Sign In
Create Account
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Christopher at 0:30:14 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2460 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://pinterest.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Spotify] "C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{4FED689D-5C51-40CF-8D2E-975D769E3A13} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{4FED689D-5C51-40CF-8D2E-975D769E3A13}\D4A49413 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-11-1 1155704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111104.030\IDSviA64.sys [2011-11-5 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-13 514232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-20 1751656]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-8 136824]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" --> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [?]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe --> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 253600]
S3 hpCMSrv;HP Connection Manager 4.0 Service;"C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-14 04:08:31 20480 ----a-w- C:\Windows\svchost.exe
2012-04-14 02:49:13 108544 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\18BF.tmp.dat
2012-04-14 01:13:18 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6EE35358-54FE-4E77-84A4-1EC9F6EE832E}\mpengine.dll
2012-04-13 02:47:38 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-11 18:25:15 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 18:25:14 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 18:25:14 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 18:25:09 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 18:25:09 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 18:25:09 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 18:25:09 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 05:04:38 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-09 04:51:59 -------- d-----w- C:\Users\Christopher\AppData\Roaming\Malwarebytes
2012-04-09 04:51:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-09 04:51:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-09 04:51:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 00:38:05 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symefa64.sys
2012-04-04 00:38:05 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtsp64.sys
2012-04-04 00:38:05 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symds64.sys
2012-04-04 00:38:05 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtspx64.sys
2012-04-04 00:38:05 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symnets.sys
2012-04-04 00:38:05 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\ironx64.sys
2012-04-04 00:37:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207010.003
.
==================== Find3M ====================
.
2012-04-09 05:04:38 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 0:31:16.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/7/2011 12:06:34 AM
System Uptime: 4/13/2012 11:56:57 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1664
Processor: AMD Phenom™ II P960 Quad-Core Processor | Socket S1G4 | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 406.764 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.512 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP60: 2/29/2012 6:48:29 AM - Windows Update
RP61: 3/7/2012 7:00:21 PM - Installed Compatibility Pack for the 2007 Office system
RP63: 3/9/2012 6:21:10 AM - Windows Update
RP64: 3/14/2012 3:00:16 AM - Windows Update
RP65: 3/21/2012 7:40:20 PM - Scheduled Checkpoint
RP66: 4/2/2012 7:40:00 AM - Scheduled Checkpoint
RP67: 4/7/2012 2:03:32 PM - Windows Update
RP68: 4/8/2012 4:32:41 AM - Windows Update
RP69: 4/11/2012 12:23:46 PM - Windows Update
RP70: 4/11/2012 12:55:49 PM - Windows Update
RP71: 4/12/2012 6:20:02 AM - Windows Update
RP72: 4/12/2012 12:26:25 PM - Windows Update
RP73: 4/13/2012 6:39:34 AM - Windows Update
RP74: 4/13/2012 11:36:23 PM - Windows Update
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X MUI
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Software Update
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink YouCam
Dropbox
Evernote v. 4.2.2
HP Connection Manager
HP On Screen Display
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
IDT Audio
Java Auto Updater
Java™ 6 Update 24
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
PDF Settings
PlayReady PC Runtime x86
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype Click to Call
Skype™ 5.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Mesh ActiveX Control for Remote Connections
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 9:12:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
4/9/2012 9:12:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
4/9/2012 9:11:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
4/9/2012 9:11:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
4/9/2012 9:10:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
4/9/2012 9:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
4/9/2012 9:09:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
4/9/2012 9:08:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
4/9/2012 9:08:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
4/9/2012 9:07:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
4/9/2012 9:05:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/8/2012 4:27:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 4:27:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/8/2012 4:27:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/8/2012 4:27:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2012 4:24:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
4/8/2012 11:57:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
4/13/2012 12:07:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
4/13/2012 11:59:38 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
4/13/2012 11:57:27 PM, Error: Service Control Manager [7000] - The HPWMISVC service failed to start due to the following error: The system cannot find the file specified.
4/13/2012 11:57:27 PM, Error: Service Control Manager [7000] - The HP Quick Synchronization Service service failed to start due to the following error: The system cannot find the file specified.
4/13/2012 11:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/13/2012 11:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/13/2012 11:38:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/13/2012 11:38:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/13/2012 11:38:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
4/13/2012 11:36:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
4/11/2012 7:49:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
.
==== End Of File ===========================
2
Please Help!: svchost.exe trojan.agent
Started by ctruong333, Apr 14 2012 01:40 AM
svchost.exe trojan.agent
-
This topic is locked
Back to top
#2
Posted 14 April 2012 - 03:36 AM
-
- Experts
-
- 8,720 posts
Forum Deity
- Gender:Female
- Location:Romania
Hello and 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator. - If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
regards, Elise
If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.
#3
Posted 15 April 2012 - 12:51 PM
-
- Members
-
- 6 posts
New Member
11:44:34.0079 5140 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:44:34.0625 5140 ============================================================
11:44:34.0625 5140 Current date / time: 2012/04/15 11:44:34.0625
11:44:34.0625 5140 SystemInfo:
11:44:34.0625 5140
11:44:34.0625 5140 OS Version: 6.1.7601 ServicePack: 1.0
11:44:34.0625 5140 Product type: Workstation
11:44:34.0626 5140 ComputerName: CHRISTOPHER-NB
11:44:34.0626 5140 UserName: Christopher
11:44:34.0626 5140 Windows directory: C:\Windows
11:44:34.0626 5140 System windows directory: C:\Windows
11:44:34.0626 5140 Running under WOW64
11:44:34.0626 5140 Processor architecture: Intel x64
11:44:34.0626 5140 Number of processors: 4
11:44:34.0626 5140 Page size: 0x1000
11:44:34.0626 5140 Boot type: Normal boot
11:44:34.0626 5140 ============================================================
11:44:35.0700 5140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:35.0707 5140 \Device\Harddisk0\DR0:
11:44:35.0707 5140 MBR used
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387E9800
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3884D800, BlocksNum 0x1B04800
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:44:35.0811 5140 Initialize success
11:44:35.0811 5140 ============================================================
11:45:02.0341 5088 ============================================================
11:45:02.0341 5088 Scan started
11:45:02.0342 5088 Mode: Manual;
11:45:02.0342 5088 ============================================================
11:45:04.0787 5088 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:45:04.0793 5088 1394ohci - ok
11:45:04.0868 5088 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:45:04.0872 5088 ACPI - ok
11:45:04.0982 5088 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:45:04.0993 5088 AcpiPmi - ok
11:45:05.0360 5088 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:45:05.0364 5088 AdobeFlashPlayerUpdateSvc - ok
11:45:05.0475 5088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:45:05.0486 5088 adp94xx - ok
11:45:05.0544 5088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:45:05.0552 5088 adpahci - ok
11:45:05.0647 5088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:45:05.0653 5088 adpu320 - ok
11:45:05.0710 5088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:45:05.0713 5088 AeLookupSvc - ok
11:45:05.0807 5088 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:45:05.0818 5088 AFD - ok
11:45:05.0922 5088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:45:05.0925 5088 agp440 - ok
11:45:05.0967 5088 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:45:05.0970 5088 ALG - ok
11:45:06.0116 5088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:45:06.0119 5088 aliide - ok
11:45:06.0334 5088 AMD External Events Utility (7842f4961f28022a881f85bb7494ac6d) C:\Windows\system32\atiesrxx.exe
11:45:06.0340 5088 AMD External Events Utility - ok
11:45:06.0406 5088 AMD FUEL Service - ok
11:45:06.0468 5088 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:45:06.0473 5088 AMD Reservation Manager - ok
11:45:06.0582 5088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:45:06.0584 5088 amdide - ok
11:45:06.0727 5088 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:45:06.0730 5088 amdiox64 - ok
11:45:06.0830 5088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:45:06.0833 5088 AmdK8 - ok
11:45:07.0154 5088 amdkmdag (cf5fc8d37f10c9c374ae6d990c9d2cd7) C:\Windows\system32\DRIVERS\atikmdag.sys
11:45:07.0348 5088 amdkmdag - ok
11:45:07.0477 5088 amdkmdap (2bd89cb34b67edc64e741aa3864d8c1a) C:\Windows\system32\DRIVERS\atikmpag.sys
11:45:07.0483 5088 amdkmdap - ok
11:45:07.0573 5088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:45:07.0575 5088 AmdPPM - ok
11:45:07.0661 5088 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:45:07.0664 5088 amdsata - ok
11:45:07.0766 5088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:45:07.0770 5088 amdsbs - ok
11:45:07.0871 5088 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:45:07.0873 5088 amdxata - ok
11:45:07.0914 5088 amd_sata (6363014d5e4ccd280fb4902ec3c2ccfe) C:\Windows\system32\DRIVERS\amd_sata.sys
11:45:07.0916 5088 amd_sata - ok
11:45:07.0972 5088 amd_xata (51a5aed2a4cceda6addcf3194c9b29eb) C:\Windows\system32\DRIVERS\amd_xata.sys
11:45:07.0974 5088 amd_xata - ok
11:45:08.0017 5088 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:45:08.0020 5088 AppID - ok
11:45:08.0086 5088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:45:08.0089 5088 AppIDSvc - ok
11:45:08.0114 5088 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:45:08.0117 5088 Appinfo - ok
11:45:08.0168 5088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:45:08.0170 5088 arc - ok
11:45:08.0226 5088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:45:08.0230 5088 arcsas - ok
11:45:08.0288 5088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:45:08.0289 5088 AsyncMac - ok
11:45:08.0362 5088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:45:08.0366 5088 atapi - ok
11:45:08.0472 5088 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
11:45:08.0474 5088 AtiHdmiService - ok
11:45:08.0619 5088 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
11:45:08.0620 5088 AtiPcie - ok
11:45:08.0716 5088 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:45:08.0725 5088 AudioEndpointBuilder - ok
11:45:08.0745 5088 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:45:08.0756 5088 AudioSrv - ok
