Sign In
Create Account
Hello,
I'm pulling my hair out over a suspicious occurrence of MWB alerting me that it has blocked access to potentially malicious websites, and notices of "High CPU usage by MWB." I have NORTON 360 (and it’s all up to date), and MWB. I have run scan after scan with both and all comes back clean. I have also run Norton’s, NPE program, as well as ComboFix. The issue is still occurring. I do not have a static IP address. I cannot figure for the life of me, whether this activity is originating on my end, or if these websites are coming to me. The alert generally references: Incoming, Port 19 (sometimes other ports too), and TCPSVCS.EXE. I have looked up the IP address that the alert shows, and it says it’s in the Netherlands.
I'm not a techie type guy, but this is beginning to wear me out. I have a business to run on this machine and need more knowledgeable advice from someone that knows what they are doing. Anything this community could do would be greatly appreciated.
Thanks,
L.Fleming
0
Malwarebytes has blocked access to maliscious website....TCPSVCS.EXE
Started by LenardFleming, May 14 2012 09:44 AM
-
This topic is locked
Back to top
#2
Posted 14 May 2012 - 10:18 AM
-
- Experts
-
- 17,447 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Welcome to the forum, please start at the link below:
http://forums.malwar...?showtopic=9573
Post back the 2 logs.
<====><====><====><====><====><====><====><====>
Next.......
Please remove any usb or external drives from the computer before you run this scan!
Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.
MrC
http://forums.malwar...?showtopic=9573
Post back the 2 logs.
<====><====><====><====><====><====><====><====>
Next.......
Please remove any usb or external drives from the computer before you run this scan!
Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#3
Posted 14 May 2012 - 01:26 PM
-
- Members
-
- 7 posts
New Member
Hope I did all this right...Thanks for the fast reply and help!
Scan Results are as follows:
DDS.txt
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lenard at 12:45:57 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2048.701 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.suddenlink.net/
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [AndroidSync] c:\program files\android-sync\AndroidSync.exe -m
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro\mozyprostat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271554470514
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rim.webex.com/client/T27LB/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{AE641B68-4657-4CCC-8018-56144A401206} : DhcpNameServer = 208.180.42.68 208.180.42.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://home.suddenlink.net/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=66604&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 6dbad97e-9741-43d1-8783-0293a5144e86
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\SymDS.sys [2012-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys [2012-5-2 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys [2012-5-2 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\ipsdefs\20120511.001\IDSvix86.sys [2012-5-12 368248]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2012-2-14 54776]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys [2012-5-2 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602000.009\symnets.sys [2012-5-2 318584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-9-9 43912]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.352.0\BBSvc.EXE [2012-1-21 192792]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-11-28 1029480]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-14 654408]
R2 mozyprobackup;MozyPro Backup Service;c:\program files\mozypro\mozyprobackup.exe [2011-9-29 53016]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccSvcHst.exe [2012-5-2 138232]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-11-28 1037672]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-8-3 828944]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2012-3-20 175520]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-2 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-24 22344]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.352.0\SeaPort.EXE [2012-1-21 240408]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-7 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-3-7 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-7 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-7 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-7 23424]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 129976]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2012-2-3 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2012-2-3 53312]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-24 27192]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-11-28 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-11-28 108800]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-25 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-1-18 25704]
.
=============== Created Last 30 ================
.
2012-05-14 17:35:53 711240 ----a-w- c:\windows\isRS-000.tmp
2012-05-14 13:58:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-14 13:50:20 -------- d-----w- c:\users\lenard\appdata\local\temp
2012-05-14 13:32:18 98816 ----a-w- c:\windows\sed.exe
2012-05-14 13:32:18 518144 ----a-w- c:\windows\SWREG.exe
2012-05-14 13:32:18 256000 ----a-w- c:\windows\PEV.exe
2012-05-14 13:32:18 208896 ----a-w- c:\windows\MBR.exe
2012-05-09 20:34:02 -------- d-----w- c:\program files\InterActual
2012-05-09 09:47:40 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 09:47:38 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 09:47:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 09:47:38 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 09:47:38 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 09:47:35 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 09:47:34 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 09:47:34 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 09:47:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 09:47:27 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-05 18:01:07 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-02 23:31:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-02 23:31:41 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-02 23:31:41 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-02 15:37:43 318584 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symnets.sys
2012-05-02 15:37:42 905336 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys
2012-05-02 15:37:42 574072 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
2012-05-02 15:37:42 340088 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymDS.sys
2012-05-02 15:37:42 32888 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
2012-05-02 15:37:42 149624 ----a-r- c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys
2012-05-02 15:37:42 132744 ----a-r- c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys
2012-05-02 15:37:29 4782 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymVTcer.dat
2012-05-02 15:37:28 -------- d-----w- c:\windows\system32\drivers\n360\0602000.009
2012-05-01 07:05:04 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9269f4f4-1f47-4b79-91f6-aa1e26ff7753}\mpengine.dll
2012-04-19 14:06:36 -------- d-----w- c:\users\lenard\appdata\roaming\TightVNC
.
==================== Find3M ====================
.
2012-05-05 19:01:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 19:01:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 15:42:49 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 06:28:34 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-03-19 15:10:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 12:48:06.38 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2011 9:57:15 PM
System Uptime: 5/14/2012 12:37:37 PM (0 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Genuine Intel® CPU 2160 @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 363 GiB total, 228.881 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.511 GiB free.
E: is CDROM (UDF)
I: is Removable
J: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 5/14/2012 8:32:35 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Alocet PDF Writer
Amazon MP3 Downloader 1.0.15
Android-Sync v0.385
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
BeerSmith 2
Bing Bar
BlackBerry Desktop Software 6.1
Bonjour
Google Toolbar for Internet Explorer
GoToMeeting 4.8.0.723
iCloud
iTunes
Java Auto Updater
Java™ 6 Update 31
Malwarebytes Anti-Malware version 1.61.0.1400
Marshall Plan® Novel Writing Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Store Download Manager
MobileMe Control Panel
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MozyPro
Norton Utilities 15
PocketCloud Windows Companion
ProMash
QuickBooks
QuickBooks Contact Sync
QuickBooks Pro 2011
QuickTime
Realtek High Definition Audio Driver
RegZooka
Revo Uninstaller Pro 2.5.8
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Soft Data Fax Modem with SmartCP
Star Trek Online
StrangeBrew
TightVNC 2.0.4
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
Windows Driver Package - Motorola (bqusbser) Modem (02/24/2009 1.1.0.0)
Windows Driver Package - Motorola (bqusbser) Ports (02/24/2009 1.1.0.0)
Windows Driver Package - Motorola (motandroidusb) USB (11/08/2011 1.2.9.0)
Windows Driver Package - Motorola (motccgp) USB (11/08/2011 3.1.2.0)
Windows Driver Package - Motorola (motmodem) Modem (11/08/2011 4.8.2.0)
Windows Driver Package - Motorola (Motousbnet) Net (07/01/2011 2.4.7.0)
Windows Driver Package - Motorola (motport) Ports (11/08/2011 4.8.2.0)
Windows Driver Package - Motorola (motusbdevice) USB (11/08/2011 1.1.0.0)
Windows Driver Package - Motorola Inc (MotDev) MOTUSB (11/08/2011 3.2.12.0)
Windows Driver Package - Motorola Net (11/08/2011 1.0.5.0)
ZumoCast
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 12:52:09 AM, Error: IPRIP [29012] - IPRIP was unable to bind a socket to IP address 74.197.174.183. The data is the error code.
