Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio playing in background


  • Please log in to reply
30 replies to this topic

#1 vjmure

vjmure

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 07:16 PM

It started a month or two ago; my son had some random sound playing in the background; that went away after a restart.    On occasion, i'd get the same thing where ads / audio from a video would continue after IE has closed; that would go away when stopping any remaining "iexplorer.exe" from the services in task manager.    Now it is happening far more ofter; even after a fresh start.

 

I also see under audio mixer, an "application" called "name not available".    I was suspicious it was a virus or malware, so i ran both Norton (360 installed) and a fresh download of "Malwarebytes".   Malwarebytes found, and removed, something.   Norton found nothing.   The problem persists.

 

My machine is an HP G72 Notebook, 2.00Ghz, P6100, 4GB Ram, and is running WIndows 7 Home Premium.

 

Any help is appreciated!

 

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:12 AM

Posted 02 January 2014 - 08:36 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 08:47 PM

Thanks for the follow up.   I have a question on the first step surrounding "SecurityCheck.exe".       When i save, Norton scans it, says its not safe, then deletes it.    Is that an issue?   Should i disable Norton for that, or any step?

 

Thanks,

 

V



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:12 AM

Posted 02 January 2014 - 08:50 PM

It's safe. Disable Norton momentarily.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 09:15 PM

Twice while running "SecurityCheck.exe", it would start and run, and when the box said "Performing System Health Check" i got a message box saying on the top "You are about to be logged off" and in the box said " Windows must now restart because the DCOM Launcher ended unexpectedly".   Second time it said "Plug and Play Service ended unexpectedly".    At that point the PC would reboot.

 

I did go ahead and run FSS, (then thought maybe i should just stop).      But here is the FSS results.

 

I'll wait before proceeding with the rest.

 

Farbar Service Scanner Version: 05-12-2013
Ran by vjmure (administrator) on 02-01-2014 at 21:12:24
Running from "C:\Users\vjmure\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-25 20:21] - [2013-01-04 00:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 43DFB333BCAA083F047677B2850C9B2C

 

**** End of log ****


Edited by vjmure, 02 January 2014 - 09:15 PM.


#6 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 09:43 PM

Maybe 3rd time is the charm.   After the errors above, i took a shot and the "SecurityCheck" completed.    Here are the results:

 

 Results of screen317's Security Check version 0.99.78 
 Windows 7  x64 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#7 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 09:47 PM

Minitoolbox results:

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by vjmure (administrator) on 02-01-2014 at 21:44:18
Running from "C:\Users\vjmure\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Ralink RT3090 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MobileCave
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Ralink RT3090 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 70-F3-95-72-A5-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::69c2:5c87:f361:7d9a%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 02, 2014 9:07:26 PM
   Lease Expires . . . . . . . . . . : Friday, January 03, 2014 9:07:26 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 225506197
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-14-73-8C-90-FB-A6-A7-49-CC
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B3BBA4BE-1B4F-473C-B62D-A8084DCD969E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:38be:230:3f57:fef9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38be:230:3f57:fef9%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:803::1004
   173.194.43.34
   173.194.43.40
   173.194.43.41
   173.194.43.33
   173.194.43.39
   173.194.43.38
   173.194.43.35
   173.194.43.37
   173.194.43.46
   173.194.43.32
   173.194.43.36

Pinging google.com [173.194.43.37] with 32 bytes of data:
Reply from 173.194.43.37: bytes=32 time=24ms TTL=54
Reply from 173.194.43.37: bytes=32 time=20ms TTL=54

Ping statistics for 173.194.43.37:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 24ms, Average = 22ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=59ms TTL=49
Reply from 98.139.183.24: bytes=32 time=59ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 59ms, Maximum = 59ms, Average = 59ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...70 f3 95 72 a5 f8 ......Ralink RT3090 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    281
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:5ef5:79fd:38be:230:3f57:fef9/128
                                    On-link
 12    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::38be:230:3f57:fef9/128
                                    On-link
 12    281 fe80::69c2:5c87:f361:7d9a/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/02/2014 09:05:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001022fb5
Faulting process id: 0x2dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 08:52:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000008
Fault offset: 0x00000000000d0108
Faulting process id: 0x2b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 08:09:03 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/02/2014 08:09:03 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/02/2014 04:46:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/02/2014 04:46:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/02/2014 04:38:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 04:36:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/02/2014 04:36:08 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/02/2014 04:02:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001182e8d
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (01/02/2014 09:07:28 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/02/2014 09:07:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%2

Error: (01/02/2014 09:05:37 PM) (Source: Service Control Manager) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/02/2014 09:05:33 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190

Error: (01/02/2014 09:05:33 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/02/2014 09:05:33 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/02/2014 08:57:58 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/02/2014 08:57:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (01/02/2014 08:57:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (01/02/2014 08:57:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Microsoft Office Sessions:
=========================
Error: (01/02/2014 09:05:00 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000001022fb52dc01cf0827207eb900C:\Windows\system32\svchost.exeunknown72ed601f-741b-11e3-96a9-97faf49d7e80

Error: (01/02/2014 08:52:37 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c000000800000000000d01082b801cf081fb9b75e76C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllb8113663-7419-11e3-86b5-ffe1f294a38f

Error: (01/02/2014 08:09:03 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/02/2014 08:09:03 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (01/02/2014 04:46:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/02/2014 04:46:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (01/02/2014 04:38:18 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000000000002a401cf0801bbd4fa0aC:\Windows\system32\svchost.exeunknown315a267b-73f6-11e3-96fb-cd77eecebc8b

Error: (01/02/2014 04:36:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/02/2014 04:36:08 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (01/02/2014 04:02:52 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000001182e8d2d401cf07c024f0b737C:\Windows\system32\svchost.exeunknown3de16422-73f1-11e3-9d9c-86f96e190e80

CodeIntegrity Errors:
===================================
  Date: 2013-06-26 07:11:38.072
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-26 07:11:38.025
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
18 Wheels of Steel Extreme Trucker (Version: 2.2.0.95)
Acrobat.com (Version: 1.6.65)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Reader 9.5.5 MUI (Version: 9.5.5)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.2.241.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (Version: 2.2.0.95)
Chicken Invaders 2 - The Next Wave (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CWA Reminder by We-Care.com v4.1.22.3 (Version: 4.1.22.3)
CyberLink DVD Suite (Version: 7.0.3003)
CyberLink MediaShow (Version: 5.0.1616)
CyberLink PowerDVD 9 (Version: 9.0.1.4217)
CyberLink YouCam (Version: 3.0.2511)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
Eighteen Wheels of Steel Haulin' (Version: 2.2.0.95)
Eighteen Wheels of Steel: Extreme Trucker 2 (Version: 3.0.2.32)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
Heavy Weapon (Version: 2.2.0.95)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.1.5)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 3.5.23.1)
HP Support Assistant (Version: 5.0.14.2)
HP Wireless Assistant (Version: 4.0.9.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2131)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.2907)
LightScribe System Software (Version: 1.18.15.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 14.0.1468.721)
Norton 360 (Version: 20.4.0.40)
Norton Online Backup (Version: 2.1.17869)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (Version: 3.0.41.258)
Ralink RT2860 Wireless LAN Card (Version: 1.5.24.0)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6066)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
Recovery Manager (Version: 5.5.3023)
Roxio CinemaNow 2.0 (Version: 1.0.278)
RtVOsd (Version: 1.0.3)
Skype™ 6.5 (Version: 6.5.158)
Synaptics Pointing Device Driver (Version: 15.0.17.0)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
War Chess (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.4.0)
WildTangent Games App (HP Games) (Version: 4.0.10.16)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 3893.86 MB
Available physical RAM: 1438.07 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5342.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.76 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:281.7 GB) (Free:211.18 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.1 GB) (Free:2.32 GB) NTFS
3 Drive e: (Alpine_05092012) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MOBILECAVE