11:45:08.0845 5088 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:45:08.0849 5088 AxInstSV - ok
11:45:08.0980 5088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:45:08.0994 5088 b06bdrv - ok
11:45:09.0091 5088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:45:09.0098 5088 b57nd60a - ok
11:45:09.0228 5088 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:45:09.0247 5088 BCM43XX - ok
11:45:09.0278 5088 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:45:09.0281 5088 BDESVC - ok
11:45:09.0357 5088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:45:09.0358 5088 Beep - ok
11:45:09.0419 5088 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:45:09.0430 5088 BFE - ok
11:45:09.0675 5088 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
11:45:09.0689 5088 BHDrvx64 - ok
11:45:09.0805 5088 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:45:09.0853 5088 BITS - ok
11:45:09.0947 5088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:45:09.0950 5088 blbdrive - ok
11:45:10.0032 5088 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:45:10.0038 5088 Bonjour Service - ok
11:45:10.0137 5088 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:45:10.0153 5088 bowser - ok
11:45:10.0284 5088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:45:10.0286 5088 BrFiltLo - ok
11:45:10.0311 5088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:45:10.0314 5088 BrFiltUp - ok
11:45:10.0377 5088 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:45:10.0382 5088 Browser - ok
11:45:10.0458 5088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:45:10.0465 5088 Brserid - ok
11:45:10.0501 5088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:45:10.0503 5088 BrSerWdm - ok
11:45:10.0588 5088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:45:10.0590 5088 BrUsbMdm - ok
11:45:10.0613 5088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:45:10.0615 5088 BrUsbSer - ok
11:45:10.0678 5088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:45:10.0680 5088 BTHMODEM - ok
11:45:10.0810 5088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:45:10.0813 5088 bthserv - ok
11:45:10.0841 5088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:45:10.0844 5088 cdfs - ok
11:45:10.0927 5088 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:45:10.0938 5088 cdrom - ok
11:45:11.0022 5088 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:45:11.0025 5088 CertPropSvc - ok
11:45:11.0065 5088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:45:11.0066 5088 circlass - ok
11:45:11.0135 5088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:45:11.0144 5088 CLFS - ok
11:45:11.0217 5088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:45:11.0221 5088 clr_optimization_v2.0.50727_32 - ok
11:45:11.0304 5088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:45:11.0308 5088 clr_optimization_v2.0.50727_64 - ok
11:45:11.0439 5088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:45:11.0442 5088 clr_optimization_v4.0.30319_32 - ok
11:45:11.0487 5088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:45:11.0492 5088 clr_optimization_v4.0.30319_64 - ok
11:45:11.0583 5088 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:45:11.0585 5088 clwvd - ok
11:45:11.0621 5088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:45:11.0624 5088 CmBatt - ok
11:45:11.0699 5088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:45:11.0702 5088 cmdide - ok
11:45:11.0741 5088 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:45:11.0748 5088 CNG - ok
11:45:11.0852 5088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:45:11.0853 5088 Compbatt - ok
11:45:11.0875 5088 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:45:11.0877 5088 CompositeBus - ok
11:45:11.0938 5088 COMSysApp - ok
11:45:11.0979 5088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:45:12.0011 5088 crcdisk - ok
11:45:12.0115 5088 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:45:12.0121 5088 CryptSvc - ok
11:45:12.0213 5088 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:45:12.0226 5088 DcomLaunch - ok
11:45:12.0293 5088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:45:12.0300 5088 defragsvc - ok
11:45:12.0395 5088 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:45:12.0398 5088 DfsC - ok
11:45:12.0457 5088 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:45:12.0462 5088 Dhcp - ok
11:45:12.0621 5088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:45:12.0624 5088 discache - ok
11:45:12.0720 5088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:45:12.0723 5088 Disk - ok
11:45:12.0794 5088 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:45:12.0799 5088 Dnscache - ok
11:45:12.0831 5088 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:45:12.0836 5088 dot3svc - ok
11:45:12.0892 5088 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:45:12.0895 5088 DPS - ok
11:45:12.0932 5088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:45:12.0933 5088 drmkaud - ok
11:45:13.0032 5088 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:45:13.0053 5088 DXGKrnl - ok
11:45:13.0136 5088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:45:13.0139 5088 EapHost - ok
11:45:13.0265 5088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:45:13.0328 5088 ebdrv - ok
11:45:13.0406 5088 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:45:13.0413 5088 eeCtrl - ok
11:45:13.0480 5088 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:45:13.0483 5088 EFS - ok
11:45:13.0569 5088 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:45:13.0587 5088 ehRecvr - ok
11:45:13.0637 5088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:45:13.0646 5088 ehSched - ok
11:45:13.0732 5088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:45:13.0741 5088 elxstor - ok
11:45:13.0836 5088 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:45:13.0840 5088 EraserUtilRebootDrv - ok
11:45:13.0921 5088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:45:13.0923 5088 ErrDev - ok
11:45:14.0004 5088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:45:14.0014 5088 EventSystem - ok
11:45:14.0093 5088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:45:14.0096 5088 exfat - ok
11:45:14.0181 5088 ezSharedSvc - ok
11:45:14.0230 5088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:45:14.0234 5088 fastfat - ok
11:45:14.0320 5088 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:45:14.0332 5088 Fax - ok
11:45:14.0397 5088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:45:14.0403 5088 fdc - ok
11:45:14.0540 5088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:45:14.0543 5088 fdPHost - ok
11:45:14.0569 5088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:45:14.0572 5088 FDResPub - ok
11:45:14.0653 5088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:45:14.0656 5088 FileInfo - ok
11:45:14.0681 5088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:45:14.0683 5088 Filetrace - ok
11:45:14.0869 5088 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:45:14.0884 5088 FLEXnet Licensing Service - ok
11:45:15.0098 5088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:45:15.0124 5088 flpydisk - ok
11:45:15.0326 5088 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:45:15.0334 5088 FltMgr - ok
11:45:15.0426 5088 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:45:15.0450 5088 FontCache - ok
11:45:15.0528 5088 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:45:15.0529 5088 FontCache3.0.0.0 - ok
11:45:15.0605 5088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:45:15.0607 5088 FsDepends - ok
11:45:15.0694 5088 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:45:15.0696 5088 Fs_Rec - ok
11:45:15.0800 5088 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:45:15.0807 5088 fvevol - ok
11:45:15.0898 5088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:45:15.0900 5088 gagp30kx - ok
11:45:15.0950 5088 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:45:15.0970 5088 gpsvc - ok
11:45:16.0071 5088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:45:16.0073 5088 hcw85cir - ok
11:45:16.0178 5088 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:45:16.0187 5088 HdAudAddService - ok
11:45:16.0233 5088 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:45:16.0237 5088 HDAudBus - ok
11:45:16.0305 5088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:45:16.0307 5088 HidBatt - ok
11:45:16.0327 5088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:45:16.0337 5088 HidBth - ok
11:45:16.0447 5088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:45:16.0448 5088 HidIr - ok
11:45:16.0486 5088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:45:16.0488 5088 hidserv - ok
11:45:16.0643 5088 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:45:16.0646 5088 HidUsb - ok
11:45:16.0762 5088 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:45:16.0768 5088 hkmsvc - ok
11:45:16.0803 5088 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:45:16.0812 5088 HomeGroupListener - ok
11:45:16.0843 5088 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:45:16.0850 5088 HomeGroupProvider - ok
11:45:16.0904 5088 HP Health Check Service - ok
11:45:16.0986 5088 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:45:16.0996 5088 HPClientSvc - ok
11:45:17.0103 5088 hpCMSrv - ok
11:45:17.0117 5088 HPDrvMntSvc.exe - ok
11:45:17.0129 5088 hpqwmiex - ok
11:45:17.0226 5088 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:45:17.0230 5088 HpSAMD - ok
11:45:17.0312 5088 HPWMISVC - ok
11:45:17.0414 5088 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:45:17.0430 5088 HTTP - ok
11:45:17.0443 5088 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:45:17.0444 5088 hwpolicy - ok
11:45:17.0541 5088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:45:17.0544 5088 i8042prt - ok
11:45:17.0597 5088 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:45:17.0604 5088 iaStorV - ok
11:45:17.0734 5088 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:45:17.0768 5088 IconMan_R - ok
11:45:17.0901 5088 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:45:17.0934 5088 idsvc - ok
11:45:18.0098 5088 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111104.030\IDSvia64.sys
11:45:18.0133 5088 IDSVia64 - ok
11:45:18.0256 5088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:45:18.0273 5088 iirsp - ok
11:45:18.0528 5088 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:45:18.0562 5088 IKEEXT - ok
11:45:18.0801 5088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:45:18.0804 5088 intelide - ok
11:45:19.0038 5088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:45:19.0041 5088 intelppm - ok
11:45:19.0284 5088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:45:19.0287 5088 IPBusEnum - ok
11:45:19.0448 5088 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:45:19.0451 5088 IpFilterDriver - ok
11:45:19.0541 5088 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:45:19.0550 5088 iphlpsvc - ok
11:45:19.0620 5088 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:45:19.0622 5088 IPMIDRV - ok
11:45:19.0652 5088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:45:19.0654 5088 IPNAT - ok
11:45:19.0736 5088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:45:19.0738 5088 IRENUM - ok
11:45:19.0771 5088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:45:19.0773 5088 isapnp - ok
11:45:19.0809 5088 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:45:19.0817 5088 iScsiPrt - ok
11:45:19.0897 5088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:45:19.0898 5088 kbdclass - ok
11:45:19.0940 5088 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:45:19.0941 5088 kbdhid - ok
11:45:20.0113 5088 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:20.0116 5088 KeyIso - ok
11:45:20.0330 5088 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:45:20.0332 5088 KSecDD - ok
11:45:20.0563 5088 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:45:20.0567 5088 KSecPkg - ok
11:45:20.0808 5088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:45:20.0810 5088 ksthunk - ok
11:45:20.0970 5088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:45:20.0977 5088 KtmRm - ok
11:45:21.0203 5088 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:45:21.0226 5088 LanmanServer - ok
11:45:21.0410 5088 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:45:21.0417 5088 LanmanWorkstation - ok
11:45:21.0553 5088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:45:21.0555 5088 lltdio - ok
11:45:21.0607 5088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:45:21.0638 5088 lltdsvc - ok
11:45:21.0808 5088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:45:21.0810 5088 lmhosts - ok
11:45:22.0017 5088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:45:22.0020 5088 LSI_FC - ok
11:45:22.0271 5088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:45:22.0274 5088 LSI_SAS - ok
11:45:22.0524 5088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:45:22.0528 5088 LSI_SAS2 - ok
