875 4676  SDRSVC - ok
13:21:19.0922 4676  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:21:19.0953 4676  SeaPort - ok
13:21:19.0984 4676  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:21:20.0062 4676  secdrv - ok
13:21:20.0109 4676  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:21:20.0171 4676  seclogon - ok
13:21:20.0187 4676  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:21:20.0265 4676  SENS - ok
13:21:20.0296 4676  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:21:20.0374 4676  SensrSvc - ok
13:21:20.0390 4676  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:21:20.0436 4676  Serenum - ok
13:21:20.0483 4676  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
13:21:20.0514 4676  Serial - ok
13:21:20.0561 4676  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:21:20.0592 4676  sermouse - ok
13:21:20.0655 4676  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:21:20.0733 4676  SessionEnv - ok
13:21:20.0764 4676  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:21:20.0795 4676  sffdisk - ok
13:21:20.0826 4676  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:21:20.0873 4676  sffp_mmc - ok
13:21:20.0904 4676  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:21:20.0951 4676  sffp_sd - ok
13:21:20.0982 4676  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:21:20.0998 4676  sfloppy - ok
13:21:21.0045 4676  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:21:21.0107 4676  SharedAccess - ok
13:21:21.0138 4676  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:21:21.0232 4676  ShellHWDetection - ok
13:21:21.0279 4676  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:21:21.0294 4676  SiSRaid2 - ok
13:21:21.0310 4676  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:21:21.0341 4676  SiSRaid4 - ok
13:21:21.0528 4676  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:21:21.0638 4676  Skype C2C Service - ok
13:21:21.0700 4676  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:21:21.0716 4676  SkypeUpdate - ok
13:21:21.0747 4676  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:21:21.0840 4676  Smb - ok
13:21:21.0903 4676  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:21:21.0950 4676  SNMPTRAP - ok
13:21:21.0981 4676  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:21:22.0012 4676  spldr - ok
13:21:22.0043 4676  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:21:22.0090 4676  Spooler - ok
13:21:22.0184 4676  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:21:22.0340 4676  sppsvc - ok
13:21:22.0371 4676  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:21:22.0433 4676  sppuinotify - ok
13:21:22.0496 4676  [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd            C:\Windows\System32\Drivers\sptd.sys
13:21:22.0542 4676  sptd - ok
13:21:22.0667 4676  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS
13:21:22.0714 4676  SRTSP - ok
13:21:22.0730 4676  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
13:21:22.0761 4676  SRTSPX - ok
13:21:22.0792 4676  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:21:22.0854 4676  srv - ok
13:21:22.0886 4676  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:21:22.0932 4676  srv2 - ok
13:21:22.0979 4676  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:21:23.0010 4676  SrvHsfHDA - ok
13:21:23.0057 4676  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:21:23.0135 4676  SrvHsfV92 - ok
13:21:23.0166 4676  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:21:23.0213 4676  SrvHsfWinac - ok
13:21:23.0244 4676  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:21:23.0276 4676  srvnet - ok
13:21:23.0291 4676  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:21:23.0385 4676  SSDPSRV - ok
13:21:23.0416 4676  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:21:23.0478 4676  SstpSvc - ok
13:21:23.0588 4676  [ FABCDFE8C34AE518359A9F48BA084418 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
13:21:23.0634 4676  STacSV - ok
13:21:23.0666 4676  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:21:23.0681 4676  stexstor - ok
13:21:23.0728 4676  [ DDB926338200FC230FC9AAE803D053C2 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
13:21:23.0790 4676  STHDA - ok
13:21:23.0853 4676  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:21:23.0900 4676  stisvc - ok
13:21:23.0931 4676  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:21:23.0946 4676  swenum - ok
13:21:23.0978 4676  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:21:24.0071 4676  swprv - ok
13:21:24.0149 4676  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
13:21:24.0180 4676  SymDS - ok
13:21:24.0243 4676  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
13:21:24.0305 4676  SymEFA - ok