Administrator            Guest                    Logan                   
vjmure                  

**** End of log ****



#8 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 10:02 PM

MBAM Results (now restarting):

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
vjmure :: MOBILECAVE [administrator]

1/2/2014 9:50:09 PM
mbam-log-2014-01-02 (21-50-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266799
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\vjmure\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#9 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 10:20 PM

Malwarebytes Anti-Rootkit:

System-log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.000000 GHz
Memory total: 4083007488, free: 2394185728

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.000000 GHz
Memory total: 4083007488, free: 2281385984

Downloaded database version: v2014.01.02.04
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/02/2014 22:08:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140101.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\btmusb.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140102.001\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140102.001\ENG64.SYS
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80050d7760
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004f50050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80050d7760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80050d71b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80050d7760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004f50050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1D505CB8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 590764032

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 591173632  Numsec = 33755136

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

mbar-log-2014-01-02 (22-08-14)

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.02.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
vjmure :: MOBILECAVE [administrator]

1/2/2014 10:08:14 PM
mbar-log-2014-01-02 (22-08-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 284354
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#10 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 January 2014 - 10:27 PM

Rkill log:

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/02/2014 10:21:18 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * C:\Windows\System32\rpcss.dll : 510,464 : 07/13/2009 08:41 PM : 43dfb333bcaa083f047677b2850c9b2c [NoSig]
 +-> C:\Windows\erdnt\cache64\rpcss.dll : 509,440 : 07/13/2009 08:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 08:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/02/2014 10:25:49 PM
Execution time: 0 hours(s), 4 minute(s), and 31 seconds(s)



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:12 AM

Posted 02 January 2014 - 10:36 PM

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 03 January 2014 - 05:50 AM

TDSKiller log:

 

05:47:26.0935 8020 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

05:47:28.0937 8020 ============================================================

05:47:28.0937 8020 Current date / time: 2014/01/03 05:47:28.0937

05:47:28.0938 8020 SystemInfo:

05:47:28.0938 8020

05:47:28.0938 8020 OS Version: 6.1.7600 ServicePack: 0.0

05:47:28.0938 8020 Product type: Workstation

05:47:28.0938 8020 ComputerName: MOBILECAVE

05:47:28.0942 8020 UserName: vjmure

05:47:28.0942 8020 Windows directory: C:\Windows

05:47:28.0942 8020 System windows directory: C:\Windows

05:47:28.0942 8020 Running under WOW64

05:47:28.0942 8020 Processor architecture: Intel x64

05:47:28.0942 8020 Number of processors: 2

05:47:28.0942 8020 Page size: 0x1000

05:47:28.0942 8020 Boot type: Normal boot

05:47:28.0942 8020 ============================================================

05:47:29.0860 8020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

05:47:29.0903 8020 ============================================================

05:47:29.0903 8020 \Device\Harddisk0\DR0:

05:47:29.0903 8020 MBR partitions:

05:47:29.0903 8020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

05:47:29.0903 8020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23365800

05:47:29.0903 8020 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x233C9800, BlocksNum 0x2031000

05:47:29.0903 8020 ============================================================

05:47:29.0935 8020 C: <-> \Device\Harddisk0\DR0\Partition2

05:47:30.0060 8020 D: <-> \Device\Harddisk0\DR0\Partition3

05:47:30.0061 8020 ============================================================

05:47:30.0061 8020 Initialize success

05:47:30.0061 8020 ============================================================

05:48:00.0606 7584 ============================================================

05:48:00.0606 7584 Scan started

05:48:00.0606 7584 Mode: Manual;

05:48:00.0606 7584 ============================================================

05:48:04.0316 7584 ================ Scan system memory ========================

05:48:04.0316 7584 System memory - ok

05:48:04.0319 7584 ================ Scan services =============================

05:48:04.0596 7584 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

05:48:04.0599 7584 1394ohci - ok

05:48:04.0655 7584 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

05:48:04.0659 7584 ACPI - ok

05:48:04.0749 7584 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

05:48:04.0750 7584 AcpiPmi - ok

05:48:04.0809 7584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

05:48:04.0815 7584 adp94xx - ok

05:48:04.0888 7584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

05:48:04.0893 7584 adpahci - ok

05:48:04.0951 7584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

05:48:04.0954 7584 adpu320 - ok

05:48:05.0022 7584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

05:48:05.0023 7584 AeLookupSvc - ok

05:48:05.0146 7584 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

05:48:05.0147 7584 AERTFilters - ok

05:48:05.0207 7584 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

05:48:05.0212 7584 AFD - ok

05:48:05.0344 7584 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

05:48:05.0359 7584 AgereSoftModem - ok

05:48:05.0401 7584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

05:48:05.0403 7584 agp440 - ok

05:48:05.0478 7584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

05:48:05.0479 7584 ALG - ok

05:48:05.0528 7584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

05:48:05.0545 7584 aliide - ok

05:48:05.0568 7584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

05:48:05.0570 7584 amdide - ok

05:48:05.0618 7584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

05:48:05.0620 7584 AmdK8 - ok

05:48:05.0649 7584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

05:48:05.0652 7584 AmdPPM - ok

05:48:05.0739 7584 [ AB3166C09438A161FBDE13099A72E0AF ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

05:48:05.0741 7584 amdsata - ok

05:48:05.0771 7584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

05:48:05.0774 7584 amdsbs - ok

05:48:05.0794 7584 [ 5118DCD2065D8C8D752AD5EC0B2D6AA6 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