11:45:22.0737 5088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:45:22.0741 5088 LSI_SCSI - ok
11:45:22.0935 5088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:45:22.0938 5088 luafv - ok
11:45:23.0091 5088 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:45:23.0122 5088 MBAMProtector - ok
11:45:23.0293 5088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:45:23.0300 5088 MBAMService - ok
11:45:23.0476 5088 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:45:23.0482 5088 Mcx2Svc - ok
11:45:23.0702 5088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:45:23.0705 5088 megasas - ok
11:45:23.0916 5088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:45:23.0924 5088 MegaSR - ok
11:45:24.0025 5088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:45:24.0028 5088 MMCSS - ok
11:45:24.0151 5088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:45:24.0177 5088 Modem - ok
11:45:24.0428 5088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:45:24.0432 5088 monitor - ok
11:45:24.0622 5088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:45:24.0645 5088 mouclass - ok
11:45:24.0827 5088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:45:24.0829 5088 mouhid - ok
11:45:24.0895 5088 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:45:24.0898 5088 mountmgr - ok
11:45:24.0977 5088 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:45:24.0982 5088 mpio - ok
11:45:25.0093 5088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:45:25.0127 5088 mpsdrv - ok
11:45:25.0220 5088 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:45:25.0262 5088 MpsSvc - ok
11:45:25.0375 5088 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:45:25.0379 5088 MRxDAV - ok
11:45:25.0418 5088 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:45:25.0422 5088 mrxsmb - ok
11:45:25.0500 5088 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:45:25.0507 5088 mrxsmb10 - ok
11:45:25.0541 5088 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:45:25.0545 5088 mrxsmb20 - ok
11:45:25.0627 5088 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:45:25.0629 5088 msahci - ok
11:45:25.0674 5088 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:45:25.0678 5088 msdsm - ok
11:45:25.0751 5088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:45:25.0757 5088 MSDTC - ok
11:45:25.0820 5088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:45:25.0822 5088 Msfs - ok
11:45:25.0879 5088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:45:25.0881 5088 mshidkmdf - ok
11:45:25.0916 5088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:45:25.0918 5088 msisadrv - ok
11:45:26.0012 5088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:45:26.0017 5088 MSiSCSI - ok
11:45:26.0027 5088 msiserver - ok
11:45:26.0080 5088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:45:26.0082 5088 MSKSSRV - ok
11:45:26.0154 5088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:45:26.0156 5088 MSPCLOCK - ok
11:45:26.0215 5088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:45:26.0218 5088 MSPQM - ok
11:45:26.0297 5088 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:45:26.0306 5088 MsRPC - ok
11:45:26.0350 5088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:45:26.0353 5088 mssmbios - ok
11:45:26.0611 5088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:45:26.0614 5088 MSTEE - ok
11:45:26.0732 5088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:45:26.0735 5088 MTConfig - ok
11:45:26.0854 5088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:45:26.0857 5088 Mup - ok
11:45:26.0918 5088 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:45:26.0933 5088 napagent - ok
11:45:27.0062 5088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:45:27.0094 5088 NativeWifiP - ok
11:45:27.0243 5088 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111106.009\ENG64.SYS
11:45:27.0268 5088 NAVENG - ok
11:45:27.0611 5088 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111106.009\EX64.SYS
11:45:27.0638 5088 NAVEX15 - ok
11:45:27.0729 5088 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:45:27.0743 5088 NDIS - ok
11:45:27.0834 5088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:45:27.0835 5088 NdisCap - ok
11:45:27.0900 5088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:45:27.0902 5088 NdisTapi - ok
11:45:27.0941 5088 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:45:27.0943 5088 Ndisuio - ok
11:45:28.0005 5088 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:45:28.0010 5088 NdisWan - ok
11:45:28.0027 5088 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:45:28.0029 5088 NDProxy - ok
11:45:28.0072 5088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:45:28.0074 5088 NetBIOS - ok
11:45:28.0136 5088 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:45:28.0141 5088 NetBT - ok
11:45:28.0169 5088 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:28.0173 5088 Netlogon - ok
11:45:28.0220 5088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:45:28.0252 5088 Netman - ok
11:45:28.0370 5088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:45:28.0382 5088 netprofm - ok
11:45:28.0625 5088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:45:28.0649 5088 NetTcpPortSharing - ok
11:45:28.0845 5088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:45:28.0848 5088 nfrd960 - ok
11:45:29.0048 5088 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
11:45:29.0052 5088 NIS - ok
11:45:29.0221 5088 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:45:29.0250 5088 NlaSvc - ok
11:45:29.0483 5088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:45:29.0485 5088 Npfs - ok
11:45:29.0796 5088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:45:29.0799 5088 nsi - ok
11:45:29.0965 5088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:45:29.0967 5088 nsiproxy - ok
11:45:30.0233 5088 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:45:30.0280 5088 Ntfs - ok
11:45:30.0402 5088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:45:30.0418 5088 Null - ok
11:45:30.0656 5088 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:45:30.0662 5088 NVENETFD - ok
11:45:30.0825 5088 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:45:30.0848 5088 nvraid - ok
11:45:31.0069 5088 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:45:31.0072 5088 nvstor - ok
11:45:31.0276 5088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:45:31.0280 5088 nv_agp - ok
11:45:31.0509 5088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:45:31.0537 5088 ohci1394 - ok
11:45:31.0716 5088 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:45:31.0719 5088 ose - ok
11:45:31.0875 5088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:45:31.0881 5088 p2pimsvc - ok
11:45:32.0000 5088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:45:32.0007 5088 p2psvc - ok
11:45:32.0052 5088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:45:32.0054 5088 Parport - ok
11:45:32.0325 5088 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:45:32.0328 5088 partmgr - ok
11:45:32.0471 5088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:45:32.0476 5088 PcaSvc - ok
11:45:32.0573 5088 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:45:32.0578 5088 pci - ok
11:45:32.0739 5088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:45:32.0741 5088 pciide - ok
11:45:32.0931 5088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:45:32.0935 5088 pcmcia - ok
11:45:33.0014 5088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:45:33.0016 5088 pcw - ok
11:45:33.0115 5088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:45:33.0125 5088 PEAUTH - ok
11:45:33.0198 5088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:45:33.0201 5088 PerfHost - ok
11:45:33.0300 5088 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:45:33.0318 5088 pla - ok
11:45:33.0398 5088 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:45:33.0408 5088 PlugPlay - ok
11:45:33.0438 5088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:45:33.0440 5088 PNRPAutoReg - ok
11:45:33.0553 5088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:45:33.0559 5088 PNRPsvc - ok
11:45:33.0589 5088 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:45:33.0597 5088 PolicyAgent - ok
11:45:33.0676 5088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:45:33.0682 5088 Power - ok
11:45:33.0872 5088 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:45:33.0875 5088 PptpMiniport - ok
11:45:34.0011 5088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:45:34.0013 5088 Processor - ok
11:45:34.0089 5088 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:45:34.0093 5088 ProfSvc - ok
11:45:34.0158 5088 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:34.0160 5088 ProtectedStorage - ok
11:45:34.0331 5088 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:45:34.0333 5088 Psched - ok
11:45:34.0726 5088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:45:34.0819 5088 ql2300 - ok
11:45:35.0109 5088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:45:35.0112 5088 ql40xx - ok
11:45:35.0228 5088 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:45:35.0235 5088 QWAVE - ok
11:45:35.0307 5088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:45:35.0336 5088 QWAVEdrv - ok
11:45:35.0543 5088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:45:35.0545 5088 RasAcd - ok
11:45:35.0679 5088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:45:35.0681 5088 RasAgileVpn - ok
11:45:35.0767 5088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:45:35.0773 5088 RasAuto - ok
11:45:35.0878 5088 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:45:35.0881 5088 Rasl2tp - ok
11:45:35.0992 5088 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:45:36.0011 5088 RasMan - ok
11:45:36.0195 5088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:45:36.0199 5088 RasPppoe - ok
11:45:36.0554 5088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:45:36.0558 5088 RasSstp - ok
11:45:36.0827 5088 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:45:36.0834 5088 rdbss - ok
11:45:36.0942 5088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:45:36.0970 5088 rdpbus - ok
11:45:37.0131 5088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:45:37.0133 5088 RDPCDD - ok
11:45:37.0370 5088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:45:37.0372 5088 RDPENCDD - ok
11:45:37.0567 5088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:45:37.0569 5088 RDPREFMP - ok
11:45:37.0795 5088 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:45:37.0799 5088 RDPWD - ok
11:45:37.0990 5088 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:45:37.0993 5088 rdyboost - ok
11:45:38.0147 5088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:45:38.0150 5088 RemoteAccess - ok
11:45:38.0320 5088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:45:38.0324 5088 RemoteRegistry - ok
11:45:38.0654 5088 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
11:45:38.0752 5088 Revoflt - ok
11:45:38.0881 5088 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:45:38.0907 5088 RoxioNow Service - ok
11:45:39.0107 5088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:45:39.0112 5088 RpcEptMapper - ok
11:45:39.0314 5088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:45:39.0345 5088 RpcLocator - ok
11:45:39.0470 5088 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:45:39.0478 5088 RpcSs - ok
11:45:39.0792 5088 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:45:39.0819 5088 RSPCIESTOR - ok
11:45:40.0170 5088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:45:40.0173 5088 rspndr - ok
11:45:40.0393 5088 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:45:40.0403 5088 RTL8167 - ok
11:45:40.0822 5088 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
11:45:40.0839 5088 RTL8192Ce - ok
11:45:40.0980 5088 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:40.0982 5088 SamSs - ok
11:45:41.0166 5088 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:45:41.0168 5088 sbp2port - ok
11:45:41.0379 5088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:45:41.0389 5088 SCardSvr - ok
11:45:41.0646 5088 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:45:41.0649 5088 scfilter - ok
11:45:41.0893 5088 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:45:41.0916 5088 Schedule - ok
11:45:42.0234 5088 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:45:42.0237 5088 SCPolicySvc - ok
11:45:42.0364 5088 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:45:42.0372 5088 sdbus - ok
11:45:42.0588 5088 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:45:42.0596 5088 SDRSVC - ok
11:45:42.0853 5088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:45:42.0855 5088 secdrv - ok
11:45:43.0182 5088 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:45:43.0187 5088 seclogon - ok