13:21:24.0383 4676  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:21:24.0399 4676  SymEvent - ok
13:21:24.0446 4676  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
13:21:24.0477 4676  SymIRON - ok
13:21:24.0524 4676  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
13:21:24.0570 4676  SymNetS - ok
13:21:24.0617 4676  [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:21:24.0648 4676  SynTP - ok
13:21:24.0711 4676  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:21:24.0804 4676  SysMain - ok
13:21:24.0836 4676  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:21:24.0882 4676  TabletInputService - ok
13:21:24.0929 4676  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:21:25.0007 4676  TapiSrv - ok
13:21:25.0038 4676  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:21:25.0101 4676  TBS - ok
13:21:25.0194 4676  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:21:25.0257 4676  Tcpip - ok
13:21:25.0304 4676  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:21:25.0366 4676  TCPIP6 - ok
13:21:25.0428 4676  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:21:25.0460 4676  tcpipreg - ok
13:21:25.0506 4676  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:21:25.0631 4676  TDPIPE - ok
13:21:25.0678 4676  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:21:25.0740 4676  TDTCP - ok
13:21:25.0787 4676  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:21:25.0865 4676  tdx - ok
13:21:25.0896 4676  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:21:25.0928 4676  TermDD - ok
13:21:25.0959 4676  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:21:26.0052 4676  TermService - ok
13:21:26.0084 4676  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:21:26.0115 4676  Themes - ok
13:21:26.0146 4676  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:21:26.0208 4676  THREADORDER - ok
13:21:26.0208 4676  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:21:26.0302 4676  TrkWks - ok
13:21:26.0364 4676  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:21:26.0427 4676  TrustedInstaller - ok
13:21:26.0458 4676  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:26.0536 4676  tssecsrv - ok
13:21:26.0567 4676  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:21:26.0598 4676  TsUsbFlt - ok
13:21:26.0614 4676  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:21:26.0661 4676  TsUsbGD - ok
13:21:26.0708 4676  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:21:26.0801 4676  tunnel - ok
13:21:26.0832 4676  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:21:26.0864 4676  uagp35 - ok
13:21:26.0879 4676  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:21:26.0973 4676  udfs - ok
13:21:27.0035 4676  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:21:27.0066 4676  UI0Detect - ok
13:21:27.0113 4676  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:21:27.0129 4676  uliagpkx - ok
13:21:27.0160 4676  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:21:27.0207 4676  umbus - ok
13:21:27.0238 4676  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:21:27.0269 4676  UmPass - ok
13:21:27.0316 4676  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:21:27.0410 4676  upnphost - ok
13:21:27.0456 4676  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:21:27.0534 4676  USBAAPL64 - ok
13:21:27.0566 4676  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:27.0597 4676  usbccgp - ok
13:21:27.0612 4676  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:21:27.0659 4676  usbcir - ok
13:21:27.0675 4676  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:21:27.0722 4676  usbehci - ok
13:21:27.0784 4676  [ B7037444DC5138FC7D3D3968B4DE5C4B ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
13:21:27.0800 4676  usbfilter - ok
13:21:27.0831 4676  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
13:21:27.0878 4676  usbhub - ok
13:21:27.0909 4676  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:21:27.0940 4676  usbohci - ok
13:21:27.0987 4676  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:21:28.0034 4676  usbprint - ok
13:21:28.0080 4676  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:28.0143 4676  USBSTOR - ok
13:21:28.0158 4676  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:21:28.0205 4676  usbuhci - ok
13:21:28.0252 4676  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:21:28.0283 4676  usbvideo - ok
13:21:28.0314 4676  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:21:28.0408 4676  UxSms - ok
13:21:28.0439 4676  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:21:28.0455 4676  VaultSvc - ok
13:21:28.0470 4676  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:21:28.0502 4676  vdrvroot - ok