05:48:05.0796 7584 amdxata - ok

05:48:05.0857 7584 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

05:48:05.0858 7584 AppID - ok

05:48:05.0891 7584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

05:48:05.0892 7584 AppIDSvc - ok

05:48:05.0925 7584 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

05:48:05.0926 7584 Appinfo - ok

05:48:06.0067 7584 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

05:48:06.0069 7584 Apple Mobile Device - ok

05:48:06.0137 7584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

05:48:06.0138 7584 arc - ok

05:48:06.0216 7584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

05:48:06.0218 7584 arcsas - ok

05:48:06.0259 7584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

05:48:06.0260 7584 AsyncMac - ok

05:48:06.0322 7584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

05:48:06.0323 7584 atapi - ok

05:48:06.0416 7584 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys

05:48:06.0433 7584 athr - ok

05:48:06.0545 7584 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

05:48:06.0554 7584 AudioEndpointBuilder - ok

05:48:06.0573 7584 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

05:48:06.0578 7584 AudioSrv - ok

05:48:06.0696 7584 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

05:48:06.0705 7584 AxInstSV - ok

05:48:06.0747 7584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

05:48:06.0754 7584 b06bdrv - ok

05:48:06.0818 7584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

05:48:06.0822 7584 b57nd60a - ok

05:48:06.0878 7584 BackupStack - ok

05:48:06.0989 7584 [ 369C1928C9BBED65C9E347448BD376B0 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe

05:48:06.0992 7584 BBSvc - ok

05:48:07.0052 7584 [ 54949AFAC5CE6FA2E4D7846D4362BAB3 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

05:48:07.0056 7584 BBUpdate - ok

05:48:07.0093 7584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

05:48:07.0095 7584 BDESVC - ok

05:48:07.0119 7584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

05:48:07.0120 7584 Beep - ok

05:48:07.0196 7584 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

05:48:07.0204 7584 BFE - ok

05:48:07.0431 7584 [ 613883A3BAC6920149C83ED751589433 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys

05:48:07.0453 7584 BHDrvx64 - ok

05:48:07.0516 7584 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll

05:48:07.0528 7584 BITS - ok

05:48:07.0544 7584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

05:48:07.0545 7584 blbdrive - ok

05:48:07.0789 7584 [ 2BBD2AB07D779278114BA6A694972F1A ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

05:48:07.0901 7584 Bluetooth Device Manager - ok

05:48:07.0958 7584 [ 87D6A02028E47CA696C4294C658E3EE6 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe

05:48:07.0972 7584 Bluetooth Media Service - ok

05:48:08.0002 7584 [ 9AF4B2CF2F98CF6157CDFD917AE5785B ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe

05:48:08.0010 7584 Bluetooth OBEX Service - ok

05:48:08.0073 7584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

05:48:08.0076 7584 Bonjour Service - ok

05:48:08.0128 7584 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

05:48:08.0130 7584 bowser - ok

05:48:08.0174 7584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

05:48:08.0175 7584 BrFiltLo - ok

05:48:08.0206 7584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

05:48:08.0207 7584 BrFiltUp - ok

05:48:08.0252 7584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

05:48:08.0253 7584 BridgeMP - ok

05:48:08.0314 7584 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll

05:48:08.0316 7584 Browser - ok

05:48:08.0362 7584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

05:48:08.0366 7584 Brserid - ok

05:48:08.0389 7584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

05:48:08.0391 7584 BrSerWdm - ok

05:48:08.0433 7584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

05:48:08.0434 7584 BrUsbMdm - ok

05:48:08.0459 7584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

05:48:08.0460 7584 BrUsbSer - ok

05:48:08.0502 7584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

05:48:08.0504 7584 BthEnum - ok

05:48:08.0524 7584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

05:48:08.0525 7584 BTHMODEM - ok

05:48:08.0559 7584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

05:48:08.0561 7584 BthPan - ok

05:48:08.0610 7584 [ 538392664FEE486620DFEA146F2500BC ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

05:48:08.0619 7584 BTHPORT - ok

05:48:08.0697 7584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

05:48:08.0699 7584 bthserv - ok

05:48:08.0727 7584 [ 6E71522E317B22257D8E37A1584B5829 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

05:48:08.0729 7584 BTHUSB - ok

05:48:08.0808 7584 [ E588420B950DAC5AC397F76660BCE520 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys

05:48:08.0809 7584 BTMCOM - ok

05:48:08.0950 7584 [ 4EEF6B894E05FC245640DCEE9190A053 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys

05:48:08.0997 7584 BTMUSB - ok

05:48:09.0170 7584 [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys

05:48:09.0173 7584 ccSet_N360 - ok

05:48:09.0210 7584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

05:48:09.0212 7584 cdfs - ok

05:48:09.0260 7584 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

05:48:09.0262 7584 cdrom - ok

05:48:09.0320 7584 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

05:48:09.0322 7584 CertPropSvc - ok

05:48:09.0415 7584 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

05:48:09.0417 7584 CinemaNow Service - ok

05:48:09.0443 7584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

05:48:09.0445 7584 circlass - ok

05:48:09.0476 7584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

05:48:09.0487 7584 CLFS - ok

05:48:09.0540 7584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

05:48:09.0542 7584 clr_optimization_v2.0.50727_32 - ok

05:48:09.0600 7584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

05:48:09.0602 7584 clr_optimization_v2.0.50727_64 - ok

05:48:09.0650 7584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

05:48:09.0651 7584 CmBatt - ok

05:48:09.0664 7584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

05:48:09.0666 7584 cmdide - ok

05:48:09.0712 7584 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys

05:48:09.0719 7584 CNG - ok

05:48:09.0767 7584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

05:48:09.0768 7584 Compbatt - ok

05:48:09.0795 7584 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

05:48:09.0798 7584 CompositeBus - ok

05:48:09.0819 7584 COMSysApp - ok

05:48:09.0847 7584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

05:48:09.0849 7584 crcdisk - ok

05:48:09.0892 7584 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll

05:48:09.0893 7584 CryptSvc - ok

05:48:09.0972 7584 [ 43DFB333BCAA083F047677B2850C9B2C ] DcomLaunch C:\Windows\system32\rpcss.dll

05:48:09.0977 7584 DcomLaunch - ok

05:48:10.0033 7584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

05:48:10.0038 7584 defragsvc - ok

05:48:10.0090 7584 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

05:48:10.0092 7584 DfsC - ok

05:48:10.0138 7584 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

05:48:10.0141 7584 Dhcp - ok

05:48:10.0171 7584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

05:48:10.0172 7584 discache - ok

05:48:10.0219 7584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

05:48:10.0223 7584 Disk - ok

05:48:10.0268 7584 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

05:48:10.0270 7584 Dnscache - ok

05:48:10.0302 7584 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

05:48:10.0306 7584 dot3svc - ok

05:48:10.0331 7584 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

05:48:10.0334 7584 DPS - ok

05:48:10.0356 7584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

05:48:10.0357 7584 drmkaud - ok

05:48:10.0418 7584 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

05:48:10.0430 7584 DXGKrnl - ok

05:48:10.0500 7584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

05:48:10.0502 7584 EapHost - ok

05:48:10.0578 7584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

05:48:10.0615 7584 ebdrv - ok

05:48:10.0739 7584 [ 1B7AA375F711F66D5FF2B855F9EC987F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