11:45:43.0323 5088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:45:43.0329 5088 SENS - ok
11:45:43.0487 5088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:45:43.0493 5088 SensrSvc - ok
11:45:43.0622 5088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:45:43.0624 5088 Serenum - ok
11:45:43.0695 5088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:45:43.0699 5088 Serial - ok
11:45:43.0743 5088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:45:43.0759 5088 sermouse - ok
11:45:43.0831 5088 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:45:43.0835 5088 SessionEnv - ok
11:45:43.0871 5088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:45:43.0873 5088 sffdisk - ok
11:45:43.0888 5088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:45:43.0889 5088 sffp_mmc - ok
11:45:43.0947 5088 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:45:43.0948 5088 sffp_sd - ok
11:45:43.0977 5088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:45:43.0978 5088 sfloppy - ok
11:45:44.0012 5088 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:45:44.0018 5088 SharedAccess - ok
11:45:44.0081 5088 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:45:44.0088 5088 ShellHWDetection - ok
11:45:44.0129 5088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:45:44.0131 5088 SiSRaid2 - ok
11:45:44.0206 5088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:45:44.0208 5088 SiSRaid4 - ok
11:45:44.0262 5088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:45:44.0265 5088 Smb - ok
11:45:44.0341 5088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:45:44.0344 5088 SNMPTRAP - ok
11:45:44.0390 5088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:45:44.0395 5088 spldr - ok
11:45:44.0627 5088 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:45:44.0636 5088 Spooler - ok
11:45:44.0778 5088 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:45:44.0871 5088 sppsvc - ok
11:45:44.0991 5088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:45:44.0994 5088 sppuinotify - ok
11:45:45.0129 5088 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
11:45:45.0140 5088 SRTSP - ok
11:45:45.0316 5088 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
11:45:45.0317 5088 SRTSPX - ok
11:45:45.0507 5088 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:45:45.0513 5088 srv - ok
11:45:45.0668 5088 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:45:45.0674 5088 srv2 - ok
11:45:45.0769 5088 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:45:45.0810 5088 SrvHsfHDA - ok
11:45:46.0043 5088 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:45:46.0080 5088 SrvHsfV92 - ok
11:45:46.0293 5088 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:45:46.0310 5088 SrvHsfWinac - ok
11:45:46.0437 5088 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:45:46.0442 5088 srvnet - ok
11:45:46.0604 5088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:45:46.0612 5088 SSDPSRV - ok
11:45:46.0636 5088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:45:46.0642 5088 SstpSvc - ok
11:45:46.0830 5088 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe
11:45:46.0834 5088 STacSV - ok
11:45:47.0015 5088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:45:47.0017 5088 stexstor - ok
11:45:47.0144 5088 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys
11:45:47.0152 5088 STHDA - ok
11:45:47.0238 5088 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:45:47.0248 5088 stisvc - ok
11:45:47.0328 5088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:45:47.0330 5088 swenum - ok
11:45:47.0373 5088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:45:47.0389 5088 swprv - ok
11:45:47.0514 5088 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
11:45:47.0522 5088 SymDS - ok
11:45:47.0658 5088 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
11:45:47.0677 5088 SymEFA - ok
11:45:47.0756 5088 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:45:47.0762 5088 SymEvent - ok
11:45:47.0820 5088 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
11:45:47.0830 5088 SymIRON - ok
11:45:47.0938 5088 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
11:45:47.0946 5088 SymNetS - ok
11:45:48.0011 5088 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
11:45:48.0030 5088 SynTP - ok
11:45:48.0137 5088 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:45:48.0165 5088 SysMain - ok
11:45:48.0182 5088 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:45:48.0187 5088 TabletInputService - ok
11:45:48.0267 5088 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:45:48.0278 5088 TapiSrv - ok
11:45:48.0297 5088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:45:48.0303 5088 TBS - ok
11:45:48.0413 5088 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:45:48.0456 5088 Tcpip - ok
11:45:48.0736 5088 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:45:48.0762 5088 TCPIP6 - ok
11:45:48.0935 5088 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:45:48.0939 5088 tcpipreg - ok
11:45:48.0983 5088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:45:48.0985 5088 TDPIPE - ok
11:45:49.0045 5088 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:45:49.0047 5088 TDTCP - ok
11:45:49.0080 5088 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:45:49.0084 5088 tdx - ok
11:45:49.0285 5088 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:45:49.0288 5088 TermDD - ok
11:45:49.0407 5088 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:45:49.0423 5088 TermService - ok
11:45:49.0451 5088 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:45:49.0454 5088 Themes - ok
11:45:49.0527 5088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:45:49.0531 5088 THREADORDER - ok
11:45:49.0593 5088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:45:49.0599 5088 TrkWks - ok
11:45:49.0642 5088 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:45:49.0644 5088 TrustedInstaller - ok
11:45:49.0718 5088 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:45:49.0719 5088 tssecsrv - ok
11:45:49.0767 5088 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:45:49.0770 5088 TsUsbFlt - ok
11:45:49.0849 5088 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:45:49.0860 5088 TsUsbGD - ok
11:45:49.0912 5088 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:45:49.0918 5088 tunnel - ok
11:45:50.0070 5088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:45:50.0073 5088 uagp35 - ok
11:45:50.0096 5088 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:45:50.0111 5088 udfs - ok
11:45:50.0179 5088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:45:50.0182 5088 UI0Detect - ok
11:45:50.0212 5088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:45:50.0214 5088 uliagpkx - ok
11:45:50.0303 5088 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:45:50.0306 5088 umbus - ok
11:45:50.0342 5088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:45:50.0344 5088 UmPass - ok
11:45:50.0466 5088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:45:50.0477 5088 upnphost - ok
11:45:50.0568 5088 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:45:50.0571 5088 usbccgp - ok
11:45:50.0670 5088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:45:50.0674 5088 usbcir - ok
11:45:50.0712 5088 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:45:50.0714 5088 usbehci - ok
11:45:50.0756 5088 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
11:45:50.0758 5088 usbfilter - ok
11:45:50.0879 5088 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:45:50.0886 5088 usbhub - ok
11:45:50.0965 5088 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:45:50.0967 5088 usbohci - ok
11:45:51.0045 5088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:45:51.0047 5088 usbprint - ok
11:45:51.0159 5088 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:45:51.0165 5088 USBSTOR - ok
11:45:51.0264 5088 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:45:51.0266 5088 usbuhci - ok
11:45:51.0331 5088 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:45:51.0335 5088 usbvideo - ok
11:45:51.0399 5088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:45:51.0405 5088 UxSms - ok
11:45:51.0448 5088 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:51.0450 5088 VaultSvc - ok
11:45:51.0481 5088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:45:51.0484 5088 vdrvroot - ok
11:45:51.0548 5088 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:45:51.0561 5088 vds - ok
11:45:51.0624 5088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:45:51.0626 5088 vga - ok
11:45:51.0678 5088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:45:51.0679 5088 VgaSave - ok
11:45:51.0716 5088 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:45:51.0719 5088 vhdmp - ok
11:45:51.0775 5088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:45:51.0777 5088 viaide - ok
11:45:51.0841 5088 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:45:51.0845 5088 volmgr - ok
11:45:51.0908 5088 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:45:51.0917 5088 volmgrx - ok
11:45:51.0976 5088 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:45:51.0981 5088 volsnap - ok
11:45:52.0032 5088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:45:52.0035 5088 vsmraid - ok
11:45:52.0144 5088 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:45:52.0172 5088 VSS - ok
11:45:52.0261 5088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:45:52.0263 5088 vwifibus - ok
11:45:52.0287 5088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:45:52.0290 5088 vwififlt - ok
11:45:52.0366 5088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:45:52.0380 5088 W32Time - ok
11:45:52.0451 5088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:45:52.0452 5088 WacomPen - ok
11:45:52.0594 5088 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:52.0597 5088 WANARP - ok
11:45:52.0603 5088 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:52.0604 5088 Wanarpv6 - ok
11:45:52.0758 5088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:45:52.0783 5088 WatAdminSvc - ok
11:45:52.0984 5088 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:45:53.0031 5088 wbengine - ok
11:45:53.0151 5088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:45:53.0181 5088 WbioSrvc - ok
11:45:53.0275 5088 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:45:53.0288 5088 wcncsvc - ok
11:45:53.0359 5088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:45:53.0365 5088 WcsPlugInService - ok
11:45:53.0445 5088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:45:53.0447 5088 Wd - ok
11:45:53.0552 5088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:45:53.0563 5088 Wdf01000 - ok
11:45:53.0626 5088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:45:53.0630 5088 WdiServiceHost - ok
11:45:53.0635 5088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:45:53.0638 5088 WdiSystemHost - ok
11:45:53.0663 5088 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:45:53.0669 5088 WebClient - ok
11:45:53.0745 5088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:45:53.0750 5088 Wecsvc - ok
11:45:53.0771 5088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:45:53.0774 5088 wercplsupport - ok
11:45:53.0850 5088 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:45:53.0854 5088 WerSvc - ok
11:45:53.0912 5088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:45:53.0913 5088 WfpLwf - ok
11:45:53.0983 5088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:45:53.0984 5088 WIMMount - ok
11:45:54.0007 5088 WinDefend - ok
11:45:54.0019 5088 WinHttpAutoProxySvc - ok
11:45:54.0072 5088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:45:54.0077 5088 Winmgmt - ok
11:45:54.0197 5088 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:45:54.0232 5088 WinRM - ok
11:45:54.0355 5088 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:45:54.0357 5088 WinUsb - ok
11:45:54.0425 5088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:45:54.0441 5088 Wlansvc - ok
11:45:54.0579 5088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:45:54.0580 5088 WmiAcpi - ok
11:45:54.0642 5088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:45:54.0646 5088 wmiApSrv - ok
11:45:54.0765 5088 WMPNetworkSvc - ok
11:45:54.0973 5088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:45:54.0983 5088 WPCSvc - ok
11:45:55.0010 5088 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:45:55.0016 5088 WPDBusEnum - ok
11:45:55.0118 5088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:45:55.0120 5088 ws2ifsl - ok
11:45:55.0158 5088 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:45:55.0163 5088 wscsvc - ok
11:45:55.0249 5088 WSearch - ok
11:45:55.0323 5088 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:45:55.0359 5088 wuauserv - ok
11:45:55.0437 5088 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:45:55.0440 5088 WudfPf - ok
11:45:55.0548 5088 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:45:55.0554 5088 WUDFRd - ok