13:21:28.0548 4676  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:21:28.0626 4676  vds - ok
13:21:28.0658 4676  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:28.0689 4676  vga - ok
13:21:28.0704 4676  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:21:28.0782 4676  VgaSave - ok
13:21:28.0814 4676  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:21:28.0845 4676  vhdmp - ok
13:21:28.0860 4676  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:21:28.0892 4676  viaide - ok
13:21:28.0970 4676  [ 1562A089B46C821487AFF8D01EE5547E ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
13:21:29.0001 4676  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
13:21:29.0001 4676  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
13:21:29.0063 4676  [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
13:21:29.0079 4676  vmci - ok
13:21:29.0126 4676  [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:21:29.0141 4676  VMnetAdapter - ok
13:21:29.0204 4676  [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:21:29.0235 4676  VMnetBridge - ok
13:21:29.0250 4676  VMnetDHCP - ok
13:21:29.0282 4676  [ 41F8BFC7A658FF4FA27AC10E9C5D14A7 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
13:21:29.0313 4676  VMnetuserif - ok
13:21:29.0328 4676  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
13:21:29.0360 4676  vmusb - ok
13:21:29.0469 4676  [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
13:21:29.0516 4676  VMUSBArbService - ok
13:21:29.0531 4676  VMware NAT Service - ok
13:21:29.0828 4676  [ 09895634295862AE7087C08BBF17B346 ] VMwareHostd     C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
13:21:30.0218 4676  VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
13:21:30.0218 4676  VMwareHostd - detected UnsignedFile.Multi.Generic (1)
13:21:30.0264 4676  [ 61B270C2437EE87455864E4EEDD8867D ] vmx86           C:\Windows\system32\drivers\vmx86.sys
13:21:30.0280 4676  vmx86 - ok
13:21:30.0311 4676  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:21:30.0342 4676  volmgr - ok
13:21:30.0358 4676  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:21:30.0389 4676  volmgrx - ok
13:21:30.0405 4676  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:21:30.0436 4676  volsnap - ok
13:21:30.0467 4676  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:21:30.0498 4676  vsmraid - ok
13:21:30.0576 4676  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:21:30.0670 4676  VSS - ok
13:21:30.0732 4676  [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
13:21:30.0764 4676  vstor2-mntapi10-shared - ok
13:21:30.0795 4676  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:21:30.0857 4676  vwifibus - ok
13:21:30.0888 4676  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:21:30.0951 4676  vwififlt - ok
13:21:30.0998 4676  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:21:31.0076 4676  W32Time - ok
13:21:31.0107 4676  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:21:31.0138 4676  WacomPen - ok
13:21:31.0185 4676  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:21:31.0263 4676  WANARP - ok
13:21:31.0263 4676  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:21:31.0325 4676  Wanarpv6 - ok
13:21:31.0419 4676  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:21:31.0481 4676  WatAdminSvc - ok
13:21:31.0544 4676  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:21:31.0653 4676  wbengine - ok
13:21:31.0668 4676  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:21:31.0700 4676  WbioSrvc - ok
13:21:31.0715 4676  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:21:31.0809 4676  wcncsvc - ok
13:21:31.0856 4676  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:21:31.0887 4676  WcsPlugInService - ok
13:21:31.0902 4676  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:21:31.0934 4676  Wd - ok
13:21:31.0996 4676  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:21:32.0043 4676  Wdf01000 - ok
13:21:32.0058 4676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:21:32.0168 4676  WdiServiceHost - ok
13:21:32.0183 4676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:21:32.0214 4676  WdiSystemHost - ok
13:21:32.0246 4676  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:21:32.0308 4676  WebClient - ok
13:21:32.0339 4676  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:21:32.0417 4676  Wecsvc - ok
13:21:32.0464 4676  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:21:32.0558 4676  wercplsupport - ok
13:21:32.0589 4676  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:21:32.0667 4676  WerSvc - ok
13:21:32.0667 4676  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:32.0729 4676  WfpLwf - ok
13:21:32.0760 4676  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:21:32.0792 4676  WIMMount - ok