05:48:10.0745 7584 eeCtrl - ok

05:48:10.0837 7584 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

05:48:10.0838 7584 EFS - ok

05:48:10.0919 7584 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe

05:48:10.0962 7584 ehRecvr - ok

05:48:10.0984 7584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

05:48:10.0986 7584 ehSched - ok

05:48:11.0031 7584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

05:48:11.0038 7584 elxstor - ok

05:48:11.0114 7584 [ 7230C8B80DDE1F0524C353240B78CC0E ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

05:48:11.0116 7584 EraserUtilRebootDrv - ok

05:48:11.0149 7584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

05:48:11.0150 7584 ErrDev - ok

05:48:11.0191 7584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

05:48:11.0211 7584 EventSystem - ok

05:48:11.0246 7584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

05:48:11.0251 7584 exfat - ok

05:48:11.0311 7584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

05:48:11.0315 7584 fastfat - ok

05:48:11.0356 7584 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

05:48:11.0369 7584 Fax - ok

05:48:11.0418 7584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

05:48:11.0419 7584 fdc - ok

05:48:11.0450 7584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

05:48:11.0451 7584 fdPHost - ok

05:48:11.0464 7584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

05:48:11.0466 7584 FDResPub - ok

05:48:11.0479 7584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

05:48:11.0482 7584 FileInfo - ok

05:48:11.0492 7584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

05:48:11.0496 7584 Filetrace - ok

05:48:11.0558 7584 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

05:48:11.0566 7584 FLEXnet Licensing Service - ok

05:48:11.0636 7584 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

05:48:11.0653 7584 FLEXnet Licensing Service 64 - ok

05:48:11.0699 7584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

05:48:11.0700 7584 flpydisk - ok

05:48:11.0726 7584 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

05:48:11.0730 7584 FltMgr - ok

05:48:11.0808 7584 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll

05:48:11.0824 7584 FontCache - ok

05:48:11.0876 7584 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

05:48:11.0878 7584 FontCache3.0.0.0 - ok

05:48:11.0903 7584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

05:48:11.0905 7584 FsDepends - ok

05:48:11.0956 7584 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

05:48:11.0958 7584 Fs_Rec - ok

05:48:11.0986 7584 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

05:48:11.0989 7584 fvevol - ok

05:48:12.0013 7584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

05:48:12.0015 7584 gagp30kx - ok

05:48:12.0154 7584 [ 88656807B4C6886C92FA4E09646070D2 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

05:48:12.0158 7584 GamesAppIntegrationService - ok

05:48:12.0239 7584 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

05:48:12.0242 7584 GamesAppService - ok

05:48:12.0278 7584 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

05:48:12.0280 7584 GEARAspiWDM - ok

05:48:12.0317 7584 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

05:48:12.0326 7584 gpsvc - ok

05:48:12.0461 7584 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

05:48:12.0462 7584 gupdate - ok

05:48:12.0491 7584 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

05:48:12.0493 7584 gupdatem - ok

05:48:12.0533 7584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

05:48:12.0536 7584 gusvc - ok

05:48:12.0580 7584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

05:48:12.0595 7584 hcw85cir - ok

05:48:12.0650 7584 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

05:48:12.0655 7584 HdAudAddService - ok

05:48:12.0681 7584 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

05:48:12.0685 7584 HDAudBus - ok

05:48:12.0732 7584 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

05:48:12.0733 7584 HECIx64 - ok

05:48:12.0753 7584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

05:48:12.0754 7584 HidBatt - ok

05:48:12.0783 7584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

05:48:12.0785 7584 HidBth - ok

05:48:12.0814 7584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

05:48:12.0818 7584 HidIr - ok

05:48:12.0904 7584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

05:48:12.0907 7584 hidserv - ok

05:48:12.0947 7584 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

05:48:12.0948 7584 HidUsb - ok

05:48:12.0978 7584 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

05:48:12.0980 7584 hkmsvc - ok

05:48:13.0012 7584 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

05:48:13.0016 7584 HomeGroupListener - ok

05:48:13.0047 7584 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

05:48:13.0050 7584 HomeGroupProvider - ok

05:48:13.0161 7584 [ 3F4ADD4196E2B860019539837BE305F9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

05:48:13.0163 7584 HP Health Check Service - ok

05:48:13.0280 7584 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

05:48:13.0282 7584 HP Wireless Assistant Service - ok

05:48:13.0333 7584 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

05:48:13.0335 7584 hpqwmiex - ok

05:48:13.0395 7584 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

05:48:13.0397 7584 HpSAMD - ok

05:48:13.0527 7584 [ 9DF9CF7840A3A99F2FFD614F0A13F2F9 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

05:48:13.0528 7584 HPWMISVC - ok

05:48:13.0574 7584 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

05:48:13.0597 7584 HTTP - ok

05:48:13.0610 7584 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

05:48:13.0611 7584 hwpolicy - ok

05:48:13.0659 7584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

05:48:13.0662 7584 i8042prt - ok

05:48:13.0706 7584 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

05:48:13.0712 7584 iaStor - ok

05:48:13.0835 7584 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

05:48:13.0838 7584 IAStorDataMgrSvc - ok

05:48:13.0886 7584 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

05:48:13.0892 7584 iaStorV - ok

05:48:13.0962 7584 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

05:48:13.0977 7584 idsvc - ok

05:48:14.0113 7584 [ D7CB14B41DA52DF2EC143768E02F0E97 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140102.001\IDSvia64.sys

05:48:14.0119 7584 IDSVia64 - ok

05:48:14.0408 7584 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

05:48:14.0612 7584 igfx - ok

05:48:14.0643 7584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

05:48:14.0645 7584 iirsp - ok

05:48:14.0689 7584 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

05:48:14.0697 7584 IKEEXT - ok

05:48:14.0875 7584 [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

05:48:14.0900 7584 IntcAzAudAddService - ok

05:48:15.0047 7584 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

05:48:15.0051 7584 IntcDAud - ok

05:48:15.0088 7584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

05:48:15.0089 7584 intelide - ok

05:48:15.0199 7584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

05:48:15.0200 7584 intelppm - ok

05:48:15.0234 7584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

05:48:15.0237 7584 IPBusEnum - ok

05:48:15.0264 7584 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

05:48:15.0266 7584 IpFilterDriver - ok

05:48:15.0305 7584 [ F8E058D17363EC580E4B7232778B6CB5 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll

05:48:15.0312 7584 IpHlpSvc - ok

05:48:15.0336 7584 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

05:48:15.0338 7584 IPMIDRV - ok

05:48:15.0377 7584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

05:48:15.0379 7584 IPNAT - ok

05:48:15.0426 7584 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

05:48:15.0431 7584 iPod Service - ok

05:48:15.0464 7584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

05:48:15.0465 7584 IRENUM - ok

05:48:15.0489 7584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

05:48:15.0492 7584 isapnp - ok

05:48:15.0520 7584 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

05:48:15.0525 7584 iScsiPrt - ok

05:48:15.0565 7584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

05:48:15.0566 7584 kbdclass - ok

05:48:15.0592 7584 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

05:48:15.0593 7584 kbdhid - ok

05:48:15.0618 7584 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

05:48:15.0620 7584 KeyIso - ok

05:48:15.0662 7584 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

05:48:15.0664 7584 KSecDD - ok

05:48:15.0676 7584 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

05:48:15.0679 7584 KSecPkg - ok

05:48:15.0699 7584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

05:48:15.0701 7584 ksthunk - ok

05:48:15.0743 7584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

05:48:15.0749 7584 KtmRm - ok

05:48:15.0816 7584 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll

05:48:15.0821 7584 LanmanServer - ok

05:48:15.0857 7584 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

05:48:15.0860 7584 LanmanWorkstation - ok

05:48:15.0905 7584 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

05:48:15.0906 7584 LightScribeService - ok

05:48:15.0973 7584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

05:48:15.0975 7584 lltdio - ok

05:48:16.0015 7584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

05:48:16.0021 7584 lltdsvc - ok

05:48:16.0036 7584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

05:48:16.0038 7584 lmhosts - ok

05:48:16.0124 7584 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

05:48:16.0126 7584 LMS - ok

05:48:16.0160 7584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

05:48:16.0162 7584 LSI_FC - ok

05:48:16.0193 7584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

05:48:16.0195 7584 LSI_SAS - ok

05:48:16.0241 7584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

05:48:16.0242 7584 LSI_SAS2 - ok

05:48:16.0265 7584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

05:48:16.0267 7584 LSI_SCSI - ok

05:48:16.0293 7584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

05:48:16.0295 7584 luafv - ok

05:48:16.0328 7584 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

05:48:16.0331 7584 Mcx2Svc - ok

05:48:16.0371 7584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

05:48:16.0373 7584 megasas - ok

05:48:16.0390 7584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

05:48:16.0394 7584 MegaSR - ok

05:48:16.0466 7584 Microsoft SharePoint Workspace Audit Service - ok

05:48:16.0524 7584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

05:48:16.0526 7584 MMCSS - ok

05:48:16.0539 7584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

05:48:16.0540 7584 Modem - ok

05:48:16.0565 7584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

05:48:16.0566 7584 monitor - ok

05:48:16.0597 7584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

05:48:16.0598 7584 mouclass - ok

05:48:16.0620 7584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

05:48:16.0671 7584 mouhid - ok

05:48:16.0697 7584 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

05:48:16.0699 7584 mountmgr - ok

05:48:16.0736 7584 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

05:48:16.0741 7584 mpio - ok

05:48:16.0763 7584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

05:48:16.0765 7584 mpsdrv - ok

05:48:16.0861 7584 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

05:48:16.0868 7584 MpsSvc - ok

05:48:16.0907 7584 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

05:48:16.0910 7584 MRxDAV - ok

05:48:16.0976 7584 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

05:48:16.0983 7584 mrxsmb - ok

05:48:17.0003 7584 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

05:48:17.0008 7584 mrxsmb10 - ok

05:48:17.0025 7584 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

05:48:17.0027 7584 mrxsmb20 - ok

05:48:17.0057 7584 [ 5E939CF91EA4A841DBAFE4627E0292BB ] msahci C:\Windows\system32\DRIVERS\msahci.sys

05:48:17.0058 7584 msahci - ok

05:48:17.0090 7584 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

05:48:17.0093 7584 msdsm - ok

05:48:17.0112 7584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

05:48:17.0116 7584 MSDTC - ok

05:48:17.0141 7584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

05:48:17.0142 7584 Msfs - ok

05:48:17.0150 7584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

05:48:17.0151 7584 mshidkmdf - ok

05:48:17.0168 7584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

05:48:17.0169 7584 msisadrv - ok

05:48:17.0227 7584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

05:48:17.0231 7584 MSiSCSI - ok

05:48:17.0239 7584 msiserver - ok

05:48:17.0257 7584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

05:48:17.0258 7584 MSKSSRV - ok

05:48:17.0289 7584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

05:48:17.0291 7584 MSPCLOCK - ok

05:48:17.0338 7584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

05:48:17.0339 7584 MSPQM - ok

05:48:17.0365 7584 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

05:48:17.0373 7584 MsRPC - ok

05:48:17.0393 7584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

05:48:17.0394 7584 mssmbios - ok

05:48:17.0418 7584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

05:48:17.0419 7584 MSTEE - ok

05:48:17.0465 7584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

05:48:17.0466 7584 MTConfig - ok

05:48:17.0492 7584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

05:48:17.0493 7584 Mup - ok

05:48:17.0597 7584 [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

05:48:17.0598 7584 N360 - ok

05:48:17.0632 7584 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

05:48:17.0641 7584 napagent - ok

05:48:17.0693 7584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

05:48:17.0697 7584 NativeWifiP - ok

05:48:17.0801 7584 [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140102.022\ENG64.SYS

05:48:17.0803 7584 NAVENG - ok

05:48:17.0860 7584 [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140102.022\EX64.SYS

05:48:17.0897 7584 NAVEX15 - ok

05:48:17.0952 7584 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

05:48:17.0964 7584 NDIS - ok

05:48:17.0995 7584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

05:48:17.0996 7584 NdisCap - ok

05:48:18.0042 7584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

05:48:18.0043 7584 NdisTapi - ok

05:48:18.0079 7584 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

05:48:18.0081 7584 Ndisuio - ok

05:48:18.0106 7584 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

05:48:18.0109 7584 NdisWan - ok

05:48:18.0140 7584 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

05:48:18.0142 7584 NDProxy - ok

05:48:18.0159 7584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

05:48:18.0160 7584 NetBIOS - ok

05:48:18.0184 7584 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

05:48:18.0188 7584 NetBT - ok

05:48:18.0202 7584 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

05:48:18.0206 7584 Netlogon - ok

05:48:18.0246 7584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

05:48:18.0252 7584 Netman - ok

05:48:18.0268 7584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

05:48:18.0276 7584 netprofm - ok

05:48:18.0377 7584 [ 193C58F081747EA752DA6EFF64719BB4 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