11:45:55.0582 5088 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:45:55.0586 5088 wudfsvc - ok
11:45:55.0650 5088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:45:55.0656 5088 WwanSvc - ok
11:45:55.0693 5088 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
11:45:55.0727 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:45:55.0727 5088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:45:55.0757 5088 Boot (0x1200) (9c85a4733cd963a3c98bb87793746910) \Device\Harddisk0\DR0\Partition0
11:45:55.0759 5088 \Device\Harddisk0\DR0\Partition0 - ok
11:45:55.0767 5088 Boot (0x1200) (df54bce7fb5f4ee389f0739dcf8f0936) \Device\Harddisk0\DR0\Partition1
11:45:55.0768 5088 \Device\Harddisk0\DR0\Partition1 - ok
11:45:55.0798 5088 Boot (0x1200) (71451637ac9a668b623dd20855fb820c) \Device\Harddisk0\DR0\Partition2
11:45:55.0800 5088 \Device\Harddisk0\DR0\Partition2 - ok
11:45:55.0818 5088 Boot (0x1200) (eb373bfaf84e479b17063bac6749bdfb) \Device\Harddisk0\DR0\Partition3
11:45:55.0819 5088 \Device\Harddisk0\DR0\Partition3 - ok
11:45:55.0820 5088 ============================================================
11:45:55.0820 5088 Scan finished
11:45:55.0820 5088 ============================================================
11:45:55.0864 4488 Detected object count: 1
11:45:55.0864 4488 Actual detected object count: 1
11:46:09.0244 4488 \Device\Harddisk0\DR0\# - copied to quarantine
11:46:09.0244 4488 \Device\Harddisk0\DR0 - copied to quarantine
11:46:09.0300 4488 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:46:09.0304 4488 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:46:09.0311 4488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:46:09.0319 4488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:46:09.0338 4488 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:46:09.0350 4488 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:46:09.0353 4488 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:46:09.0355 4488 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:46:09.0357 4488 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:46:09.0361 4488 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:46:09.0364 4488 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:46:09.0367 4488 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:46:09.0405 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:46:09.0461 4488 \Device\Harddisk0\DR0 - ok
11:46:11.0193 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:46:17.0311 5304 Deinitialize success
11:44:34.0625 5140 ============================================================
11:44:34.0625 5140 Current date / time: 2012/04/15 11:44:34.0625
11:44:34.0625 5140 SystemInfo:
11:44:34.0625 5140
11:44:34.0625 5140 OS Version: 6.1.7601 ServicePack: 1.0
11:44:34.0625 5140 Product type: Workstation
11:44:34.0626 5140 ComputerName: CHRISTOPHER-NB
11:44:34.0626 5140 UserName: Christopher
11:44:34.0626 5140 Windows directory: C:\Windows
11:44:34.0626 5140 System windows directory: C:\Windows
11:44:34.0626 5140 Running under WOW64
11:44:34.0626 5140 Processor architecture: Intel x64
11:44:34.0626 5140 Number of processors: 4
11:44:34.0626 5140 Page size: 0x1000
11:44:34.0626 5140 Boot type: Normal boot
11:44:34.0626 5140 ============================================================
11:44:35.0700 5140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:35.0707 5140 \Device\Harddisk0\DR0:
11:44:35.0707 5140 MBR used
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387E9800
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3884D800, BlocksNum 0x1B04800
11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:44:35.0811 5140 Initialize success
11:44:35.0811 5140 ============================================================
11:45:02.0341 5088 ============================================================
11:45:02.0341 5088 Scan started
11:45:02.0342 5088 Mode: Manual;
11:45:02.0342 5088 ============================================================
11:45:04.0787 5088 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:45:04.0793 5088 1394ohci - ok
11:45:04.0868 5088 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:45:04.0872 5088 ACPI - ok
11:45:04.0982 5088 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:45:04.0993 5088 AcpiPmi - ok
11:45:05.0360 5088 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:45:05.0364 5088 AdobeFlashPlayerUpdateSvc - ok
11:45:05.0475 5088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:45:05.0486 5088 adp94xx - ok
11:45:05.0544 5088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:45:05.0552 5088 adpahci - ok
11:45:05.0647 5088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:45:05.0653 5088 adpu320 - ok
11:45:05.0710 5088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:45:05.0713 5088 AeLookupSvc - ok
11:45:05.0807 5088 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:45:05.0818 5088 AFD - ok
11:45:05.0922 5088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:45:05.0925 5088 agp440 - ok
11:45:05.0967 5088 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:45:05.0970 5088 ALG - ok
11:45:06.0116 5088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:45:06.0119 5088 aliide - ok
11:45:06.0334 5088 AMD External Events Utility (7842f4961f28022a881f85bb7494ac6d) C:\Windows\system32\atiesrxx.exe
11:45:06.0340 5088 AMD External Events Utility - ok
11:45:06.0406 5088 AMD FUEL Service - ok
11:45:06.0468 5088 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:45:06.0473 5088 AMD Reservation Manager - ok
11:45:06.0582 5088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:45:06.0584 5088 amdide - ok
11:45:06.0727 5088 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:45:06.0730 5088 amdiox64 - ok
11:45:06.0830 5088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:45:06.0833 5088 AmdK8 - ok
11:45:07.0154 5088 amdkmdag (cf5fc8d37f10c9c374ae6d990c9d2cd7) C:\Windows\system32\DRIVERS\atikmdag.sys
11:45:07.0348 5088 amdkmdag - ok
11:45:07.0477 5088 amdkmdap (2bd89cb34b67edc64e741aa3864d8c1a) C:\Windows\system32\DRIVERS\atikmpag.sys
11:45:07.0483 5088 amdkmdap - ok
11:45:07.0573 5088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:45:07.0575 5088 AmdPPM - ok
11:45:07.0661 5088 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:45:07.0664 5088 amdsata - ok
11:45:07.0766 5088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:45:07.0770 5088 amdsbs - ok
11:45:07.0871 5088 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:45:07.0873 5088 amdxata - ok
11:45:07.0914 5088 amd_sata (6363014d5e4ccd280fb4902ec3c2ccfe) C:\Windows\system32\DRIVERS\amd_sata.sys
11:45:07.0916 5088 amd_sata - ok
11:45:07.0972 5088 amd_xata (51a5aed2a4cceda6addcf3194c9b29eb) C:\Windows\system32\DRIVERS\amd_xata.sys
11:45:07.0974 5088 amd_xata - ok
11:45:08.0017 5088 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:45:08.0020 5088 AppID - ok
11:45:08.0086 5088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:45:08.0089 5088 AppIDSvc - ok
11:45:08.0114 5088 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:45:08.0117 5088 Appinfo - ok
11:45:08.0168 5088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:45:08.0170 5088 arc - ok
11:45:08.0226 5088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:45:08.0230 5088 arcsas - ok
11:45:08.0288 5088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:45:08.0289 5088 AsyncMac - ok
11:45:08.0362 5088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:45:08.0366 5088 atapi - ok
11:45:08.0472 5088 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
11:45:08.0474 5088 AtiHdmiService - ok
11:45:08.0619 5088 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
11:45:08.0620 5088 AtiPcie - ok
11:45:08.0716 5088 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:45:08.0725 5088 AudioEndpointBuilder - ok
11:45:08.0745 5088 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:45:08.0756 5088 AudioSrv - ok
11:45:08.0845 5088 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:45:08.0849 5088 AxInstSV - ok
11:45:08.0980 5088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:45:08.0994 5088 b06bdrv - ok
11:45:09.0091 5088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:45:09.0098 5088 b57nd60a - ok
11:45:09.0228 5088 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:45:09.0247 5088 BCM43XX - ok
11:45:09.0278 5088 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:45:09.0281 5088 BDESVC - ok
11:45:09.0357 5088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:45:09.0358 5088 Beep - ok
11:45:09.0419 5088 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:45:09.0430 5088 BFE - ok
11:45:09.0675 5088 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
11:45:09.0689 5088 BHDrvx64 - ok
11:45:09.0805 5088 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:45:09.0853 5088 BITS - ok
11:45:09.0947 5088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:45:09.0950 5088 blbdrive - ok
11:45:10.0032 5088 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:45:10.0038 5088 Bonjour Service - ok
11:45:10.0137 5088 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:45:10.0153 5088 bowser - ok
11:45:10.0284 5088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:45:10.0286 5088 BrFiltLo - ok
11:45:10.0311 5088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:45:10.0314 5088 BrFiltUp - ok
11:45:10.0377 5088 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:45:10.0382 5088 Browser - ok
11:45:10.0458 5088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:45:10.0465 5088 Brserid - ok
11:45:10.0501 5088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:45:10.0503 5088 BrSerWdm - ok
11:45:10.0588 5088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:45:10.0590 5088 BrUsbMdm - ok
11:45:10.0613 5088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:45:10.0615 5088 BrUsbSer - ok
11:45:10.0678 5088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:45:10.0680 5088 BTHMODEM - ok
11:45:10.0810 5088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:45:10.0813 5088 bthserv - ok
11:45:10.0841 5088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:45:10.0844 5088 cdfs - ok
11:45:10.0927 5088 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:45:10.0938 5088 cdrom - ok
11:45:11.0022 5088 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:45:11.0025 5088 CertPropSvc - ok
11:45:11.0065 5088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:45:11.0066 5088 circlass - ok
11:45:11.0135 5088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:45:11.0144 5088 CLFS - ok
11:45:11.0217 5088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:45:11.0221 5088 clr_optimization_v2.0.50727_32 - ok
11:45:11.0304 5088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:45:11.0308 5088 clr_optimization_v2.0.50727_64 - ok
11:45:11.0439 5088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:45:11.0442 5088 clr_optimization_v4.0.30319_32 - ok
11:45:11.0487 5088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:45:11.0492 5088 clr_optimization_v4.0.30319_64 - ok
11:45:11.0583 5088 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:45:11.0585 5088 clwvd - ok
11:45:11.0621 5088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:45:11.0624 5088 CmBatt - ok
11:45:11.0699 5088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:45:11.0702 5088 cmdide - ok
11:45:11.0741 5088 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:45:11.0748 5088 CNG - ok
11:45:11.0852 5088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:45:11.0853 5088 Compbatt - ok
11:45:11.0875 5088 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:45:11.0877 5088 CompositeBus - ok
11:45:11.0938 5088 COMSysApp - ok
11:45:11.0979 5088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:45:12.0011 5088 crcdisk - ok
11:45:12.0115 5088 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:45:12.0121 5088 CryptSvc - ok
11:45:12.0213 5088 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:45:12.0226 5088 DcomLaunch - ok
11:45:12.0293 5088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:45:12.0300 5088 defragsvc - ok
11:45:12.0395 5088 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:45:12.0398 5088 DfsC - ok
11:45:12.0457 5088 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:45:12.0462 5088 Dhcp - ok
11:45:12.0621 5088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:45:12.0624 5088 discache - ok
11:45:12.0720 5088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:45:12.0723 5088 Disk - ok
11:45:12.0794 5088 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:45:12.0799 5088 Dnscache - ok
11:45:12.0831 5088 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:45:12.0836 5088 dot3svc - ok
11:45:12.0892 5088 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:45:12.0895 5088 DPS - ok
11:45:12.0932 5088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:45:12.0933 5088 drmkaud - ok