13:21:32.0807 4676  WinDefend - ok
13:21:32.0823 4676  WinHttpAutoProxySvc - ok
13:21:32.0870 4676  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:21:32.0948 4676  Winmgmt - ok
13:21:33.0010 4676  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:21:33.0119 4676  WinRM - ok
13:21:33.0182 4676  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:21:33.0213 4676  WinUsb - ok
13:21:33.0244 4676  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:21:33.0322 4676  Wlansvc - ok
13:21:33.0384 4676  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:21:33.0416 4676  wlcrasvc - ok
13:21:33.0540 4676  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:21:33.0634 4676  wlidsvc - ok
13:21:33.0650 4676  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:21:33.0696 4676  WmiAcpi - ok
13:21:33.0743 4676  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:21:33.0790 4676  wmiApSrv - ok
13:21:33.0852 4676  WMPNetworkSvc - ok
13:21:33.0868 4676  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:21:33.0899 4676  WPCSvc - ok
13:21:33.0930 4676  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:21:33.0946 4676  WPDBusEnum - ok
13:21:33.0993 4676  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:21:34.0071 4676  ws2ifsl - ok
13:21:34.0102 4676  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:21:34.0164 4676  wscsvc - ok
13:21:34.0164 4676  WSearch - ok
13:21:34.0274 4676  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:21:34.0367 4676  wuauserv - ok
13:21:34.0414 4676  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:21:34.0508 4676  WudfPf - ok
13:21:34.0539 4676  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:34.0554 4676  WUDFRd - ok
13:21:34.0617 4676  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:21:34.0679 4676  wudfsvc - ok
13:21:34.0726 4676  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:21:34.0804 4676  WwanSvc - ok
13:21:34.0851 4676  ================ Scan global ===============================
13:21:34.0866 4676  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:21:34.0944 4676  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:21:34.0960 4676  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:21:34.0991 4676  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:21:35.0007 4676  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:21:35.0022 4676  [Global] - ok
13:21:35.0022 4676  ================ Scan MBR ==================================
13:21:35.0038 4676  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:35.0444 4676  \Device\Harddisk0\DR0 - ok
13:21:35.0444 4676  ================ Scan VBR ==================================
13:21:35.0459 4676  [ 0B8F1FAADCB124DE71E05F8A3503A735 ] \Device\Harddisk0\DR0\Partition1
13:21:35.0459 4676  \Device\Harddisk0\DR0\Partition1 - ok
13:21:35.0475 4676  [ 22490A472AE08DFDF8B875F56156139F ] \Device\Harddisk0\DR0\Partition2
13:21:35.0490 4676  \Device\Harddisk0\DR0\Partition2 - ok
13:21:35.0506 4676  [ 020FBB5D0671507EB9F3382C4F525492 ] \Device\Harddisk0\DR0\Partition3
13:21:35.0522 4676  \Device\Harddisk0\DR0\Partition3 - ok
13:21:35.0537 4676  [ 32CF4E94B79AB30A473427BEDB6F5142 ] \Device\Harddisk0\DR0\Partition4
13:21:35.0537 4676  \Device\Harddisk0\DR0\Partition4 - ok
13:21:35.0537 4676  ============================================================
13:21:35.0537 4676  Scan finished
13:21:35.0537 4676  ============================================================
13:21:35.0553 2600  Detected object count: 4
13:21:35.0553 2600  Actual detected object count: 4
13:31:01.0085 2600  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:01.0085 2600  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:01.0085 2600  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:01.0085 2600  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:01.0085 2600  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:01.0085 2600  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:01.0085 2600  VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:01.0085 2600  VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:28.0104 7072  Deinitialize success
 

 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 02 June 2013 - 07:40 AM

That looks good.

Try this online scan http://housecall.trendmicro.com/ from TrendMicro.

#14 areu3

areu3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 02 June 2013 - 12:05 PM

Thanks. Okay. do I need to sign up for this online scan?

I don mind signing up but Im just making sure Im clicking the right one.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 02 June 2013 - 12:45 PM

You have to register it the first time you use it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users