05:48:18.0398 7584 netr28x - ok

05:48:18.0436 7584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

05:48:18.0440 7584 NetTcpPortSharing - ok

05:48:18.0612 7584 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

05:48:18.0794 7584 netw5v64 - ok

05:48:18.0848 7584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

05:48:18.0850 7584 nfrd960 - ok

05:48:18.0909 7584 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

05:48:18.0912 7584 NlaSvc - ok

05:48:19.0057 7584 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

05:48:19.0085 7584 NOBU - ok

05:48:19.0110 7584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

05:48:19.0111 7584 Npfs - ok

05:48:19.0148 7584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

05:48:19.0150 7584 nsi - ok

05:48:19.0203 7584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

05:48:19.0204 7584 nsiproxy - ok

05:48:19.0311 7584 [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

05:48:19.0330 7584 Ntfs - ok

05:48:19.0374 7584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

05:48:19.0375 7584 Null - ok

05:48:19.0423 7584 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

05:48:19.0425 7584 nvraid - ok

05:48:19.0474 7584 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

05:48:19.0476 7584 nvstor - ok

05:48:19.0577 7584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

05:48:19.0579 7584 nv_agp - ok

05:48:19.0613 7584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

05:48:19.0615 7584 ohci1394 - ok

05:48:19.0691 7584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

05:48:19.0693 7584 ose - ok

05:48:19.0876 7584 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

05:48:20.0062 7584 osppsvc - ok

05:48:20.0120 7584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

05:48:20.0125 7584 p2pimsvc - ok

05:48:20.0164 7584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

05:48:20.0173 7584 p2psvc - ok

05:48:20.0219 7584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

05:48:20.0222 7584 Parport - ok

05:48:20.0262 7584 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys

05:48:20.0263 7584 partmgr - ok

05:48:20.0288 7584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

05:48:20.0290 7584 PcaSvc - ok

05:48:20.0307 7584 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

05:48:20.0309 7584 pci - ok

05:48:20.0345 7584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

05:48:20.0346 7584 pciide - ok

05:48:20.0377 7584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

05:48:20.0380 7584 pcmcia - ok

05:48:20.0405 7584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

05:48:20.0406 7584 pcw - ok

05:48:20.0439 7584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

05:48:20.0447 7584 PEAUTH - ok

05:48:20.0520 7584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

05:48:20.0522 7584 PerfHost - ok

05:48:20.0586 7584 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

05:48:20.0604 7584 pla - ok

05:48:20.0651 7584 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

05:48:20.0659 7584 PlugPlay - ok

05:48:20.0721 7584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

05:48:20.0723 7584 PNRPAutoReg - ok

05:48:20.0750 7584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

05:48:20.0756 7584 PNRPsvc - ok

05:48:20.0793 7584 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

05:48:20.0802 7584 PolicyAgent - ok

05:48:20.0833 7584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

05:48:20.0838 7584 Power - ok

05:48:20.0876 7584 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

05:48:20.0878 7584 PptpMiniport - ok

05:48:20.0908 7584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

05:48:20.0910 7584 Processor - ok

05:48:20.0976 7584 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

05:48:20.0980 7584 ProfSvc - ok

05:48:21.0007 7584 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

05:48:21.0009 7584 ProtectedStorage - ok

05:48:21.0041 7584 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

05:48:21.0043 7584 Psched - ok

05:48:21.0108 7584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

05:48:21.0126 7584 ql2300 - ok

05:48:21.0149 7584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

05:48:21.0153 7584 ql40xx - ok

05:48:21.0187 7584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

05:48:21.0192 7584 QWAVE - ok

05:48:21.0240 7584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

05:48:21.0241 7584 QWAVEdrv - ok

05:48:21.0353 7584 [ 4E033A3D13F2D3611A7DF0A60CE090CB ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

05:48:21.0358 7584 RalinkRegistryWriter - ok

05:48:21.0389 7584 [ 1222BD405310F8B39D4EC28691E24F7A ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

05:48:21.0395 7584 RalinkRegistryWriter64 - ok

05:48:21.0470 7584 [ 2977F7750EA2BECB3E623814D2C18800 ] RaMediaServer C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe

05:48:21.0574 7584 RaMediaServer - ok

05:48:21.0596 7584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

05:48:21.0609 7584 RasAcd - ok

05:48:21.0654 7584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

05:48:21.0656 7584 RasAgileVpn - ok

05:48:21.0693 7584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

05:48:21.0709 7584 RasAuto - ok

05:48:21.0757 7584 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

05:48:21.0759 7584 Rasl2tp - ok

05:48:21.0787 7584 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

05:48:21.0791 7584 RasMan - ok

05:48:21.0811 7584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

05:48:21.0813 7584 RasPppoe - ok

05:48:21.0856 7584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

05:48:21.0858 7584 RasSstp - ok

05:48:21.0888 7584 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

05:48:21.0892 7584 rdbss - ok

05:48:21.0927 7584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

05:48:21.0928 7584 rdpbus - ok

05:48:21.0951 7584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

05:48:21.0951 7584 RDPCDD - ok

05:48:21.0978 7584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

05:48:21.0978 7584 RDPENCDD - ok

05:48:22.0003 7584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

05:48:22.0004 7584 RDPREFMP - ok

05:48:22.0048 7584 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

05:48:22.0053 7584 RDPWD - ok

05:48:22.0105 7584 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

05:48:22.0108 7584 rdyboost - ok

05:48:22.0160 7584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

05:48:22.0163 7584 RemoteAccess - ok

05:48:22.0222 7584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

05:48:22.0226 7584 RemoteRegistry - ok

05:48:22.0267 7584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

05:48:22.0272 7584 RFCOMM - ok

05:48:22.0297 7584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

05:48:22.0301 7584 RpcEptMapper - ok

05:48:22.0332 7584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

05:48:22.0336 7584 RpcLocator - ok

05:48:22.0395 7584 [ 43DFB333BCAA083F047677B2850C9B2C ] RpcSs C:\Windows\system32\rpcss.dll

05:48:22.0401 7584 RpcSs - ok

05:48:22.0442 7584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

05:48:22.0444 7584 rspndr - ok

05:48:22.0490 7584 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

05:48:22.0494 7584 RSUSBSTOR - ok

05:48:22.0563 7584 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

05:48:22.0568 7584 RTL8167 - ok

05:48:22.0643 7584 [ FEBFB5730E12F62CA38F86A066E7348D ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