11:45:13.0032 5088 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:45:13.0053 5088 DXGKrnl - ok
11:45:13.0136 5088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:45:13.0139 5088 EapHost - ok
11:45:13.0265 5088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:45:13.0328 5088 ebdrv - ok
11:45:13.0406 5088 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:45:13.0413 5088 eeCtrl - ok
11:45:13.0480 5088 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:45:13.0483 5088 EFS - ok
11:45:13.0569 5088 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:45:13.0587 5088 ehRecvr - ok
11:45:13.0637 5088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:45:13.0646 5088 ehSched - ok
11:45:13.0732 5088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:45:13.0741 5088 elxstor - ok
11:45:13.0836 5088 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:45:13.0840 5088 EraserUtilRebootDrv - ok
11:45:13.0921 5088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:45:13.0923 5088 ErrDev - ok
11:45:14.0004 5088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:45:14.0014 5088 EventSystem - ok
11:45:14.0093 5088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:45:14.0096 5088 exfat - ok
11:45:14.0181 5088 ezSharedSvc - ok
11:45:14.0230 5088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:45:14.0234 5088 fastfat - ok
11:45:14.0320 5088 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:45:14.0332 5088 Fax - ok
11:45:14.0397 5088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:45:14.0403 5088 fdc - ok
11:45:14.0540 5088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:45:14.0543 5088 fdPHost - ok
11:45:14.0569 5088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:45:14.0572 5088 FDResPub - ok
11:45:14.0653 5088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:45:14.0656 5088 FileInfo - ok
11:45:14.0681 5088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:45:14.0683 5088 Filetrace - ok
11:45:14.0869 5088 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:45:14.0884 5088 FLEXnet Licensing Service - ok
11:45:15.0098 5088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:45:15.0124 5088 flpydisk - ok
11:45:15.0326 5088 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:45:15.0334 5088 FltMgr - ok
11:45:15.0426 5088 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:45:15.0450 5088 FontCache - ok
11:45:15.0528 5088 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:45:15.0529 5088 FontCache3.0.0.0 - ok
11:45:15.0605 5088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:45:15.0607 5088 FsDepends - ok
11:45:15.0694 5088 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:45:15.0696 5088 Fs_Rec - ok
11:45:15.0800 5088 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:45:15.0807 5088 fvevol - ok
11:45:15.0898 5088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:45:15.0900 5088 gagp30kx - ok
11:45:15.0950 5088 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:45:15.0970 5088 gpsvc - ok
11:45:16.0071 5088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:45:16.0073 5088 hcw85cir - ok
11:45:16.0178 5088 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:45:16.0187 5088 HdAudAddService - ok
11:45:16.0233 5088 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:45:16.0237 5088 HDAudBus - ok
11:45:16.0305 5088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:45:16.0307 5088 HidBatt - ok
11:45:16.0327 5088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:45:16.0337 5088 HidBth - ok
11:45:16.0447 5088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:45:16.0448 5088 HidIr - ok
11:45:16.0486 5088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:45:16.0488 5088 hidserv - ok
11:45:16.0643 5088 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:45:16.0646 5088 HidUsb - ok
11:45:16.0762 5088 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:45:16.0768 5088 hkmsvc - ok
11:45:16.0803 5088 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:45:16.0812 5088 HomeGroupListener - ok
11:45:16.0843 5088 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:45:16.0850 5088 HomeGroupProvider - ok
11:45:16.0904 5088 HP Health Check Service - ok
11:45:16.0986 5088 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:45:16.0996 5088 HPClientSvc - ok
11:45:17.0103 5088 hpCMSrv - ok
11:45:17.0117 5088 HPDrvMntSvc.exe - ok
11:45:17.0129 5088 hpqwmiex - ok
11:45:17.0226 5088 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:45:17.0230 5088 HpSAMD - ok
11:45:17.0312 5088 HPWMISVC - ok
11:45:17.0414 5088 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:45:17.0430 5088 HTTP - ok
11:45:17.0443 5088 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:45:17.0444 5088 hwpolicy - ok
11:45:17.0541 5088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:45:17.0544 5088 i8042prt - ok
11:45:17.0597 5088 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:45:17.0604 5088 iaStorV - ok
11:45:17.0734 5088 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:45:17.0768 5088 IconMan_R - ok
11:45:17.0901 5088 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:45:17.0934 5088 idsvc - ok
11:45:18.0098 5088 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111104.030\IDSvia64.sys
11:45:18.0133 5088 IDSVia64 - ok
11:45:18.0256 5088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:45:18.0273 5088 iirsp - ok
11:45:18.0528 5088 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:45:18.0562 5088 IKEEXT - ok
11:45:18.0801 5088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:45:18.0804 5088 intelide - ok
11:45:19.0038 5088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:45:19.0041 5088 intelppm - ok
11:45:19.0284 5088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:45:19.0287 5088 IPBusEnum - ok
11:45:19.0448 5088 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:45:19.0451 5088 IpFilterDriver - ok
11:45:19.0541 5088 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:45:19.0550 5088 iphlpsvc - ok
11:45:19.0620 5088 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:45:19.0622 5088 IPMIDRV - ok
11:45:19.0652 5088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:45:19.0654 5088 IPNAT - ok
11:45:19.0736 5088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:45:19.0738 5088 IRENUM - ok
11:45:19.0771 5088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:45:19.0773 5088 isapnp - ok
11:45:19.0809 5088 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:45:19.0817 5088 iScsiPrt - ok
11:45:19.0897 5088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:45:19.0898 5088 kbdclass - ok
11:45:19.0940 5088 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:45:19.0941 5088 kbdhid - ok
11:45:20.0113 5088 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:20.0116 5088 KeyIso - ok
11:45:20.0330 5088 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:45:20.0332 5088 KSecDD - ok
11:45:20.0563 5088 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:45:20.0567 5088 KSecPkg - ok
11:45:20.0808 5088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:45:20.0810 5088 ksthunk - ok
11:45:20.0970 5088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:45:20.0977 5088 KtmRm - ok
11:45:21.0203 5088 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:45:21.0226 5088 LanmanServer - ok
11:45:21.0410 5088 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:45:21.0417 5088 LanmanWorkstation - ok
11:45:21.0553 5088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:45:21.0555 5088 lltdio - ok
11:45:21.0607 5088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:45:21.0638 5088 lltdsvc - ok
11:45:21.0808 5088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:45:21.0810 5088 lmhosts - ok
11:45:22.0017 5088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:45:22.0020 5088 LSI_FC - ok
11:45:22.0271 5088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:45:22.0274 5088 LSI_SAS - ok
11:45:22.0524 5088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:45:22.0528 5088 LSI_SAS2 - ok
11:45:22.0737 5088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:45:22.0741 5088 LSI_SCSI - ok
11:45:22.0935 5088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:45:22.0938 5088 luafv - ok
11:45:23.0091 5088 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:45:23.0122 5088 MBAMProtector - ok
11:45:23.0293 5088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:45:23.0300 5088 MBAMService - ok
11:45:23.0476 5088 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:45:23.0482 5088 Mcx2Svc - ok
11:45:23.0702 5088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:45:23.0705 5088 megasas - ok
11:45:23.0916 5088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:45:23.0924 5088 MegaSR - ok
11:45:24.0025 5088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:45:24.0028 5088 MMCSS - ok
11:45:24.0151 5088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:45:24.0177 5088 Modem - ok
11:45:24.0428 5088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:45:24.0432 5088 monitor - ok
11:45:24.0622 5088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:45:24.0645 5088 mouclass - ok
11:45:24.0827 5088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:45:24.0829 5088 mouhid - ok
11:45:24.0895 5088 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:45:24.0898 5088 mountmgr - ok
11:45:24.0977 5088 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:45:24.0982 5088 mpio - ok
11:45:25.0093 5088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:45:25.0127 5088 mpsdrv - ok
11:45:25.0220 5088 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:45:25.0262 5088 MpsSvc - ok
11:45:25.0375 5088 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:45:25.0379 5088 MRxDAV - ok
11:45:25.0418 5088 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:45:25.0422 5088 mrxsmb - ok
11:45:25.0500 5088 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:45:25.0507 5088 mrxsmb10 - ok
11:45:25.0541 5088 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:45:25.0545 5088 mrxsmb20 - ok
11:45:25.0627 5088 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:45:25.0629 5088 msahci - ok
11:45:25.0674 5088 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:45:25.0678 5088 msdsm - ok
11:45:25.0751 5088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:45:25.0757 5088 MSDTC - ok
11:45:25.0820 5088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:45:25.0822 5088 Msfs - ok
11:45:25.0879 5088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:45:25.0881 5088 mshidkmdf - ok
11:45:25.0916 5088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:45:25.0918 5088 msisadrv - ok
11:45:26.0012 5088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:45:26.0017 5088 MSiSCSI - ok
11:45:26.0027 5088 msiserver - ok
11:45:26.0080 5088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:45:26.0082 5088 MSKSSRV - ok
11:45:26.0154 5088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:45:26.0156 5088 MSPCLOCK - ok
11:45:26.0215 5088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:45:26.0218 5088 MSPQM - ok
11:45:26.0297 5088 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:45:26.0306 5088 MsRPC - ok
11:45:26.0350 5088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:45:26.0353 5088 mssmbios - ok
11:45:26.0611 5088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:45:26.0614 5088 MSTEE - ok
11:45:26.0732 5088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:45:26.0735 5088 MTConfig - ok
11:45:26.0854 5088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:45:26.0857 5088 Mup - ok
11:45:26.0918 5088 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:45:26.0933 5088 napagent - ok
11:45:27.0062 5088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:45:27.0094 5088 NativeWifiP - ok
11:45:27.0243 5088 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111106.009\ENG64.SYS
11:45:27.0268 5088 NAVENG - ok
11:45:27.0611 5088 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111106.009\EX64.SYS
11:45:27.0638 5088 NAVEX15 - ok
11:45:27.0729 5088 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:45:27.0743 5088 NDIS - ok
11:45:27.0834 5088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:45:27.0835 5088 NdisCap - ok
11:45:27.0900 5088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:45:27.0902 5088 NdisTapi - ok
11:45:27.0941 5088 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:45:27.0943 5088 Ndisuio - ok
11:45:28.0005 5088 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:45:28.0010 5088 NdisWan - ok
11:45:28.0027 5088 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:45:28.0029 5088 NDProxy - ok
11:45:28.0072 5088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:45:28.0074 5088 NetBIOS - ok
11:45:28.0136 5088 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:45:28.0141 5088 NetBT - ok
11:45:28.0169 5088 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:28.0173 5088 Netlogon - ok