5/8/2012 2:07:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/8/2012 2:07:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
5/14/2012 8:50:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/14/2012 8:35:07 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 8:31:39 AM, Error: Service Control Manager [7034] - The QuickBooksDB21 service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/14/2012 7:51:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/14/2012 7:51:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/14/2012 7:51:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 mozyproFilter spldr SRTSP SRTSPX SymIRON SymNetS truecrypt Wanarpv6
5/14/2012 12:46:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/14/2012 12:38:22 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
5/12/2012 9:42:16 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
5/11/2012 1:10:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================
RogueKiller.txt
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Lenard [Admin rights]
Mode: Scan -- Date: 05/14/2012 13:13:57
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @QBDataServiceUser21 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x832E24E1 -> HOOKED (Unknown @ 0x867B3640)
SSDT[14] : NtAlertThread @ 0x8326AB0F -> HOOKED (Unknown @ 0x85EA3E80)
SSDT[19] : NtAllocateVirtualMemory @ 0x83217F65 -> HOOKED (Unknown @ 0x866211A0)
SSDT[22] : NtAlpcConnectPort @ 0x8322B26B -> HOOKED (Unknown @ 0x866C5DB8)
SSDT[43] : NtAssignProcessToJobObject @ 0x832837B4 -> HOOKED (Unknown @ 0x865FD248)
SSDT[74] : NtCreateMutant @ 0x8327A1CE -> HOOKED (Unknown @ 0x86600E88)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x831F9189 -> HOOKED (Unknown @ 0x866248B0)
SSDT[87] : NtCreateThread @ 0x832E0702 -> HOOKED (Unknown @ 0x867D72F0)
SSDT[88] : NtCreateThreadEx @ 0x83269801 -> HOOKED (Unknown @ 0x86600460)
SSDT[96] : NtDebugActiveProcess @ 0x832B2E88 -> HOOKED (Unknown @ 0x86600310)
SSDT[111] : NtDuplicateObject @ 0x832658B5 -> HOOKED (Unknown @ 0x86621370)
SSDT[131] : NtFreeVirtualMemory @ 0x8308B32E -> HOOKED (Unknown @ 0x86600D28)
SSDT[145] : NtImpersonateAnonymousToken @ 0x8325E236 -> HOOKED (Unknown @ 0x86600F90)
SSDT[147] : NtImpersonateThread @ 0x8323C252 -> HOOKED (Unknown @ 0x864B7250)
SSDT[155] : NtLoadDriver @ 0x831AF442 -> HOOKED (Unknown @ 0x86527058)
SSDT[168] : NtMapViewOfSection @ 0x83244B6D -> HOOKED (Unknown @ 0x86600C28)
SSDT[177] : NtOpenEvent @ 0x8323AF76 -> HOOKED (Unknown @ 0x866244E0)
SSDT[190] : NtOpenProcess @ 0x83226F07 -> HOOKED (Unknown @ 0x86621008)
SSDT[191] : NtOpenProcessToken @ 0x8326425D -> HOOKED (Unknown @ 0x86621290)
SSDT[194] : NtOpenSection @ 0x832739F0 -> HOOKED (Unknown @ 0x866FC008)
SSDT[198] : NtOpenThread @ 0x8327CAF8 -> HOOKED (Unknown @ 0x86621460)
SSDT[215] : NtProtectVirtualMemory @ 0x8324B483 -> HOOKED (Unknown @ 0x86600598)
SSDT[304] : NtResumeThread @ 0x83236EF5 -> HOOKED (Unknown @ 0x866210C0)
SSDT[316] : NtSetContextThread @ 0x832E1F8D -> HOOKED (Unknown @ 0x866006D0)
SSDT[333] : NtSetInformationProcess @ 0x8321528F -> HOOKED (Unknown @ 0x86600A58)
SSDT[350] : NtSetSystemInformation @ 0x831F2618 -> HOOKED (Unknown @ 0x866FCEC0)
SSDT[366] : NtSuspendProcess @ 0x832E241B -> HOOKED (Unknown @ 0x86624380)
SSDT[367] : NtSuspendThread @ 0x8329C333 -> HOOKED (Unknown @ 0x86624D10)
SSDT[370] : NtTerminateProcess @ 0x832273E6 -> HOOKED (Unknown @ 0x86621990)
SSDT[371] : NtTerminateThread @ 0x8323E936 -> HOOKED (Unknown @ 0x86600348)
SSDT[385] : NtUnmapViewOfSection @ 0x83267508 -> HOOKED (Unknown @ 0x86600B48)
SSDT[399] : NtWriteVirtualMemory @ 0x83257295 -> HOOKED (Unknown @ 0x86600DF8)
S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x871DC868)
S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87036DE0)
S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x871EAB80)
S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85E8E688)
S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x871ED648)
S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x871E8640)
S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x871EAAB0)
S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x871EA9E0)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87036EE8)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x871E82B8)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725040VLA380 ATA Device +++++
--- User ---
[MBR] fd8deb240bf8098a38ec337a10315105
[BSP] 4c00e8bb74ce040920247e26d3ccae2b : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10032 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20547135 | Size: 371518 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Scan Results are as follows:
DDS.txt
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lenard at 12:45:57 on 2012-05-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2048.701 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.suddenlink.net/
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [AndroidSync] c:\program files\android-sync\AndroidSync.exe -m
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro\mozyprostat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271554470514
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rim.webex.com/client/T27LB/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{AE641B68-4657-4CCC-8018-56144A401206} : DhcpNameServer = 208.180.42.68 208.180.42.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://home.suddenlink.net/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=66604&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 6dbad97e-9741-43d1-8783-0293a5144e86
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\SymDS.sys [2012-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys [2012-5-2 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys [2012-5-2 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\ipsdefs\20120511.001\IDSvix86.sys [2012-5-12 368248]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2012-2-14 54776]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys [2012-5-2 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602000.009\symnets.sys [2012-5-2 318584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-9-9 43912]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.352.0\BBSvc.EXE [2012-1-21 192792]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-11-28 1029480]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-14 654408]
R2 mozyprobackup;MozyPro Backup Service;c:\program files\mozypro\mozyprobackup.exe [2011-9-29 53016]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccSvcHst.exe [2012-5-2 138232]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-11-28 1037672]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-8-3 828944]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2012-3-20 175520]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-2 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-24 22344]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.352.0\SeaPort.EXE [2012-1-21 240408]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-7 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-3-7 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-7 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-7 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-7 23424]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 129976]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2012-2-3 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2012-2-3 53312]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-24 27192]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-11-28 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-11-28 108800]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-25 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-1-18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-1-18 25704]
.
=============== Created Last 30 ================
.
2012-05-14 17:35:53 711240 ----a-w- c:\windows\isRS-000.tmp
2012-05-14 13:58:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-14 13:50:20 -------- d-----w- c:\users\lenard\appdata\local\temp
2012-05-14 13:32:18 98816 ----a-w- c:\windows\sed.exe
2012-05-14 13:32:18 518144 ----a-w- c:\windows\SWREG.exe
2012-05-14 13:32:18 256000 ----a-w- c:\windows\PEV.exe
2012-05-14 13:32:18 208896 ----a-w- c:\windows\MBR.exe
2012-05-09 20:34:02 -------- d-----w- c:\program files\InterActual
2012-05-09 09:47:40 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 09:47:38 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 09:47:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 09:47:38 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 09:47:38 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 09:47:35 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 09:47:34 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 09:47:34 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 09:47:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 09:47:27 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-05 18:01:07 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-02 23:31:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-02 23:31:41 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-02 23:31:41 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-02 15:37:43 318584 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symnets.sys
2012-05-02 15:37:42 905336 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys
2012-05-02 15:37:42 574072 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtsp.sys
2012-05-02 15:37:42 340088 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymDS.sys
2012-05-02 15:37:42 32888 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtspx.sys
2012-05-02 15:37:42 149624 ----a-r- c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys
2012-05-02 15:37:42 132744 ----a-r- c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys
2012-05-02 15:37:29 4782 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymVTcer.dat
2012-05-02 15:37:28 -------- d-----w- c:\windows\system32\drivers\n360\0602000.009
2012-05-01 07:05:04 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9269f4f4-1f47-4b79-91f6-aa1e26ff7753}\mpengine.dll
2012-04-19 14:06:36 -------- d-----w- c:\users\lenard\appdata\roaming\TightVNC
.
==================== Find3M ====================
.
2012-05-05 19:01:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 19:01:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-02 15:42:49 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 06:28:34 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-03-19 15:10:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 12:48:06.38 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2011 9:57:15 PM
System Uptime: 5/14/2012 12:37:37 PM (0 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Genuine Intel® CPU 2160 @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 363 GiB total, 228.881 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.511 GiB free.
E: is CDROM (UDF)
I: is Removable
J: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 5/14/2012 8:32:35 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Alocet PDF Writer
Amazon MP3 Downloader 1.0.15
Android-Sync v0.385
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
BeerSmith 2
Bing Bar
BlackBerry Desktop Software 6.1
Bonjour
Google Toolbar for Internet Explorer
GoToMeeting 4.8.0.723
iCloud
iTunes
Java Auto Updater
Java™ 6 Update 31
Malwarebytes Anti-Malware version 1.61.0.1400
Marshall Plan® Novel Writing Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Store Download Manager
MobileMe Control Panel
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MozyPro
Norton Utilities 15
PocketCloud Windows Companion
ProMash
QuickBooks
QuickBooks Contact Sync
QuickBooks Pro 2011
QuickTime
Realtek High Definition Audio Driver
RegZooka
Revo Uninstaller Pro 2.5.8
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Soft Data Fax Modem with SmartCP
Star Trek Online
StrangeBrew
TightVNC 2.0.4
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
Windows Driver Package - Motorola (bqusbser) Modem (02/24/2009 1.1.0.0)
Windows Driver Package - Motorola (bqusbser) Ports (02/24/2009 1.1.0.0)
Windows Driver Package - Motorola (motandroidusb) USB (11/08/2011 1.2.9.0)
Windows Driver Package - Motorola (motccgp) USB (11/08/2011 3.1.2.0)
Windows Driver Package - Motorola (motmodem) Modem (11/08/2011 4.8.2.0)
Windows Driver Package - Motorola (Motousbnet) Net (07/01/2011 2.4.7.0)
Windows Driver Package - Motorola (motport) Ports (11/08/2011 4.8.2.0)
Windows Driver Package - Motorola (motusbdevice) USB (11/08/2011 1.1.0.0)
Windows Driver Package - Motorola Inc (MotDev) MOTUSB (11/08/2011 3.2.12.0)
Windows Driver Package - Motorola Net (11/08/2011 1.0.5.0)
ZumoCast
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 12:52:09 AM, Error: IPRIP [29012] - IPRIP was unable to bind a socket to IP address 74.197.174.183. The data is the error code.