05:48:22.0648 7584 RtVOsdService - ok

05:48:22.0686 7584 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

05:48:22.0687 7584 SamSs - ok

05:48:22.0726 7584 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

05:48:22.0729 7584 sbp2port - ok

05:48:22.0770 7584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

05:48:22.0774 7584 SCardSvr - ok

05:48:22.0815 7584 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

05:48:22.0817 7584 scfilter - ok

05:48:22.0896 7584 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

05:48:22.0912 7584 Schedule - ok

05:48:22.0980 7584 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

05:48:22.0981 7584 SCPolicySvc - ok

05:48:23.0027 7584 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

05:48:23.0030 7584 sdbus - ok

05:48:23.0067 7584 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

05:48:23.0074 7584 SDRSVC - ok

05:48:23.0136 7584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

05:48:23.0146 7584 secdrv - ok

05:48:23.0162 7584 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

05:48:23.0164 7584 seclogon - ok

05:48:23.0183 7584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

05:48:23.0186 7584 SENS - ok

05:48:23.0256 7584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

05:48:23.0259 7584 SensrSvc - ok

05:48:23.0285 7584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

05:48:23.0286 7584 Serenum - ok

05:48:23.0316 7584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

05:48:23.0320 7584 Serial - ok

05:48:23.0346 7584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

05:48:23.0349 7584 sermouse - ok

05:48:23.0388 7584 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

05:48:23.0391 7584 SessionEnv - ok

05:48:23.0416 7584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

05:48:23.0417 7584 sffdisk - ok

05:48:23.0446 7584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

05:48:23.0450 7584 sffp_mmc - ok

05:48:23.0493 7584 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

05:48:23.0494 7584 sffp_sd - ok

05:48:23.0516 7584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

05:48:23.0517 7584 sfloppy - ok

05:48:23.0569 7584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

05:48:23.0575 7584 SharedAccess - ok

05:48:23.0603 7584 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

05:48:23.0607 7584 ShellHWDetection - ok

05:48:23.0633 7584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

05:48:23.0634 7584 SiSRaid2 - ok

05:48:23.0658 7584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

05:48:23.0660 7584 SiSRaid4 - ok

05:48:23.0766 7584 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

05:48:23.0769 7584 SkypeUpdate - ok

05:48:23.0787 7584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

05:48:23.0789 7584 Smb - ok

05:48:23.0824 7584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

05:48:23.0834 7584 SNMPTRAP - ok

05:48:23.0845 7584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

05:48:23.0846 7584 spldr - ok

05:48:23.0896 7584 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe

05:48:23.0903 7584 Spooler - ok

05:48:24.0001 7584 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

05:48:24.0065 7584 sppsvc - ok

05:48:24.0089 7584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

05:48:24.0092 7584 sppuinotify - ok

05:48:24.0213 7584 [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS

05:48:24.0223 7584 SRTSP - ok

05:48:24.0249 7584 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS

05:48:24.0250 7584 SRTSPX - ok

05:48:24.0333 7584 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

05:48:24.0339 7584 srv - ok

05:48:24.0368 7584 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

05:48:24.0374 7584 srv2 - ok

05:48:24.0417 7584 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

05:48:24.0423 7584 SrvHsfHDA - ok

05:48:24.0476 7584 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

05:48:24.0498 7584 SrvHsfV92 - ok

05:48:24.0561 7584 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

05:48:24.0570 7584 SrvHsfWinac - ok

05:48:24.0636 7584 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

05:48:24.0639 7584 srvnet - ok

05:48:24.0715 7584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

05:48:24.0718 7584 SSDPSRV - ok

05:48:24.0749 7584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

05:48:24.0752 7584 SstpSvc - ok

05:48:24.0805 7584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

05:48:24.0806 7584 stexstor - ok

05:48:24.0856 7584 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

05:48:24.0865 7584 stisvc - ok

05:48:24.0885 7584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

05:48:24.0886 7584 swenum - ok

05:48:24.0949 7584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

05:48:24.0957 7584 swprv - ok

05:48:25.0009 7584 [ 52DC0048D667757A8A2E4C87182890AC ] SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS

05:48:25.0019 7584 SymDS - ok

05:48:25.0059 7584 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS

05:48:25.0074 7584 SymEFA - ok

05:48:25.0131 7584 [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

05:48:25.0134 7584 SymEvent - ok

05:48:25.0209 7584 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys

05:48:25.0210 7584 SymIM - ok

05:48:25.0251 7584 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS

05:48:25.0254 7584 SymIRON - ok

05:48:25.0306 7584 [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS

05:48:25.0312 7584 SymNetS - ok

05:48:25.0412 7584 [ 4998AE89119C7106C92F0A64E4840FF6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