11:45:28.0220 5088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:45:28.0252 5088 Netman - ok
11:45:28.0370 5088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:45:28.0382 5088 netprofm - ok
11:45:28.0625 5088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:45:28.0649 5088 NetTcpPortSharing - ok
11:45:28.0845 5088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:45:28.0848 5088 nfrd960 - ok
11:45:29.0048 5088 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
11:45:29.0052 5088 NIS - ok
11:45:29.0221 5088 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:45:29.0250 5088 NlaSvc - ok
11:45:29.0483 5088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:45:29.0485 5088 Npfs - ok
11:45:29.0796 5088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:45:29.0799 5088 nsi - ok
11:45:29.0965 5088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:45:29.0967 5088 nsiproxy - ok
11:45:30.0233 5088 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:45:30.0280 5088 Ntfs - ok
11:45:30.0402 5088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:45:30.0418 5088 Null - ok
11:45:30.0656 5088 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:45:30.0662 5088 NVENETFD - ok
11:45:30.0825 5088 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:45:30.0848 5088 nvraid - ok
11:45:31.0069 5088 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:45:31.0072 5088 nvstor - ok
11:45:31.0276 5088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:45:31.0280 5088 nv_agp - ok
11:45:31.0509 5088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:45:31.0537 5088 ohci1394 - ok
11:45:31.0716 5088 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:45:31.0719 5088 ose - ok
11:45:31.0875 5088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:45:31.0881 5088 p2pimsvc - ok
11:45:32.0000 5088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:45:32.0007 5088 p2psvc - ok
11:45:32.0052 5088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:45:32.0054 5088 Parport - ok
11:45:32.0325 5088 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:45:32.0328 5088 partmgr - ok
11:45:32.0471 5088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:45:32.0476 5088 PcaSvc - ok
11:45:32.0573 5088 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:45:32.0578 5088 pci - ok
11:45:32.0739 5088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:45:32.0741 5088 pciide - ok
11:45:32.0931 5088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:45:32.0935 5088 pcmcia - ok
11:45:33.0014 5088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:45:33.0016 5088 pcw - ok
11:45:33.0115 5088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:45:33.0125 5088 PEAUTH - ok
11:45:33.0198 5088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:45:33.0201 5088 PerfHost - ok
11:45:33.0300 5088 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:45:33.0318 5088 pla - ok
11:45:33.0398 5088 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:45:33.0408 5088 PlugPlay - ok
11:45:33.0438 5088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:45:33.0440 5088 PNRPAutoReg - ok
11:45:33.0553 5088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:45:33.0559 5088 PNRPsvc - ok
11:45:33.0589 5088 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:45:33.0597 5088 PolicyAgent - ok
11:45:33.0676 5088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:45:33.0682 5088 Power - ok
11:45:33.0872 5088 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:45:33.0875 5088 PptpMiniport - ok
11:45:34.0011 5088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:45:34.0013 5088 Processor - ok
11:45:34.0089 5088 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:45:34.0093 5088 ProfSvc - ok
11:45:34.0158 5088 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:34.0160 5088 ProtectedStorage - ok
11:45:34.0331 5088 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:45:34.0333 5088 Psched - ok
11:45:34.0726 5088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:45:34.0819 5088 ql2300 - ok
11:45:35.0109 5088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:45:35.0112 5088 ql40xx - ok
11:45:35.0228 5088 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:45:35.0235 5088 QWAVE - ok
11:45:35.0307 5088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:45:35.0336 5088 QWAVEdrv - ok
11:45:35.0543 5088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:45:35.0545 5088 RasAcd - ok
11:45:35.0679 5088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:45:35.0681 5088 RasAgileVpn - ok
11:45:35.0767 5088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:45:35.0773 5088 RasAuto - ok
11:45:35.0878 5088 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:45:35.0881 5088 Rasl2tp - ok
11:45:35.0992 5088 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:45:36.0011 5088 RasMan - ok
11:45:36.0195 5088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:45:36.0199 5088 RasPppoe - ok
11:45:36.0554 5088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:45:36.0558 5088 RasSstp - ok
11:45:36.0827 5088 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:45:36.0834 5088 rdbss - ok
11:45:36.0942 5088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:45:36.0970 5088 rdpbus - ok
11:45:37.0131 5088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:45:37.0133 5088 RDPCDD - ok
11:45:37.0370 5088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:45:37.0372 5088 RDPENCDD - ok
11:45:37.0567 5088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:45:37.0569 5088 RDPREFMP - ok
11:45:37.0795 5088 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:45:37.0799 5088 RDPWD - ok
11:45:37.0990 5088 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:45:37.0993 5088 rdyboost - ok
11:45:38.0147 5088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:45:38.0150 5088 RemoteAccess - ok
11:45:38.0320 5088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:45:38.0324 5088 RemoteRegistry - ok
11:45:38.0654 5088 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
11:45:38.0752 5088 Revoflt - ok
11:45:38.0881 5088 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:45:38.0907 5088 RoxioNow Service - ok
11:45:39.0107 5088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:45:39.0112 5088 RpcEptMapper - ok
11:45:39.0314 5088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:45:39.0345 5088 RpcLocator - ok
11:45:39.0470 5088 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:45:39.0478 5088 RpcSs - ok
11:45:39.0792 5088 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:45:39.0819 5088 RSPCIESTOR - ok
11:45:40.0170 5088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:45:40.0173 5088 rspndr - ok
11:45:40.0393 5088 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:45:40.0403 5088 RTL8167 - ok
11:45:40.0822 5088 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
11:45:40.0839 5088 RTL8192Ce - ok
11:45:40.0980 5088 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:40.0982 5088 SamSs - ok
11:45:41.0166 5088 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:45:41.0168 5088 sbp2port - ok
11:45:41.0379 5088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:45:41.0389 5088 SCardSvr - ok
11:45:41.0646 5088 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:45:41.0649 5088 scfilter - ok
11:45:41.0893 5088 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:45:41.0916 5088 Schedule - ok
11:45:42.0234 5088 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:45:42.0237 5088 SCPolicySvc - ok
11:45:42.0364 5088 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:45:42.0372 5088 sdbus - ok
11:45:42.0588 5088 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:45:42.0596 5088 SDRSVC - ok
11:45:42.0853 5088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:45:42.0855 5088 secdrv - ok
11:45:43.0182 5088 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:45:43.0187 5088 seclogon - ok
11:45:43.0323 5088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:45:43.0329 5088 SENS - ok
11:45:43.0487 5088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:45:43.0493 5088 SensrSvc - ok
11:45:43.0622 5088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:45:43.0624 5088 Serenum - ok
11:45:43.0695 5088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:45:43.0699 5088 Serial - ok
11:45:43.0743 5088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:45:43.0759 5088 sermouse - ok
11:45:43.0831 5088 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:45:43.0835 5088 SessionEnv - ok
11:45:43.0871 5088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:45:43.0873 5088 sffdisk - ok
11:45:43.0888 5088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:45:43.0889 5088 sffp_mmc - ok
11:45:43.0947 5088 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:45:43.0948 5088 sffp_sd - ok
11:45:43.0977 5088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:45:43.0978 5088 sfloppy - ok
11:45:44.0012 5088 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:45:44.0018 5088 SharedAccess - ok
11:45:44.0081 5088 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:45:44.0088 5088 ShellHWDetection - ok
11:45:44.0129 5088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:45:44.0131 5088 SiSRaid2 - ok
11:45:44.0206 5088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:45:44.0208 5088 SiSRaid4 - ok
11:45:44.0262 5088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:45:44.0265 5088 Smb - ok
11:45:44.0341 5088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:45:44.0344 5088 SNMPTRAP - ok
11:45:44.0390 5088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:45:44.0395 5088 spldr - ok
11:45:44.0627 5088 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:45:44.0636 5088 Spooler - ok
11:45:44.0778 5088 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:45:44.0871 5088 sppsvc - ok
11:45:44.0991 5088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:45:44.0994 5088 sppuinotify - ok
11:45:45.0129 5088 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
11:45:45.0140 5088 SRTSP - ok
11:45:45.0316 5088 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
11:45:45.0317 5088 SRTSPX - ok
11:45:45.0507 5088 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:45:45.0513 5088 srv - ok
11:45:45.0668 5088 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:45:45.0674 5088 srv2 - ok
11:45:45.0769 5088 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:45:45.0810 5088 SrvHsfHDA - ok
11:45:46.0043 5088 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:45:46.0080 5088 SrvHsfV92 - ok
11:45:46.0293 5088 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:45:46.0310 5088 SrvHsfWinac - ok
11:45:46.0437 5088 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:45:46.0442 5088 srvnet - ok
11:45:46.0604 5088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:45:46.0612 5088 SSDPSRV - ok
11:45:46.0636 5088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:45:46.0642 5088 SstpSvc - ok
11:45:46.0830 5088 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe
11:45:46.0834 5088 STacSV - ok
11:45:47.0015 5088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:45:47.0017 5088 stexstor - ok
11:45:47.0144 5088 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys
11:45:47.0152 5088 STHDA - ok
11:45:47.0238 5088 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:45:47.0248 5088 stisvc - ok
11:45:47.0328 5088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:45:47.0330 5088 swenum - ok
11:45:47.0373 5088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:45:47.0389 5088 swprv - ok
11:45:47.0514 5088 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
11:45:47.0522 5088 SymDS - ok
11:45:47.0658 5088 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
11:45:47.0677 5088 SymEFA - ok
11:45:47.0756 5088 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:45:47.0762 5088 SymEvent - ok
11:45:47.0820 5088 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
11:45:47.0830 5088 SymIRON - ok
11:45:47.0938 5088 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
11:45:47.0946 5088 SymNetS - ok
11:45:48.0011 5088 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
11:45:48.0030 5088 SynTP - ok
11:45:48.0137 5088 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:45:48.0165 5088 SysMain - ok
11:45:48.0182 5088 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:45:48.0187 5088 TabletInputService - ok
11:45:48.0267 5088 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:45:48.0278 5088 TapiSrv - ok
11:45:48.0297 5088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:45:48.0303 5088 TBS - ok
11:45:48.0413 5088 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:45:48.0456 5088 Tcpip - ok
11:45:48.0736 5088 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:45:48.0762 5088 TCPIP6 - ok
11:45:48.0935 5088 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:45:48.0939 5088 tcpipreg - ok