5/8/2012 2:07:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/8/2012 2:07:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
5/14/2012 8:50:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/14/2012 8:35:07 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 8:31:39 AM, Error: Service Control Manager [7034] - The QuickBooksDB21 service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/14/2012 7:51:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/14/2012 7:51:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/14/2012 7:51:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 mozyproFilter spldr SRTSP SRTSPX SymIRON SymNetS truecrypt Wanarpv6
5/14/2012 12:46:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/14/2012 12:38:22 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
5/12/2012 9:42:16 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
5/11/2012 1:10:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================
RogueKiller.txt
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Lenard [Admin rights]
Mode: Scan -- Date: 05/14/2012 13:13:57
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @QBDataServiceUser21 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x832E24E1 -> HOOKED (Unknown @ 0x867B3640)
SSDT[14] : NtAlertThread @ 0x8326AB0F -> HOOKED (Unknown @ 0x85EA3E80)
SSDT[19] : NtAllocateVirtualMemory @ 0x83217F65 -> HOOKED (Unknown @ 0x866211A0)
SSDT[22] : NtAlpcConnectPort @ 0x8322B26B -> HOOKED (Unknown @ 0x866C5DB8)
SSDT[43] : NtAssignProcessToJobObject @ 0x832837B4 -> HOOKED (Unknown @ 0x865FD248)
SSDT[74] : NtCreateMutant @ 0x8327A1CE -> HOOKED (Unknown @ 0x86600E88)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x831F9189 -> HOOKED (Unknown @ 0x866248B0)
SSDT[87] : NtCreateThread @ 0x832E0702 -> HOOKED (Unknown @ 0x867D72F0)
SSDT[88] : NtCreateThreadEx @ 0x83269801 -> HOOKED (Unknown @ 0x86600460)
SSDT[96] : NtDebugActiveProcess @ 0x832B2E88 -> HOOKED (Unknown @ 0x86600310)
SSDT[111] : NtDuplicateObject @ 0x832658B5 -> HOOKED (Unknown @ 0x86621370)
SSDT[131] : NtFreeVirtualMemory @ 0x8308B32E -> HOOKED (Unknown @ 0x86600D28)
SSDT[145] : NtImpersonateAnonymousToken @ 0x8325E236 -> HOOKED (Unknown @ 0x86600F90)
SSDT[147] : NtImpersonateThread @ 0x8323C252 -> HOOKED (Unknown @ 0x864B7250)
SSDT[155] : NtLoadDriver @ 0x831AF442 -> HOOKED (Unknown @ 0x86527058)
SSDT[168] : NtMapViewOfSection @ 0x83244B6D -> HOOKED (Unknown @ 0x86600C28)
SSDT[177] : NtOpenEvent @ 0x8323AF76 -> HOOKED (Unknown @ 0x866244E0)
SSDT[190] : NtOpenProcess @ 0x83226F07 -> HOOKED (Unknown @ 0x86621008)
SSDT[191] : NtOpenProcessToken @ 0x8326425D -> HOOKED (Unknown @ 0x86621290)
SSDT[194] : NtOpenSection @ 0x832739F0 -> HOOKED (Unknown @ 0x866FC008)
SSDT[198] : NtOpenThread @ 0x8327CAF8 -> HOOKED (Unknown @ 0x86621460)
SSDT[215] : NtProtectVirtualMemory @ 0x8324B483 -> HOOKED (Unknown @ 0x86600598)
SSDT[304] : NtResumeThread @ 0x83236EF5 -> HOOKED (Unknown @ 0x866210C0)
SSDT[316] : NtSetContextThread @ 0x832E1F8D -> HOOKED (Unknown @ 0x866006D0)
SSDT[333] : NtSetInformationProcess @ 0x8321528F -> HOOKED (Unknown @ 0x86600A58)
SSDT[350] : NtSetSystemInformation @ 0x831F2618 -> HOOKED (Unknown @ 0x866FCEC0)
SSDT[366] : NtSuspendProcess @ 0x832E241B -> HOOKED (Unknown @ 0x86624380)
SSDT[367] : NtSuspendThread @ 0x8329C333 -> HOOKED (Unknown @ 0x86624D10)
SSDT[370] : NtTerminateProcess @ 0x832273E6 -> HOOKED (Unknown @ 0x86621990)
SSDT[371] : NtTerminateThread @ 0x8323E936 -> HOOKED (Unknown @ 0x86600348)
SSDT[385] : NtUnmapViewOfSection @ 0x83267508 -> HOOKED (Unknown @ 0x86600B48)
SSDT[399] : NtWriteVirtualMemory @ 0x83257295 -> HOOKED (Unknown @ 0x86600DF8)
S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x871DC868)
S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87036DE0)
S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x871EAB80)
S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85E8E688)
S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x871ED648)
S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x871E8640)
S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x871EAAB0)
S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x871EA9E0)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87036EE8)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x871E82B8)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725040VLA380 ATA Device +++++
--- User ---
[MBR] fd8deb240bf8098a38ec337a10315105
[BSP] 4c00e8bb74ce040920247e26d3ccae2b : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10032 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20547135 | Size: 371518 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
#4
Posted 14 May 2012 - 01:37 PM
-
- Experts
-
- 17,447 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Please do this........
Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7
XP users > please back up the registry using ERUNT.
-----------------------------------------
Please download and run TDSSKiller to your desktop as outlined below:
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
-------------------------
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
------------------------
Click the Start Scan button.
-----------------------
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.
----------------------
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
--------------------
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
-------------------
Here's a summary of what to do if you would like to print it out:
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
MrC
Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7
XP users > please back up the registry using ERUNT.
-----------------------------------------
Please download and run TDSSKiller to your desktop as outlined below:
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
-------------------------
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
------------------------
Click the Start Scan button.
-----------------------
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.
----------------------
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
--------------------
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
-------------------
Here's a summary of what to do if you would like to print it out:
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#5
Posted 14 May 2012 - 02:04 PM
-
- Members
-
- 7 posts
New Member
14:02:08.0193 5176 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:02:08.0974 5176 ============================================================
14:02:08.0974 5176 Current date / time: 2012/05/14 14:02:08.0974
14:02:08.0974 5176 SystemInfo:
14:02:08.0974 5176
14:02:08.0974 5176 OS Version: 6.1.7601 ServicePack: 1.0
14:02:08.0974 5176 Product type: Workstation
14:02:08.0974 5176 ComputerName: SERENITY
14:02:08.0974 5176 UserName: Lenard
14:02:08.0974 5176 Windows directory: C:\Windows
14:02:08.0974 5176 System windows directory: C:\Windows
14:02:08.0974 5176 Processor architecture: Intel x86
14:02:08.0974 5176 Number of processors: 2
14:02:08.0974 5176 Page size: 0x1000
14:02:08.0974 5176 Boot type: Normal boot
14:02:08.0974 5176 ============================================================
14:02:11.0958 5176 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:02:11.0974 5176 ============================================================
14:02:11.0974 5176 \Device\Harddisk0\DR0:
14:02:11.0974 5176 MBR partitions:
14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1398600
14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139863F, BlocksNum 0x2D59F682
14:02:11.0974 5176 ============================================================
14:02:12.0005 5176 C: <-> \Device\Harddisk0\DR0\Partition1
14:02:12.0021 5176 D: <-> \Device\Harddisk0\DR0\Partition0
14:02:12.0021 5176 ============================================================
14:02:12.0021 5176 Initialize success
14:02:12.0021 5176 ============================================================
14:02:17.0771 4400 ============================================================
14:02:17.0771 4400 Scan started
14:02:17.0771 4400 Mode: Manual; SigCheck; TDLFS;
14:02:17.0771 4400 ============================================================
14:02:20.0115 4400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:02:20.0302 4400 1394ohci - ok
14:02:20.0333 4400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:02:20.0365 4400 ACPI - ok
14:02:20.0412 4400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:02:20.0505 4400 AcpiPmi - ok
14:02:20.0599 4400 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:02:20.0615 4400 AdobeARMservice - ok
14:02:20.0693 4400 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:02:20.0708 4400 AdobeFlashPlayerUpdateSvc - ok
14:02:20.0771 4400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:02:20.0787 4400 adp94xx - ok
14:02:20.0833 4400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:02:20.0849 4400 adpahci - ok
14:02:20.0865 4400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:02:20.0896 4400 adpu320 - ok
14:02:20.0912 4400 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:02:21.0052 4400 AeLookupSvc - ok
14:02:21.0099 4400 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:02:21.0162 4400 AFD - ok
14:02:21.0177 4400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:02:21.0208 4400 agp440 - ok
14:02:21.0240 4400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:02:21.0255 4400 aic78xx - ok
14:02:21.0302 4400 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:02:21.0365 4400 ALG - ok
14:02:21.0380 4400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:02:21.0412 4400 aliide - ok
14:02:21.0458 4400 AMD External Events Utility (f970ea885aefeb1b9eb97ca7f1eb226d) C:\Windows\system32\atiesrxx.exe
14:02:21.0521 4400 AMD External Events Utility - ok
14:02:21.0552 4400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:02:21.0568 4400 amdagp - ok
14:02:21.0583 4400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:02:21.0615 4400 amdide - ok
14:02:21.0646 4400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:02:21.0677 4400 AmdK8 - ok
14:02:22.0068 4400 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys
14:02:22.0380 4400 amdkmdag - ok
14:02:22.0474 4400 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys
14:02:22.0537 4400 amdkmdap - ok
14:02:22.0568 4400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:02:22.0599 4400 AmdPPM - ok
14:02:22.0708 4400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:02:22.0755 4400 amdsata - ok
14:02:23.0068 4400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:02:23.0115 4400 amdsbs - ok
14:02:23.0200 4400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:02:23.0235 4400 amdxata - ok
14:02:23.0493 4400 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
14:02:23.0696 4400 AppHostSvc - ok
14:02:23.0829 4400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:02:23.0875 4400 AppID - ok
14:02:23.0907 4400 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:02:23.0969 4400 AppIDSvc - ok
14:02:23.0985 4400 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:02:24.0047 4400 Appinfo - ok
14:02:24.0422 4400 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:02:24.0485 4400 Apple Mobile Device - ok
14:02:24.0719 4400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:02:24.0750 4400 arc - ok
14:02:24.0813 4400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:02:24.0860 4400 arcsas - ok
14:02:25.0157 4400 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:02:25.0235 4400 aspnet_state - ok
14:02:25.0282 4400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:02:26.0000 4400 AsyncMac - ok
14:02:26.0141 4400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:02:26.0157 4400 atapi - ok
14:02:26.0250 4400 atashost (da1b3ad3b06d5ded23f8e1a806731809) C:\Windows\system32\atashost.exe
14:02:26.0297 4400 atashost - ok
14:02:26.0469 4400 AtiHdmiService (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys
14:02:26.0579 4400 AtiHdmiService - ok
14:02:26.0938 4400 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:02:26.0985 4400 AudioEndpointBuilder - ok
14:02:27.0000 4400 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:02:27.0032 4400 Audiosrv - ok
14:02:27.0188 4400 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:02:27.0375 4400 AxInstSV - ok
14:02:27.0735 4400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:02:27.0829 4400 b06bdrv - ok
14:02:27.0922 4400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:02:27.0969 4400 b57nd60x - ok
14:02:28.0079 4400 BBSvc (c68ef736cb6e92e885b9a085536b8c6f) C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe
14:02:28.0110 4400 BBSvc - ok
14:02:28.0125 4400 BBUpdate (d4b0ee780cf3c1918a8ff65865d3b91f) C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.exe
14:02:28.0172 4400 BBUpdate - ok
14:02:28.0204 4400 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:02:28.0235 4400 BcmSqlStartupSvc - ok
14:02:28.0266 4400 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:02:28.0329 4400 BDESVC - ok
14:02:28.0360 4400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:02:28.0407 4400 Beep - ok
14:02:28.0469 4400 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
14:02:28.0516 4400 BFE - ok
14:02:28.0704 4400 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
14:02:28.0750 4400 BHDrvx86 - ok
14:02:28.0844 4400 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
14:02:28.0922 4400 BITS - ok
14:02:28.0954 4400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:02:29.0000 4400 blbdrive - ok
14:02:29.0063 4400 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:02:29.0094 4400 Bonjour Service - ok
14:02:29.0141 4400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:02:29.0204 4400 bowser - ok
14:02:29.0235 4400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:02:29.0266 4400 BrFiltLo - ok
14:02:29.0282 4400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:02:29.0329 4400 BrFiltUp - ok
14:02:29.0360 4400 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:02:29.0422 4400 BridgeMP - ok
14:02:29.0454 4400 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:02:29.0500 4400 Browser - ok
14:02:29.0547 4400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:02:29.0641 4400 Brserid - ok
14:02:29.0657 4400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:02:29.0688 4400 BrSerWdm - ok
14:02:29.0704 4400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:02:29.0735 4400 BrUsbMdm - ok
14:02:29.0750 4400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:02:29.0797 4400 BrUsbSer - ok
14:02:29.0829 4400 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
14:02:29.0907 4400 BTCFilterService - ok
14:02:29.0922 4400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
14:02:29.0969 4400 BTHMODEM - ok
14:02:30.0000 4400 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:02:30.0047 4400 bthserv - ok
14:02:30.0125 4400 catchme - ok
14:02:30.0219 4400 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602000.009\ccSetx86.sys
14:02:30.0235 4400 ccSet_N360 - ok
14:02:30.0297 4400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:02:30.0329 4400 cdfs - ok
14:02:30.0391 4400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:02:30.0422 4400 cdrom - ok
14:02:30.0454 4400 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:02:30.0500 4400 CertPropSvc - ok
14:02:30.0516 4400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:02:30.0547 4400 circlass - ok
14:02:30.0563 4400 CISVC (3e2afafa158c9ed670c106842bdcc81e) C:\Windows\system32\CISVC.EXE
14:02:30.0610 4400 CISVC - ok
14:02:30.0641 4400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:02:30.0657 4400 CLFS - ok
14:02:30.0735 4400 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:30.0750 4400 clr_optimization_v2.0.50727_32 - ok
14:02:30.0813 4400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:02:30.0860 4400 clr_optimization_v4.0.30319_32 - ok
14:02:30.0875 4400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
14:02:30.0907 4400 CmBatt - ok
14:02:30.0922 4400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:02:30.0954 4400 cmdide - ok
14:02:30.0985 4400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:02:31.0032 4400 CNG - ok
14:02:31.0032 4400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
14:02:31.0047 4400 Compbatt - ok
14:02:31.0094 4400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:02:31.0125 4400 CompositeBus - ok
14:02:31.0141 4400 COMSysApp - ok
14:02:31.0172 4400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:02:31.0188 4400 crcdisk - ok
14:02:31.0250 4400 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
14:02:31.0282 4400 CryptSvc - ok
14:02:31.0313 4400 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:02:31.0360 4400 DcomLaunch - ok
14:02:31.0391 4400 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:02:31.0438 4400 defragsvc - ok
14:02:31.0469 4400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:02:31.0516 4400 DfsC - ok
14:02:31.0579 4400 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:02:31.0625 4400 Dhcp - ok
14:02:31.0672 4400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:02:31.0719 4400 discache - ok
14:02:31.0750 4400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:02:31.0766 4400 Disk - ok
14:02:31.0907 4400 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
14:02:31.0938 4400 DiskDoctorService - ok
14:02:31.0969 4400 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:02:32.0000 4400 Dnscache - ok
14:02:32.0032 4400 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:02:32.0079 4400 dot3svc - ok
14:02:32.0125 4400 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
14:02:32.0172 4400 Dot4 - ok
14:02:32.0204 4400 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:02:32.0235 4400 Dot4Print - ok
14:02:32.0235 4400 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
14:02:32.0266 4400 dot4usb - ok
14:02:32.0282 4400 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:02:32.0329 4400 DPS - ok
14:02:32.0375 4400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:02:32.0391 4400 drmkaud - ok
14:02:32.0454 4400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:02:32.0485 4400 DXGKrnl - ok
14:02:32.0500 4400 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:02:32.0547 4400 EapHost - ok
14:02:32.0688 4400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:02:32.0797 4400 ebdrv - ok
14:02:32.0875 4400 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:02:32.0907 4400 eeCtrl - ok
14:02:32.0985 4400 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
14:02:33.0063 4400 EFS - ok
14:02:33.0110 4400 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:02:33.0157 4400 ehRecvr - ok
14:02:33.0172 4400 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:02:33.0204 4400 ehSched - ok
14:02:33.0266 4400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:02:33.0297 4400 elxstor - ok
14:02:33.0391 4400 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:02:33.0422 4400 EraserUtilRebootDrv - ok
14:02:33.0438 4400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:02:33.0469 4400 ErrDev - ok
14:02:33.0516 4400 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:02:33.0563 4400 EventSystem - ok
14:02:33.0594 4400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:02:33.0625 4400 exfat - ok
14:02:33.0657 4400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:02:33.0704 4400 fastfat - ok
14:02:33.0766 4400 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:02:33.0844 4400 Fax - ok
14:02:33.0860 4400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:02:33.0891 4400 fdc - ok
14:02:33.0907 4400 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:02:33.0954 4400 fdPHost - ok
14:02:33.0985 4400 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:02:34.0016 4400 FDResPub - ok
14:02:34.0047 4400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:02:34.0063 4400 FileInfo - ok
14:02:34.0079 4400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:02:34.0125 4400 Filetrace - ok
14:02:34.0141 4400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:02:34.0172 4400 flpydisk - ok
14:02:34.0266 4400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:02:34.0282 4400 FltMgr - ok
14:02:34.0407 4400 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:02:34.0500 4400 FontCache - ok
14:02:34.0579 4400 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:02:34.0594 4400 FontCache3.0.0.0 - ok
14:02:34.0610 4400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:02:34.0641 4400 FsDepends - ok
14:02:34.0657 4400 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
14:02:34.0688 4400 Fs_Rec - ok
14:02:34.0735 4400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:02:34.0750 4400 fvevol - ok
14:02:34.0782 4400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:02:34.0813 4400 gagp30kx - ok
14:02:34.0829 4400 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:02:34.0844 4400 GEARAspiWDM - ok
14:02:34.0875 4400 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:02:34.0938 4400 gpsvc - ok
14:02:35.0016 4400 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:02:35.0032 4400 gusvc - ok
14:02:35.0047 4400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:02:35.0094 4400 hcw85cir - ok
14:02:35.0157 4400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:02:35.0204 4400 HdAudAddService - ok
14:02:35.0250 4400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:02:35.0266 4400 HDAudBus - ok
14:02:35.0297 4400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:02:35.0313 4400 HidBatt - ok
14:02:35.0329 4400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:02:35.0375 4400 HidBth - ok
14:02:35.0407 4400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:02:35.0422 4400 HidIr - ok
14:02:35.0454 4400 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:02:35.0500 4400 hidserv - ok
14:02:35.0547 4400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:02:35.0579 4400 HidUsb - ok
14:02:35.0594 4400 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:02:35.0625 4400 hkmsvc - ok
14:02:35.0641 4400 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:02:35.0704 4400 HomeGroupListener - ok
14:02:35.0719 4400 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:02:35.0766 4400 HomeGroupProvider - ok
14:02:35.0860 4400 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:02:35.0875 4400 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:02:35.0875 4400 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:02:35.0969 4400 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:02:36.0000 4400 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:02:36.0000 4400 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:02:36.0032 4400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:02:36.0047 4400 HpSAMD - ok
14:02:36.0125 4400 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:02:36.0204 4400 HSF_DPV - ok
14:02:36.0219 4400 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:02:36.0266 4400 HSXHWBS2 - ok
14:02:36.0329 4400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:02:36.0360 4400 HTTP - ok
14:02:36.0375 4400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:02:36.0391 4400 hwpolicy - ok
14:02:36.0422 4400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:02:36.0454 4400 i8042prt - ok
14:02:36.0516 4400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:02:36.0547 4400 iaStorV - ok
14:02:36.0641 4400 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:02:36.0672 4400 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:02:36.0672 4400 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:02:36.0782 4400 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:02:36.0829 4400 idsvc - ok
14:02:36.0969 4400 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120511.001\IDSvix86.sys
14:02:37.0000 4400 IDSVix86 - ok