05:48:25.0417 7584 SynTP - ok

05:48:25.0477 7584 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

05:48:25.0509 7584 SysMain - ok

05:48:25.0527 7584 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

05:48:25.0532 7584 TabletInputService - ok

05:48:25.0550 7584 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

05:48:25.0554 7584 TapiSrv - ok

05:48:25.0568 7584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

05:48:25.0571 7584 TBS - ok

05:48:25.0652 7584 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

05:48:25.0677 7584 Tcpip - ok

05:48:25.0728 7584 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

05:48:25.0745 7584 TCPIP6 - ok

05:48:25.0873 7584 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

05:48:25.0874 7584 tcpipreg - ok

05:48:25.0903 7584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

05:48:25.0904 7584 TDPIPE - ok

05:48:25.0934 7584 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

05:48:25.0935 7584 TDTCP - ok

05:48:25.0953 7584 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

05:48:25.0955 7584 tdx - ok

05:48:25.0967 7584 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

05:48:25.0969 7584 TermDD - ok

05:48:26.0051 7584 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

05:48:26.0061 7584 TermService - ok

05:48:26.0083 7584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

05:48:26.0085 7584 Themes - ok

05:48:26.0122 7584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

05:48:26.0125 7584 THREADORDER - ok

05:48:26.0155 7584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

05:48:26.0158 7584 TrkWks - ok

05:48:26.0254 7584 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

05:48:26.0257 7584 TrustedInstaller - ok

05:48:26.0286 7584 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

05:48:26.0287 7584 tssecsrv - ok

05:48:26.0342 7584 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

05:48:26.0344 7584 tunnel - ok

05:48:26.0369 7584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

05:48:26.0371 7584 uagp35 - ok

05:48:26.0409 7584 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys

05:48:26.0414 7584 udfs - ok

05:48:26.0469 7584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

05:48:26.0472 7584 UI0Detect - ok

05:48:26.0514 7584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

05:48:26.0516 7584 uliagpkx - ok

05:48:26.0535 7584 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

05:48:26.0537 7584 umbus - ok

05:48:26.0618 7584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

05:48:26.0619 7584 UmPass - ok

05:48:26.0714 7584 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

05:48:26.0737 7584 UNS - ok

05:48:26.0778 7584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

05:48:26.0783 7584 upnphost - ok

05:48:26.0860 7584 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

05:48:26.0863 7584 USBAAPL64 - ok

05:48:26.0900 7584 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

05:48:26.0902 7584 usbccgp - ok

05:48:26.0934 7584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

05:48:26.0936 7584 usbcir - ok

05:48:26.0960 7584 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

05:48:26.0963 7584 usbehci - ok

05:48:27.0011 7584 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

05:48:27.0018 7584 usbhub - ok

05:48:27.0036 7584 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

05:48:27.0037 7584 usbohci - ok

05:48:27.0063 7584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

05:48:27.0064 7584 usbprint - ok

05:48:27.0084 7584 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

05:48:27.0086 7584 USBSTOR - ok

05:48:27.0101 7584 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

05:48:27.0102 7584 usbuhci - ok

05:48:27.0166 7584 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

05:48:27.0173 7584 usbvideo - ok

05:48:27.0210 7584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

05:48:27.0214 7584 UxSms - ok

05:48:27.0225 7584 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

05:48:27.0227 7584 VaultSvc - ok

05:48:27.0246 7584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

05:48:27.0248 7584 vdrvroot - ok

05:48:27.0281 7584 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

05:48:27.0289 7584 vds - ok

05:48:27.0320 7584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

05:48:27.0326 7584 vga - ok

05:48:27.0349 7584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

05:48:27.0350 7584 VgaSave - ok

05:48:27.0376 7584 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

05:48:27.0381 7584 vhdmp - ok

05:48:27.0420 7584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

05:48:27.0421 7584 viaide - ok

05:48:27.0451 7584 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

05:48:27.0453 7584 volmgr - ok

05:48:27.0509 7584 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

05:48:27.0515 7584 volmgrx - ok

05:48:27.0556 7584 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

05:48:27.0561 7584 volsnap - ok

05:48:27.0591 7584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

05:48:27.0596 7584 vsmraid - ok

05:48:27.0686 7584 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

05:48:27.0734 7584 VSS - ok

05:48:27.0767 7584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

05:48:27.0769 7584 vwifibus - ok

05:48:27.0800 7584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

05:48:27.0802 7584 vwififlt - ok

05:48:27.0883 7584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

05:48:27.0887 7584 W32Time - ok

05:48:27.0915 7584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

05:48:27.0917 7584 WacomPen - ok

05:48:27.0951 7584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

05:48:27.0953 7584 WANARP - ok

05:48:27.0967 7584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

05:48:27.0968 7584 Wanarpv6 - ok

05:48:28.0045 7584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

05:48:28.0060 7584 WatAdminSvc - ok

05:48:28.0129 7584 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

05:48:28.0149 7584 wbengine - ok

05:48:28.0169 7584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

05:48:28.0186 7584 WbioSrvc - ok

05:48:28.0253 7584 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll

05:48:28.0262 7584 wcncsvc - ok

05:48:28.0278 7584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

05:48:28.0281 7584 WcsPlugInService - ok

05:48:28.0328 7584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

05:48:28.0330 7584 Wd - ok

05:48:28.0385 7584 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

05:48:28.0395 7584 Wdf01000 - ok

05:48:28.0412 7584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

05:48:28.0415 7584 WdiServiceHost - ok

05:48:28.0424 7584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

05:48:28.0428 7584 WdiSystemHost - ok

05:48:28.0457 7584 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll

05:48:28.0464 7584 WebClient - ok

05:48:28.0492 7584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

05:48:28.0499 7584 Wecsvc - ok

05:48:28.0513 7584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

05:48:28.0516 7584 wercplsupport - ok

05:48:28.0549 7584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

05:48:28.0553 7584 WerSvc - ok

05:48:28.0587 7584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

05:48:28.0588 7584 WfpLwf - ok

05:48:28.0613 7584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

05:48:28.0614 7584 WIMMount - ok

05:48:28.0659 7584 WinDefend - ok

05:48:28.0671 7584 WinHttpAutoProxySvc - ok

05:48:28.0734 7584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

05:48:28.0737 7584 Winmgmt - ok

05:48:28.0848 7584 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

05:48:28.0907 7584 WinRM - ok

05:48:29.0004 7584 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

05:48:29.0005 7584 WinUsb - ok

05:48:29.0055 7584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

05:48:29.0067 7584 Wlansvc - ok

05:48:29.0170 7584 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

05:48:29.0192 7584 wlidsvc - ok

05:48:29.0215 7584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

05:48:29.0216 7584 WmiAcpi - ok

05:48:29.0317 7584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

05:48:29.0335 7584 wmiApSrv - ok

05:48:29.0384 7584 WMPNetworkSvc - ok

05:48:29.0467 7584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

05:48:29.0514 7584 WPCSvc - ok

05:48:29.0541 7584 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

05:48:29.0547 7584 WPDBusEnum - ok

05:48:29.0582 7584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

05:48:29.0582 7584 ws2ifsl - ok

05:48:29.0611 7584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

05:48:29.0615 7584 wscsvc - ok

05:48:29.0623 7584 WSearch - ok

05:48:29.0705 7584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

05:48:29.0741 7584 wuauserv - ok

05:48:29.0783 7584 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

05:48:29.0785 7584 WudfPf - ok

05:48:29.0818 7584 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

05:48:29.0822 7584 WUDFRd - ok

05:48:29.0896 7584 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

05:48:29.0900 7584 wudfsvc - ok

05:48:29.0949 7584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

05:48:29.0954 7584 WwanSvc - ok

05:48:30.0083 7584 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

05:48:30.0102 7584 yukonw7 - ok

05:48:30.0124 7584 ================ Scan global ===============================

05:48:30.0161 7584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

05:48:30.0205 7584 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll

05:48:30.0218 7584 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll

05:48:30.0243 7584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

05:48:30.0305 7584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

05:48:30.0325 7584 [Global] - ok

05:48:30.0325 7584 ================ Scan MBR ==================================

05:48:30.0359 7584 [ 28FAD36B99C573F61476254CD85167D7 ] \Device\Harddisk0\DR0

05:48:30.0499 7584 \Device\Harddisk0\DR0 - ok

05:48:30.0502 7584 ================ Scan VBR ==================================

05:48:30.0505 7584 [ B1AA283744E6FE6C8B39D24F69D633A0 ] \Device\Harddisk0\DR0\Partition1

05:48:30.0507 7584 \Device\Harddisk0\DR0\Partition1 - ok

05:48:30.0565 7584 [ 9822A1BC50EE7C419A76D99F7CD4563C ] \Device\Harddisk0\DR0\Partition2

05:48:30.0566 7584 \Device\Harddisk0\DR0\Partition2 - ok

05:48:30.0611 7584 [ EABEE6AFF68535E37DBDAC73A6685DD8 ] \Device\Harddisk0\DR0\Partition3

05:48:30.0612 7584 \Device\Harddisk0\DR0\Partition3 - ok

05:48:30.0616 7584 ============================================================

05:48:30.0616 7584 Scan finished

05:48:30.0616 7584 ============================================================

05:48:30.0634 7236 Detected object count: 0

05:48:30.0634 7236 Actual detected object count: 0



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:12 AM

Posted 03 January 2014 - 06:35 PM

Does the audio play when you're using certain program?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 vjmure

vjmure
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 03 January 2014 - 07:10 PM

No.    It will launch on startup after a few minutes.
 
A couple other items.      I did a "Netstat" and one of the first IP addresses connected after startup was "5.45.65.190".   Also 5.45.64.145 and 5.45.69.131.    I did a web search on the first IP address, and found relationships to "Clickfraud"; again without launching any browser or program outside of startup.      
 
Also, i had a rootkit before.    With a rootkit / tds killer, doesn't it actually mask what the OS sees?     In the past i had to boot to CD rather than OS and then use things like TDS etc....     Not sure, just recalling past scenarios.



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:12 AM

Posted 03 January 2014 - 07:30 PM

It looks like we're dealing here with brand new type of infection.

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:

:filefind
rpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users