11:45:48.0983 5088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:45:48.0985 5088 TDPIPE - ok
11:45:49.0045 5088 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:45:49.0047 5088 TDTCP - ok
11:45:49.0080 5088 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:45:49.0084 5088 tdx - ok
11:45:49.0285 5088 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:45:49.0288 5088 TermDD - ok
11:45:49.0407 5088 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:45:49.0423 5088 TermService - ok
11:45:49.0451 5088 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:45:49.0454 5088 Themes - ok
11:45:49.0527 5088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:45:49.0531 5088 THREADORDER - ok
11:45:49.0593 5088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:45:49.0599 5088 TrkWks - ok
11:45:49.0642 5088 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:45:49.0644 5088 TrustedInstaller - ok
11:45:49.0718 5088 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:45:49.0719 5088 tssecsrv - ok
11:45:49.0767 5088 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:45:49.0770 5088 TsUsbFlt - ok
11:45:49.0849 5088 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:45:49.0860 5088 TsUsbGD - ok
11:45:49.0912 5088 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:45:49.0918 5088 tunnel - ok
11:45:50.0070 5088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:45:50.0073 5088 uagp35 - ok
11:45:50.0096 5088 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:45:50.0111 5088 udfs - ok
11:45:50.0179 5088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:45:50.0182 5088 UI0Detect - ok
11:45:50.0212 5088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:45:50.0214 5088 uliagpkx - ok
11:45:50.0303 5088 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:45:50.0306 5088 umbus - ok
11:45:50.0342 5088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:45:50.0344 5088 UmPass - ok
11:45:50.0466 5088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:45:50.0477 5088 upnphost - ok
11:45:50.0568 5088 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:45:50.0571 5088 usbccgp - ok
11:45:50.0670 5088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:45:50.0674 5088 usbcir - ok
11:45:50.0712 5088 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:45:50.0714 5088 usbehci - ok
11:45:50.0756 5088 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
11:45:50.0758 5088 usbfilter - ok
11:45:50.0879 5088 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:45:50.0886 5088 usbhub - ok
11:45:50.0965 5088 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:45:50.0967 5088 usbohci - ok
11:45:51.0045 5088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:45:51.0047 5088 usbprint - ok
11:45:51.0159 5088 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:45:51.0165 5088 USBSTOR - ok
11:45:51.0264 5088 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:45:51.0266 5088 usbuhci - ok
11:45:51.0331 5088 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:45:51.0335 5088 usbvideo - ok
11:45:51.0399 5088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:45:51.0405 5088 UxSms - ok
11:45:51.0448 5088 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:45:51.0450 5088 VaultSvc - ok
11:45:51.0481 5088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:45:51.0484 5088 vdrvroot - ok
11:45:51.0548 5088 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:45:51.0561 5088 vds - ok
11:45:51.0624 5088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:45:51.0626 5088 vga - ok
11:45:51.0678 5088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:45:51.0679 5088 VgaSave - ok
11:45:51.0716 5088 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:45:51.0719 5088 vhdmp - ok
11:45:51.0775 5088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:45:51.0777 5088 viaide - ok
11:45:51.0841 5088 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:45:51.0845 5088 volmgr - ok
11:45:51.0908 5088 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:45:51.0917 5088 volmgrx - ok
11:45:51.0976 5088 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:45:51.0981 5088 volsnap - ok
11:45:52.0032 5088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:45:52.0035 5088 vsmraid - ok
11:45:52.0144 5088 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:45:52.0172 5088 VSS - ok
11:45:52.0261 5088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:45:52.0263 5088 vwifibus - ok
11:45:52.0287 5088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:45:52.0290 5088 vwififlt - ok
11:45:52.0366 5088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:45:52.0380 5088 W32Time - ok
11:45:52.0451 5088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:45:52.0452 5088 WacomPen - ok
11:45:52.0594 5088 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:52.0597 5088 WANARP - ok
11:45:52.0603 5088 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:52.0604 5088 Wanarpv6 - ok
11:45:52.0758 5088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:45:52.0783 5088 WatAdminSvc - ok
11:45:52.0984 5088 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:45:53.0031 5088 wbengine - ok
11:45:53.0151 5088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:45:53.0181 5088 WbioSrvc - ok
11:45:53.0275 5088 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:45:53.0288 5088 wcncsvc - ok
11:45:53.0359 5088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:45:53.0365 5088 WcsPlugInService - ok
11:45:53.0445 5088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:45:53.0447 5088 Wd - ok
11:45:53.0552 5088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:45:53.0563 5088 Wdf01000 - ok
11:45:53.0626 5088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:45:53.0630 5088 WdiServiceHost - ok
11:45:53.0635 5088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:45:53.0638 5088 WdiSystemHost - ok
11:45:53.0663 5088 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:45:53.0669 5088 WebClient - ok
11:45:53.0745 5088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:45:53.0750 5088 Wecsvc - ok
11:45:53.0771 5088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:45:53.0774 5088 wercplsupport - ok
11:45:53.0850 5088 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:45:53.0854 5088 WerSvc - ok
11:45:53.0912 5088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:45:53.0913 5088 WfpLwf - ok
11:45:53.0983 5088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:45:53.0984 5088 WIMMount - ok
11:45:54.0007 5088 WinDefend - ok
11:45:54.0019 5088 WinHttpAutoProxySvc - ok
11:45:54.0072 5088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:45:54.0077 5088 Winmgmt - ok
11:45:54.0197 5088 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:45:54.0232 5088 WinRM - ok
11:45:54.0355 5088 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:45:54.0357 5088 WinUsb - ok
11:45:54.0425 5088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:45:54.0441 5088 Wlansvc - ok
11:45:54.0579 5088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:45:54.0580 5088 WmiAcpi - ok
11:45:54.0642 5088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:45:54.0646 5088 wmiApSrv - ok
11:45:54.0765 5088 WMPNetworkSvc - ok
11:45:54.0973 5088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:45:54.0983 5088 WPCSvc - ok
11:45:55.0010 5088 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:45:55.0016 5088 WPDBusEnum - ok
11:45:55.0118 5088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:45:55.0120 5088 ws2ifsl - ok
11:45:55.0158 5088 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:45:55.0163 5088 wscsvc - ok
11:45:55.0249 5088 WSearch - ok
11:45:55.0323 5088 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:45:55.0359 5088 wuauserv - ok
11:45:55.0437 5088 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:45:55.0440 5088 WudfPf - ok
11:45:55.0548 5088 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:45:55.0554 5088 WUDFRd - ok
11:45:55.0582 5088 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:45:55.0586 5088 wudfsvc - ok
11:45:55.0650 5088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:45:55.0656 5088 WwanSvc - ok
11:45:55.0693 5088 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
11:45:55.0727 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:45:55.0727 5088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:45:55.0757 5088 Boot (0x1200) (9c85a4733cd963a3c98bb87793746910) \Device\Harddisk0\DR0\Partition0
11:45:55.0759 5088 \Device\Harddisk0\DR0\Partition0 - ok
11:45:55.0767 5088 Boot (0x1200) (df54bce7fb5f4ee389f0739dcf8f0936) \Device\Harddisk0\DR0\Partition1
11:45:55.0768 5088 \Device\Harddisk0\DR0\Partition1 - ok
11:45:55.0798 5088 Boot (0x1200) (71451637ac9a668b623dd20855fb820c) \Device\Harddisk0\DR0\Partition2
11:45:55.0800 5088 \Device\Harddisk0\DR0\Partition2 - ok
11:45:55.0818 5088 Boot (0x1200) (eb373bfaf84e479b17063bac6749bdfb) \Device\Harddisk0\DR0\Partition3
11:45:55.0819 5088 \Device\Harddisk0\DR0\Partition3 - ok
11:45:55.0820 5088 ============================================================
11:45:55.0820 5088 Scan finished
11:45:55.0820 5088 ============================================================
11:45:55.0864 4488 Detected object count: 1
11:45:55.0864 4488 Actual detected object count: 1
11:46:09.0244 4488 \Device\Harddisk0\DR0\# - copied to quarantine
11:46:09.0244 4488 \Device\Harddisk0\DR0 - copied to quarantine
11:46:09.0300 4488 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:46:09.0304 4488 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:46:09.0311 4488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:46:09.0319 4488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:46:09.0338 4488 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:46:09.0350 4488 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:46:09.0353 4488 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:46:09.0355 4488 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:46:09.0357 4488 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:46:09.0361 4488 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:46:09.0364 4488 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:46:09.0367 4488 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:46:09.0405 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:46:09.0461 4488 \Device\Harddisk0\DR0 - ok
11:46:11.0193 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:46:17.0311 5304 Deinitialize success
#4
Posted 15 April 2012 - 12:52 PM
-
- Members
-
- 6 posts
New Member
Thank you for helping me. I have been very worried about this as this is the laptop I use for my freelance business.
#5
Posted 15 April 2012 - 02:01 PM
-
- Experts
-
- 8,720 posts
Forum Deity
- Gender:Female
- Location:Romania
In that case I am afraid I have bad news. Although the infection is gone now, it was a nasty rootkit, please read the following information first.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
COMBOFIX
---------------
Please download ComboFix from one of these locations:
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
COMBOFIX
---------------
Please download ComboFix from one of these locations:
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise
If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.
#6
Posted 15 April 2012 - 02:51 PM
-
- Members
-
- 6 posts
New Member
This is horrible news. I use this laptop for EVERYTHING. I wil review your recommendations. I am afraid that I let the AV expire on all my PCs recently. Thank you for your help.
Christopher
Christopher
#7
Posted 15 April 2012 - 04:46 PM
-
- Members
-
- 6 posts
New Member
I will reset all passwords.....but I am not sure I have the OS disks. I MUST work on my laptop. Would it be possible to clean the laptop and then reinstall after I have received the OS disks?
#8
Posted 16 April 2012 - 01:27 AM
-
- Experts
-
- 8,720 posts
Forum Deity
- Gender:Female
- Location:Romania
Yes, that wouldn't be a problem. 
In that case, please continue with the combofix steps.
In that case, please continue with the combofix steps.
regards, Elise
If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.
#9
Posted 25 May 2012 - 09:54 AM
-
- Moderators
-
- 13,173 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
<kibbitz>
@ctruong333
Are you still with us? Or have you already resolved your issues? Status update, please.
@ctruong333
Are you still with us? Or have you already resolved your issues? Status update, please.
~Maurice Naggar
I close my threads if there is 5 days without a response.
I close my threads if there is 5 days without a response.
#10
Posted 29 May 2012 - 11:35 AM
-
- Moderators
-
- 13,173 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar
I close my threads if there is 5 days without a response.
I close my threads if there is 5 days without a response.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