14:02:37.0079 4400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:02:37.0110 4400 iirsp - ok
14:02:37.0172 4400 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:02:37.0250 4400 IKEEXT - ok
14:02:37.0375 4400 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
14:02:37.0422 4400 IntcAzAudAddService - ok
14:02:37.0532 4400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:02:37.0563 4400 intelide - ok
14:02:37.0594 4400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:02:37.0625 4400 intelppm - ok
14:02:37.0657 4400 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:02:37.0688 4400 IPBusEnum - ok
14:02:37.0704 4400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:37.0750 4400 IpFilterDriver - ok
14:02:37.0797 4400 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
14:02:37.0844 4400 iphlpsvc - ok
14:02:37.0875 4400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:02:37.0891 4400 IPMIDRV - ok
14:02:37.0922 4400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:02:37.0969 4400 IPNAT - ok
14:02:38.0063 4400 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
14:02:38.0110 4400 iPod Service - ok
14:02:38.0141 4400 iprip (72dd56197db4af4de203efe0d9e5901e) C:\Windows\System32\iprip.dll
14:02:38.0172 4400 iprip - ok
14:02:38.0297 4400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:02:38.0344 4400 IRENUM - ok
14:02:38.0391 4400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:02:38.0422 4400 isapnp - ok
14:02:38.0610 4400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:02:38.0657 4400 iScsiPrt - ok
14:02:38.0766 4400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:02:38.0797 4400 kbdclass - ok
14:02:38.0907 4400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:02:38.0954 4400 kbdhid - ok
14:02:39.0032 4400 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:39.0063 4400 KeyIso - ok
14:02:39.0094 4400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:02:39.0125 4400 KSecDD - ok
14:02:39.0157 4400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:02:39.0172 4400 KSecPkg - ok
14:02:39.0219 4400 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:02:39.0266 4400 KtmRm - ok
14:02:39.0360 4400 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
14:02:39.0422 4400 LanmanServer - ok
14:02:39.0454 4400 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:02:39.0500 4400 LanmanWorkstation - ok
14:02:39.0547 4400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:02:39.0594 4400 lltdio - ok
14:02:39.0610 4400 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:02:39.0657 4400 lltdsvc - ok
14:02:39.0672 4400 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:02:39.0719 4400 lmhosts - ok
14:02:39.0750 4400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:02:39.0782 4400 LSI_FC - ok
14:02:39.0813 4400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:02:39.0844 4400 LSI_SAS - ok
14:02:39.0860 4400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:02:39.0875 4400 LSI_SAS2 - ok
14:02:39.0907 4400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:02:39.0922 4400 LSI_SCSI - ok
14:02:39.0938 4400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:02:40.0000 4400 luafv - ok
14:02:40.0016 4400 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:02:40.0032 4400 MBAMProtector - ok
14:02:40.0125 4400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:02:40.0157 4400 MBAMService - ok
14:02:40.0219 4400 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:02:40.0313 4400 Mcx2Svc - ok
14:02:40.0360 4400 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:02:40.0422 4400 mdmxsdk - ok
14:02:40.0547 4400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:02:40.0594 4400 megasas - ok
14:02:40.0782 4400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:02:40.0813 4400 MegaSR - ok
14:02:40.0985 4400 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:02:41.0000 4400 Microsoft Office Groove Audit Service - ok
14:02:41.0063 4400 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:02:41.0125 4400 MMCSS - ok
14:02:41.0157 4400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:02:41.0219 4400 Modem - ok
14:02:41.0282 4400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:02:41.0313 4400 monitor - ok
14:02:41.0344 4400 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
14:02:41.0438 4400 motandroidusb - ok
14:02:41.0469 4400 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
14:02:41.0532 4400 motccgp - ok
14:02:41.0563 4400 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
14:02:41.0610 4400 motccgpfl - ok
14:02:41.0625 4400 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
14:02:41.0704 4400 motmodem - ok
14:02:41.0719 4400 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
14:02:41.0735 4400 MotoSwitchService - ok
14:02:41.0750 4400 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
14:02:41.0782 4400 Motousbnet - ok
14:02:41.0813 4400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:02:41.0829 4400 mouclass - ok
14:02:41.0860 4400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:02:41.0891 4400 mouhid - ok
14:02:41.0907 4400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:02:41.0922 4400 mountmgr - ok
14:02:41.0985 4400 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:02:42.0032 4400 MozillaMaintenance - ok
14:02:42.0079 4400 mozyprobackup (bfef4138a016fab92f6d255416a9c967) C:\Program Files\MozyPro\mozyprobackup.exe
14:02:42.0094 4400 mozyprobackup - ok
14:02:42.0125 4400 mozyproFilter (7f4e5e7bbae245616c28a53b94dd7ddb) C:\Windows\system32\DRIVERS\mozypro.sys
14:02:42.0141 4400 mozyproFilter - ok
14:02:42.0157 4400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:02:42.0188 4400 mpio - ok
14:02:42.0219 4400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:02:42.0250 4400 mpsdrv - ok
14:02:42.0313 4400 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
14:02:42.0360 4400 MpsSvc - ok
14:02:42.0375 4400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:02:42.0422 4400 MRxDAV - ok
14:02:42.0469 4400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:42.0516 4400 mrxsmb - ok
14:02:42.0532 4400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:42.0563 4400 mrxsmb10 - ok
14:02:42.0579 4400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:42.0610 4400 mrxsmb20 - ok
14:02:42.0625 4400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:02:42.0657 4400 msahci - ok
14:02:42.0672 4400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:02:42.0688 4400 msdsm - ok
14:02:42.0719 4400 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:02:42.0750 4400 MSDTC - ok
14:02:42.0782 4400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:02:42.0813 4400 Msfs - ok
14:02:42.0829 4400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:02:42.0875 4400 mshidkmdf - ok
14:02:42.0891 4400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:02:42.0907 4400 msisadrv - ok
14:02:42.0938 4400 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:02:43.0000 4400 MSiSCSI - ok
14:02:43.0000 4400 msiserver - ok
14:02:43.0047 4400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:02:43.0094 4400 MSKSSRV - ok
14:02:43.0125 4400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:43.0188 4400 MSPCLOCK - ok
14:02:43.0204 4400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:02:43.0235 4400 MSPQM - ok
14:02:43.0266 4400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:02:43.0282 4400 MsRPC - ok
14:02:43.0297 4400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:02:43.0313 4400 mssmbios - ok
14:02:43.0375 4400 MSSQL$MSSMLBIZ - ok
14:02:43.0391 4400 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:02:43.0422 4400 MSSQLServerADHelper - ok
14:02:43.0454 4400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:02:43.0485 4400 MSTEE - ok
14:02:43.0516 4400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
14:02:43.0547 4400 MTConfig - ok
14:02:43.0563 4400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:02:43.0579 4400 Mup - ok
14:02:43.0625 4400 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
14:02:43.0657 4400 N360 - ok
14:02:43.0688 4400 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
14:02:43.0735 4400 napagent - ok
14:02:43.0782 4400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:02:43.0829 4400 NativeWifiP - ok
14:02:44.0016 4400 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVENG.SYS
14:02:44.0032 4400 NAVENG - ok
14:02:44.0125 4400 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVEX15.SYS
14:02:44.0188 4400 NAVEX15 - ok
14:02:44.0313 4400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:02:44.0360 4400 NDIS - ok
14:02:44.0375 4400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:02:44.0422 4400 NdisCap - ok
14:02:44.0454 4400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:44.0516 4400 NdisTapi - ok
14:02:44.0532 4400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:44.0579 4400 Ndisuio - ok
14:02:44.0610 4400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:44.0657 4400 NdisWan - ok
14:02:44.0657 4400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:02:44.0688 4400 NDProxy - ok
14:02:44.0719 4400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:02:44.0782 4400 NetBIOS - ok
14:02:44.0797 4400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:02:44.0844 4400 NetBT - ok
14:02:44.0860 4400 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:44.0875 4400 Netlogon - ok
14:02:44.0938 4400 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:02:44.0969 4400 Netman - ok
14:02:45.0063 4400 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0094 4400 NetMsmqActivator - ok
14:02:45.0094 4400 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0125 4400 NetPipeActivator - ok
14:02:45.0172 4400 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:02:45.0235 4400 netprofm - ok
14:02:45.0250 4400 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0266 4400 NetTcpActivator - ok
14:02:45.0266 4400 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0282 4400 NetTcpPortSharing - ok
14:02:45.0329 4400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
14:02:45.0344 4400 nfrd960 - ok
14:02:45.0375 4400 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
14:02:45.0422 4400 NlaSvc - ok
14:02:45.0438 4400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:02:45.0485 4400 Npfs - ok
14:02:45.0500 4400 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:02:45.0547 4400 nsi - ok
14:02:45.0563 4400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:02:45.0610 4400 nsiproxy - ok
14:02:45.0688 4400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:02:45.0750 4400 Ntfs - ok
14:02:45.0844 4400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:02:45.0891 4400 Null - ok
14:02:45.0922 4400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:02:45.0954 4400 nvraid - ok
14:02:45.0985 4400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:02:46.0016 4400 nvstor - ok
14:02:46.0032 4400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:02:46.0047 4400 nv_agp - ok
14:02:46.0125 4400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:02:46.0157 4400 odserv - ok
14:02:46.0235 4400 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:02:46.0282 4400 ohci1394 - ok
14:02:46.0329 4400 ose (067db5b067722997fcafe1858163d411) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:46.0344 4400 ose - ok
14:02:46.0391 4400 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:02:46.0469 4400 p2pimsvc - ok
14:02:46.0516 4400 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:02:46.0532 4400 p2psvc - ok
14:02:46.0594 4400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:02:46.0610 4400 Parport - ok
14:02:46.0657 4400 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
14:02:46.0672 4400 partmgr - ok
14:02:46.0688 4400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:02:46.0719 4400 Parvdm - ok
14:02:46.0750 4400 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:02:46.0782 4400 PcaSvc - ok
14:02:46.0797 4400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:02:46.0829 4400 pci - ok
14:02:46.0844 4400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:02:46.0860 4400 pciide - ok
14:02:46.0891 4400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
14:02:46.0922 4400 pcmcia - ok
14:02:46.0922 4400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:02:46.0954 4400 pcw - ok
14:02:47.0000 4400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:02:47.0047 4400 PEAUTH - ok
14:02:47.0141 4400 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
14:02:47.0219 4400 pla - ok
14:02:47.0313 4400 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
14:02:47.0375 4400 PlugPlay - ok
14:02:47.0407 4400 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:02:47.0438 4400 PNRPAutoReg - ok
14:02:47.0454 4400 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:02:47.0485 4400 PNRPsvc - ok
14:02:47.0516 4400 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
14:02:47.0563 4400 PolicyAgent - ok
14:02:47.0594 4400 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
14:02:47.0625 4400 Power - ok
14:02:47.0672 4400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:02:47.0735 4400 PptpMiniport - ok
14:02:47.0750 4400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
14:02:47.0766 4400 Processor - ok
14:02:47.0797 4400 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
14:02:47.0829 4400 ProfSvc - ok
14:02:47.0844 4400 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:47.0875 4400 ProtectedStorage - ok
14:02:47.0907 4400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:02:47.0954 4400 Psched - ok
14:02:48.0016 4400 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys
14:02:48.0032 4400 PSSDK42 - ok
14:02:48.0047 4400 PSSDKLBF (0bec7b42f4093400509821c63f13f1d5) C:\Windows\system32\Drivers\pssdklbf.sys
14:02:48.0063 4400 PSSDKLBF - ok
14:02:48.0141 4400 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:02:48.0188 4400 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
14:02:48.0188 4400 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
14:02:48.0266 4400 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:02:48.0313 4400 QBFCService ( UnsignedFile.Multi.Generic ) - warning
14:02:48.0313 4400 QBFCService - detected UnsignedFile.Multi.Generic (1)
14:02:48.0407 4400 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
14:02:48.0469 4400 QBVSS ( UnsignedFile.Multi.Generic ) - warning
14:02:48.0469 4400 QBVSS - detected UnsignedFile.Multi.Generic (1)
14:02:48.0610 4400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
14:02:48.0657 4400 ql2300 - ok
14:02:48.0688 4400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
14:02:48.0719 4400 ql40xx - ok
14:02:48.0782 4400 QuickBooksDB21 - ok
14:02:48.0813 4400 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:02:48.0844 4400 QWAVE - ok
14:02:48.0860 4400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:02:48.0891 4400 QWAVEdrv - ok
14:02:48.0907 4400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:02:48.0954 4400 RasAcd - ok
14:02:49.0000 4400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:02:49.0032 4400 RasAgileVpn - ok
14:02:49.0063 4400 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:02:49.0110 4400 RasAuto - ok
14:02:49.0125 4400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:49.0172 4400 Rasl2tp - ok
14:02:49.0204 4400 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
14:02:49.0266 4400 RasMan - ok
14:02:49.0297 4400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:49.0344 4400 RasPppoe - ok
14:02:49.0360 4400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:02:49.0407 4400 RasSstp - ok
14:02:49.0422 4400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:02:49.0485 4400 rdbss - ok
14:02:49.0500 4400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
14:02:49.0532 4400 rdpbus - ok
14:02:49.0532 4400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:02:49.0579 4400 RDPCDD - ok
14:02:49.0594 4400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:02:49.0641 4400 RDPENCDD - ok
14:02:49.0641 4400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:02:49.0688 4400 RDPREFMP - ok
14:02:49.0719 4400 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
14:02:49.0782 4400 RDPWD - ok
14:02:49.0813 4400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:02:49.0844 4400 rdyboost - ok
14:02:49.0860 4400 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:02:49.0907 4400 RemoteAccess - ok
14:02:49.0922 4400 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:02:49.0954 4400 RemoteRegistry - ok
14:02:49.0985 4400 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
14:02:50.0000 4400 Revoflt - ok
14:02:50.0047 4400 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
14:02:50.0094 4400 RimUsb - ok
14:02:50.0141 4400 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:02:50.0204 4400 RimVSerPort - ok
14:02:50.0219 4400 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
14:02:50.0266 4400 ROOTMODEM - ok
14:02:50.0282 4400 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:02:50.0329 4400 RpcEptMapper - ok
14:02:50.0375 4400 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:02:50.0407 4400 RpcLocator - ok
14:02:50.0563 4400 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:02:50.0610 4400 RpcSs - ok
14:02:50.0641 4400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:02:50.0704 4400 rspndr - ok
14:02:50.0813 4400 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
14:02:50.0891 4400 RTL8023xp - ok
14:02:50.0907 4400 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:50.0922 4400 SamSs - ok
14:02:50.0969 4400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:02:50.0985 4400 sbp2port - ok
14:02:51.0016 4400 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:02:51.0079 4400 SCardSvr - ok
14:02:51.0094 4400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:02:51.0141 4400 scfilter - ok
14:02:51.0172 4400 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
14:02:51.0235 4400 Schedule - ok
14:02:51.0250 4400 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:02:51.0282 4400 SCPolicySvc - ok
14:02:51.0329 4400 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
14:02:51.0407 4400 SDRSVC - ok
14:02:51.0438 4400 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:02:51.0485 4400 secdrv - ok
14:02:51.0500 4400 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:02:51.0563 4400 seclogon - ok
14:02:51.0594 4400 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:02:51.0641 4400 SENS - ok
14:02:51.0672 4400 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:02:51.0750 4400 SensrSvc - ok
14:02:51.0797 4400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:02:51.0813 4400 Serenum - ok
14:02:51.0829 4400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:02:51.0844 4400 Serial - ok
14:02:51.0860 4400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
14:02:51.0891 4400 sermouse - ok
14:02:51.0922 4400 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
14:02:51.0969 4400 SessionEnv - ok
14:02:51.0985 4400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:02:52.0016 4400 sffdisk - ok
14:02:52.0047 4400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:02:52.0063 4400 sffp_mmc - ok
14:02:52.0079 4400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:02:52.0110 4400 sffp_sd - ok
14:02:52.0125 4400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
14:02:52.0141 4400 sfloppy - ok
14:02:52.0172 4400 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:02:52.0235 4400 SharedAccess - ok
14:02:52.0282 4400 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
14:02:52.0313 4400 ShellHWDetection - ok
14:02:52.0329 4400 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
14:02:52.0360 4400 simptcp - ok
14:02:52.0375 4400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:02:52.0391 4400 sisagp - ok
14:02:52.0438 4400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
14:02:52.0469 4400 SiSRaid2 - ok
14:02:52.0485 4400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
14:02:52.0500 4400 SiSRaid4 - ok
14:02:52.0563 4400 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
14:02:52.0579 4400 SkypeUpdate - ok
14:02:52.0625 4400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:02:52.0657 4400 Smb - ok
14:02:52.0688 4400 SNMP (8f5171c837e64ff0ac48f0a29dd9e180) C:\Windows\System32\snmp.exe
14:02:52.0766 4400 SNMP - ok
14:02:52.0813 4400 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:02:52.0829 4400 SNMPTRAP - ok
14:02:52.0954 4400 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
14:02:53.0000 4400 SpeedDiskService - ok
14:02:53.0032 4400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:02:53.0047 4400 spldr - ok
14:02:53.0094 4400 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
14:02:53.0157 4400 Spooler - ok
14:02:53.0485 4400 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
14:02:53.0579 4400 sppsvc - ok
14:02:53.0688 4400 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
14:02:53.0719 4400 sppuinotify - ok
14:02:53.0782 4400 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:02:53.0797 4400 SQLBrowser - ok
14:02:53.0829 4400 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:02:53.0844 4400 SQLWriter - ok
14:02:53.0954 4400 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602000.009\SRTSP.SYS
14:02:53.0985 4400 SRTSP - ok
14:02:54.0000 4400 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602000.009\SRTSPX.SYS
14:02:54.0016 4400 SRTSPX - ok
14:02:54.0047 4400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:02:54.0110 4400 srv - ok
14:02:54.0141 4400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:02:54.0204 4400 srv2 - ok
14:02:54.0235 4400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:02:54.0282 4400 srvnet - ok
14:02:54.0313 4400 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:02:54.0360 4400 SSDPSRV - ok
14:02:54.0422 4400 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:02:54.0485 4400 SstpSvc - ok
14:02:54.0516 4400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
14:02:54.0532 4400 stexstor - ok
14:02:54.0594 4400 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
14:02:54.0641 4400 StiSvc - ok
14:02:54.0657 4400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:02:54.0672 4400 swenum - ok
14:02:54.0719 4400 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:02:54.0766 4400 swprv - ok
14:02:54.0891 4400 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
14:02:54.0922 4400 Symantec RemoteAssist - ok
14:02:55.0000 4400 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602000.009\SYMDS.SYS
14:02:55.0032 4400 SymDS - ok
14:02:55.0079 4400 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\Windows\system32\drivers\SymDSMon.sys
14:02:55.0094 4400 SymDSMon - ok
14:02:55.0141 4400 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602000.009\SYMEFA.SYS
14:02:55.0172 4400 SymEFA - ok
14:02:55.0219 4400 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:02:55.0235 4400 SymEvent - ok
14:02:55.0282 4400 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
14:02:55.0313 4400 SymIM - ok
14:02:55.0344 4400 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602000.009\Ironx86.SYS
14:02:55.0375 4400 SymIRON - ok
14:02:55.0422 4400 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0602000.009\SYMNETS.SYS
14:02:55.0454 4400 SymNetS - ok
14:02:55.0485 4400 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\Windows\system32\drivers\SymSpeedDisk.sys
14:02:55.0500 4400 SYMSpeedDisk - ok
14:02:55.0563 4400 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
14:02:55.0610 4400 SysMain - ok
14:02:55.0625 4400 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
14:02:55.0657 4400 TabletInputService - ok
14:02:55.0688 4400 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
14:02:55.0735 4400 TapiSrv - ok
14:02:55.0766 4400 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:02:55.0813 4400 TBS - ok
14:02:55.0891 4400 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
14:02:55.0938 4400 Tcpip - ok
14:02:56.0079 4400 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
14:02:56.0125 4400 TCPIP6 - ok
14:02:56.0172 4400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:02:56.0204 4400 tcpipreg - ok
14:02:56.0235 4400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:02:56.0250 4400 TDPIPE - ok
14:02:56.0282 4400 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
14:02:56.0313 4400 TDTCP - ok
14:02:56.0329 4400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:02:56.0375 4400 tdx - ok
14:02:56.0391 4400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
14:02:56.0407 4400 TermDD - ok
14:02:56.0454 4400 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
14:02:56.0500 4400 TermService - ok
14:02:56.0516 4400 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:02:56.0547 4400 Themes - ok
14:02:56.0579 4400 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:02:56.0625 4400 THREADORDER - ok
14:02:56.0641 4400 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe
14:02:56.0704 4400 TlntSvr - ok
14:02:56.0735 4400 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:02:56.0782 4400 TrkWks - ok
14:02:56.0797 4400 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
14:02:56.0844 4400 truecrypt - ok
14:02:56.0891 4400 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
14:02:56.0938 4400 TrustedInstaller - ok
14:02:56.0969 4400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:02:57.0016 4400 tssecsrv - ok
14:02:57.0016 4400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:02:57.0094 4400 TsUsbFlt - ok
14:02:57.0094 4400 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
14:02:57.0141 4400 TsUsbGD - ok
14:02:57.0266 4400 TuneUp.UtilitiesSvc (86cd728fb5f6a409112662e1596d987b) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
14:02:57.0329 4400 TuneUp.UtilitiesSvc - ok
14:02:57.0329 4400 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
14:02:57.0360 4400 TuneUpUtilitiesDrv - ok
14:02:57.0469 4400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:02:57.0500 4400 tunnel - ok
14:02:57.0579 4400 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
14:02:57.0625 4400 tvnserver - ok
14:02:57.0625 4400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
14:02:57.0641 4400 uagp35 - ok
14:02:57.0672 4400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:02:57.0704 4400 udfs - ok
14:02:57.0750 4400 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:02:57.0782 4400 UI0Detect - ok
14:02:57.0829 4400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:02:57.0844 4400 uliagpkx - ok
14:02:57.0875 4400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
14:02:57.0922 4400 umbus - ok
14:02:57.0938 4400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
14:02:57.0954 4400 UmPass - ok
14:02:58.0000 4400 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:02:58.0047 4400 upnphost - ok
14:02:58.0094 4400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:02:58.0141 4400 usbccgp - ok
14:02:58.0157 4400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:02:58.0219 4400 usbcir - ok
14:02:58.0250 4400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
14:02:58.0282 4400 usbehci - ok
14:02:58.0313 4400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:02:58.0375 4400 usbhub - ok
14:02:58.0391 4400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:02:58.0454 4400 usbohci - ok
14:02:58.0469 4400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:02:58.0500 4400 usbprint - ok
14:02:58.0532 4400 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:02:58.0563 4400 usbscan - ok
14:02:58.0594 4400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:02:58.0672 4400 USBSTOR - ok
14:02:58.0688 4400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:02:58.0704 4400 usbuhci - ok
14:02:58.0735 4400 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:02:58.0766 4400 UxSms - ok
14:02:58.0797 4400 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:58.0813 4400 VaultSvc - ok
14:02:58.0860 4400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:02:58.0875 4400 vdrvroot - ok
14:02:58.0907 4400 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
14:02:58.0954 4400 vds - ok
14:02:58.0985 4400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:02:59.0000 4400 vga - ok
14:02:59.0016 4400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:02:59.0047 4400 VgaSave - ok
14:02:59.0063 4400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:02:59.0094 4400 vhdmp - ok
14:02:59.0125 4400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:02:59.0141 4400 viaagp - ok
14:02:59.0172 4400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
14:02:59.0204 4400 ViaC7 - ok
14:02:59.0235 4400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:02:59.0250 4400 viaide - ok
14:02:59.0266 4400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:02:59.0282 4400 volmgr - ok
14:02:59.0313 4400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:02:59.0344 4400 volmgrx - ok
14:02:59.0360 4400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:02:59.0375 4400 volsnap - ok
14:02:59.0422 4400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
14:02:59.0438 4400 vsmraid - ok
14:02:59.0500 4400 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
14:02:59.0563 4400 VSS - ok
14:02:59.0579 4400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:02:59.0625 4400 vwifibus - ok
14:02:59.0641 4400 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:02:59.0688 4400 W32Time - ok
14:02:59.0735 4400 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
14:02:59.0766 4400 W3SVC - ok
14:02:59.0782 4400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
14:02:59.0813 4400 WacomPen - ok
14:02:59.0844 4400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:59.0891 4400 WANARP - ok
14:02:59.0907 4400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:59.0938 4400 Wanarpv6 - ok
14:02:59.0954 4400 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
14:02:59.0969 4400 WAS - ok
14:03:00.0110 4400 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:03:00.0172 4400 WatAdminSvc - ok
14:03:00.0297 4400 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
14:03:00.0375 4400 wbengine - ok
14:03:00.0391 4400 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:03:00.0438 4400 WbioSrvc - ok
14:03:00.0469 4400 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
14:03:00.0500 4400 wcncsvc - ok
14:03:00.0532 4400 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:03:00.0579 4400 WcsPlugInService - ok
14:03:00.0625 4400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
14:03:00.0641 4400 Wd - ok
14:03:00.0672 4400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:03:00.0704 4400 Wdf01000 - ok
14:03:00.0719 4400 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:03:00.0797 4400 WdiServiceHost - ok
14:03:00.0797 4400 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:03:00.0829 4400 WdiSystemHost - ok
14:03:00.0860 4400 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
14:03:00.0891 4400 WebClient - ok
14:03:00.0922 4400 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:03:00.0954 4400 Wecsvc - ok
14:03:00.0969 4400 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:03:01.0016 4400 wercplsupport - ok
14:03:01.0047 4400 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:03:01.0094 4400 WerSvc - ok
14:03:01.0125 4400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:03:01.0172 4400 WfpLwf - ok
14:03:01.0188 4400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:03:01.0219 4400 WIMMount - ok
14:03:01.0250 4400 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:03:01.0313 4400 winachsf - ok
14:03:01.0391 4400 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:03:01.0454 4400 WinDefend - ok
14:03:01.0469 4400 WinHttpAutoProxySvc - ok
14:03:01.0610 4400 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:03:01.0641 4400 Winmgmt - ok
14:03:01.0719 4400 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
14:03:01.0782 4400 WinRM - ok
14:03:01.0844 4400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:03:01.0875 4400 WinUsb - ok
14:03:01.0922 4400 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:03:01.0969 4400 Wlansvc - ok
14:03:02.0094 4400 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:03:02.0157 4400 wlidsvc - ok
14:03:02.0250 4400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:03:02.0282 4400 WmiAcpi - ok
14:03:02.0329 4400 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:03:02.0360 4400 wmiApSrv - ok
14:03:02.0469 4400 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:03:02.0532 4400 WMPNetworkSvc - ok
14:03:02.0641 4400 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:03:02.0704 4400 WPCSvc - ok
14:03:02.0719 4400 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
14:03:02.0750 4400 WPDBusEnum - ok
14:03:02.0797 4400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:03:02.0844 4400 ws2ifsl - ok
14:03:02.0875 4400 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
14:03:02.0891 4400 WsAudio_DeviceS(1) - ok
14:03:02.0907 4400 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
14:03:02.0922 4400 WsAudio_DeviceS(2) - ok
14:03:02.0938 4400 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
14:03:02.0954 4400 WsAudio_DeviceS(3) - ok
14:03:02.0969 4400 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
14:03:03.0000 4400 WsAudio_DeviceS(4) - ok
14:03:03.0016 4400 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
14:03:03.0032 4400 WsAudio_DeviceS(5) - ok
14:03:03.0094 4400 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
14:03:03.0125 4400 wscsvc - ok
14:03:03.0125 4400 WSearch - ok
14:03:03.0219 4400 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
14:03:03.0297 4400 wuauserv - ok
14:03:03.0391 4400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:03:03.0422 4400 WudfPf - ok
14:03:03.0469 4400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:03:03.0516 4400 WUDFRd - ok
14:03:03.0547 4400 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
14:03:03.0610 4400 wudfsvc - ok
14:03:03.0625 4400 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:03:03.0657 4400 WwanSvc - ok
14:03:03.0750 4400 WysePocketCloud (7868f4758712393cb08a82917a8a9927) C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
14:03:03.0782 4400 WysePocketCloud - ok
14:03:03.0797 4400 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
14:03:03.0829 4400 XAudio - ok
14:03:03.0844 4400 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
14:03:03.0875 4400 XAudioService - ok
14:03:03.0922 4400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:03:04.0016 4400 \Device\Harddisk0\DR0 - ok
14:03:04.0016 4400 Boot (0x1200) (42453c69628f84743c244c56ca58f1c3) \Device\Harddisk0\DR0\Partition0
14:03:04.0016 4400 \Device\Harddisk0\DR0\Partition0 - ok
14:03:04.0032 4400 Boot (0x1200) (14dde3687721ef310b1fe392a2aa3644) \Device\Harddisk0\DR0\Partition1
14:03:04.0032 4400 \Device\Harddisk0\DR0\Partition1 - ok
14:03:04.0032 4400 ============================================================
14:03:04.0032 4400 Scan finished
14:03:04.0032 4400 ============================================================
14:03:04.0047 4172 Detected object count: 6
14:03:04.0047 4172 Actual detected object count: 6
14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:08.0974 5176 ============================================================
14:02:08.0974 5176 Current date / time: 2012/05/14 14:02:08.0974
14:02:08.0974 5176 SystemInfo:
14:02:08.0974 5176
14:02:08.0974 5176 OS Version: 6.1.7601 ServicePack: 1.0
14:02:08.0974 5176 Product type: Workstation
14:02:08.0974 5176 ComputerName: SERENITY
14:02:08.0974 5176 UserName: Lenard
14:02:08.0974 5176 Windows directory: C:\Windows
14:02:08.0974 5176 System windows directory: C:\Windows
14:02:08.0974 5176 Processor architecture: Intel x86
14:02:08.0974 5176 Number of processors: 2
14:02:08.0974 5176 Page size: 0x1000
14:02:08.0974 5176 Boot type: Normal boot
14:02:08.0974 5176 ============================================================
14:02:11.0958 5176 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:02:11.0974 5176 ============================================================
14:02:11.0974 5176 \Device\Harddisk0\DR0:
14:02:11.0974 5176 MBR partitions:
14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1398600
14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139863F, BlocksNum 0x2D59F682
14:02:11.0974 5176 ============================================================
14:02:12.0005 5176 C: <-> \Device\Harddisk0\DR0\Partition1
14:02:12.0021 5176 D: <-> \Device\Harddisk0\DR0\Partition0
14:02:12.0021 5176 ============================================================
14:02:12.0021 5176 Initialize success
14:02:12.0021 5176 ============================================================
14:02:17.0771 4400 ============================================================
14:02:17.0771 4400 Scan started
14:02:17.0771 4400 Mode: Manual; SigCheck; TDLFS;
14:02:17.0771 4400 ============================================================
14:02:20.0115 4400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:02:20.0302 4400 1394ohci - ok
14:02:20.0333 4400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:02:20.0365 4400 ACPI - ok
14:02:20.0412 4400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:02:20.0505 4400 AcpiPmi - ok
14:02:20.0599 4400 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:02:20.0615 4400 AdobeARMservice - ok
14:02:20.0693 4400 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:02:20.0708 4400 AdobeFlashPlayerUpdateSvc - ok
14:02:20.0771 4400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:02:20.0787 4400 adp94xx - ok
14:02:20.0833 4400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:02:20.0849 4400 adpahci - ok
14:02:20.0865 4400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:02:20.0896 4400 adpu320 - ok
14:02:20.0912 4400 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:02:21.0052 4400 AeLookupSvc - ok
14:02:21.0099 4400 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:02:21.0162 4400 AFD - ok
14:02:21.0177 4400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:02:21.0208 4400 agp440 - ok
14:02:21.0240 4400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:02:21.0255 4400 aic78xx - ok
14:02:21.0302 4400 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:02:21.0365 4400 ALG - ok
14:02:21.0380 4400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:02:21.0412 4400 aliide - ok
14:02:21.0458 4400 AMD External Events Utility (f970ea885aefeb1b9eb97ca7f1eb226d) C:\Windows\system32\atiesrxx.exe
14:02:21.0521 4400 AMD External Events Utility - ok
14:02:21.0552 4400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:02:21.0568 4400 amdagp - ok
14:02:21.0583 4400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:02:21.0615 4400 amdide - ok
14:02:21.0646 4400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:02:21.0677 4400 AmdK8 - ok
14:02:22.0068 4400 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys
14:02:22.0380 4400 amdkmdag - ok
14:02:22.0474 4400 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys
14:02:22.0537 4400 amdkmdap - ok
14:02:22.0568 4400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:02:22.0599 4400 AmdPPM - ok
14:02:22.0708 4400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:02:22.0755 4400 amdsata - ok
14:02:23.0068 4400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:02:23.0115 4400 amdsbs - ok
14:02:23.0200 4400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:02:23.0235 4400 amdxata - ok
14:02:23.0493 4400 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
14:02:23.0696 4400 AppHostSvc - ok
14:02:23.0829 4400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:02:23.0875 4400 AppID - ok
14:02:23.0907 4400 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:02:23.0969 4400 AppIDSvc - ok
14:02:23.0985 4400 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:02:24.0047 4400 Appinfo - ok
14:02:24.0422 4400 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:02:24.0485 4400 Apple Mobile Device - ok
14:02:24.0719 4400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:02:24.0750 4400 arc - ok
14:02:24.0813 4400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:02:24.0860 4400 arcsas - ok
14:02:25.0157 4400 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:02:25.0235 4400 aspnet_state - ok
14:02:25.0282 4400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:02:26.0000 4400 AsyncMac - ok
14:02:26.0141 4400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:02:26.0157 4400 atapi - ok
14:02:26.0250 4400 atashost (da1b3ad3b06d5ded23f8e1a806731809) C:\Windows\system32\atashost.exe
14:02:26.0297 4400 atashost - ok
14:02:26.0469 4400 AtiHdmiService (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys
14:02:26.0579 4400 AtiHdmiService - ok
14:02:26.0938 4400 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:02:26.0985 4400 AudioEndpointBuilder - ok
14:02:27.0000 4400 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:02:27.0032 4400 Audiosrv - ok
14:02:27.0188 4400 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:02:27.0375 4400 AxInstSV - ok
14:02:27.0735 4400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:02:27.0829 4400 b06bdrv - ok
14:02:27.0922 4400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:02:27.0969 4400 b57nd60x - ok
14:02:28.0079 4400 BBSvc (c68ef736cb6e92e885b9a085536b8c6f) C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe
14:02:28.0110 4400 BBSvc - ok
14:02:28.0125 4400 BBUpdate (d4b0ee780cf3c1918a8ff65865d3b91f) C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.exe
14:02:28.0172 4400 BBUpdate - ok
14:02:28.0204 4400 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:02:28.0235 4400 BcmSqlStartupSvc - ok
14:02:28.0266 4400 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:02:28.0329 4400 BDESVC - ok
14:02:28.0360 4400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:02:28.0407 4400 Beep - ok
14:02:28.0469 4400 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
14:02:28.0516 4400 BFE - ok
14:02:28.0704 4400 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
14:02:28.0750 4400 BHDrvx86 - ok
14:02:28.0844 4400 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
14:02:28.0922 4400 BITS - ok
14:02:28.0954 4400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:02:29.0000 4400 blbdrive - ok
14:02:29.0063 4400 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:02:29.0094 4400 Bonjour Service - ok
14:02:29.0141 4400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:02:29.0204 4400 bowser - ok
14:02:29.0235 4400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:02:29.0266 4400 BrFiltLo - ok
14:02:29.0282 4400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:02:29.0329 4400 BrFiltUp - ok
14:02:29.0360 4400 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:02:29.0422 4400 BridgeMP - ok
14:02:29.0454 4400 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:02:29.0500 4400 Browser - ok
14:02:29.0547 4400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:02:29.0641 4400 Brserid - ok
14:02:29.0657 4400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:02:29.0688 4400 BrSerWdm - ok
14:02:29.0704 4400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:02:29.0735 4400 BrUsbMdm - ok
14:02:29.0750 4400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:02:29.0797 4400 BrUsbSer - ok
14:02:29.0829 4400 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
14:02:29.0907 4400 BTCFilterService - ok
14:02:29.0922 4400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
14:02:29.0969 4400 BTHMODEM - ok
14:02:30.0000 4400 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:02:30.0047 4400 bthserv - ok
14:02:30.0125 4400 catchme - ok
14:02:30.0219 4400 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602000.009\ccSetx86.sys
14:02:30.0235 4400 ccSet_N360 - ok
14:02:30.0297 4400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:02:30.0329 4400 cdfs - ok
14:02:30.0391 4400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:02:30.0422 4400 cdrom - ok
14:02:30.0454 4400 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:02:30.0500 4400 CertPropSvc - ok
14:02:30.0516 4400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:02:30.0547 4400 circlass - ok
14:02:30.0563 4400 CISVC (3e2afafa158c9ed670c106842bdcc81e) C:\Windows\system32\CISVC.EXE
14:02:30.0610 4400 CISVC - ok
14:02:30.0641 4400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:02:30.0657 4400 CLFS - ok
14:02:30.0735 4400 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:30.0750 4400 clr_optimization_v2.0.50727_32 - ok
14:02:30.0813 4400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:02:30.0860 4400 clr_optimization_v4.0.30319_32 - ok
14:02:30.0875 4400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
14:02:30.0907 4400 CmBatt - ok
14:02:30.0922 4400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:02:30.0954 4400 cmdide - ok
14:02:30.0985 4400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:02:31.0032 4400 CNG - ok
14:02:31.0032 4400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
14:02:31.0047 4400 Compbatt - ok
14:02:31.0094 4400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:02:31.0125 4400 CompositeBus - ok
14:02:31.0141 4400 COMSysApp - ok
14:02:31.0172 4400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:02:31.0188 4400 crcdisk - ok
14:02:31.0250 4400 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
14:02:31.0282 4400 CryptSvc - ok
14:02:31.0313 4400 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:02:31.0360 4400 DcomLaunch - ok
14:02:31.0391 4400 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:02:31.0438 4400 defragsvc - ok
14:02:31.0469 4400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:02:31.0516 4400 DfsC - ok
14:02:31.0579 4400 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:02:31.0625 4400 Dhcp - ok
14:02:31.0672 4400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:02:31.0719 4400 discache - ok
14:02:31.0750 4400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:02:31.0766 4400 Disk - ok
14:02:31.0907 4400 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
14:02:31.0938 4400 DiskDoctorService - ok
14:02:31.0969 4400 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:02:32.0000 4400 Dnscache - ok
14:02:32.0032 4400 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:02:32.0079 4400 dot3svc - ok
14:02:32.0125 4400 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
14:02:32.0172 4400 Dot4 - ok
14:02:32.0204 4400 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:02:32.0235 4400 Dot4Print - ok
14:02:32.0235 4400 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
14:02:32.0266 4400 dot4usb - ok
14:02:32.0282 4400 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:02:32.0329 4400 DPS - ok
14:02:32.0375 4400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:02:32.0391 4400 drmkaud - ok
14:02:32.0454 4400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:02:32.0485 4400 DXGKrnl - ok
14:02:32.0500 4400 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:02:32.0547 4400 EapHost - ok
14:02:32.0688 4400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:02:32.0797 4400 ebdrv - ok
14:02:32.0875 4400 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:02:32.0907 4400 eeCtrl - ok
14:02:32.0985 4400 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
14:02:33.0063 4400 EFS - ok
14:02:33.0110 4400 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:02:33.0157 4400 ehRecvr - ok
14:02:33.0172 4400 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:02:33.0204 4400 ehSched - ok
14:02:33.0266 4400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:02:33.0297 4400 elxstor - ok
14:02:33.0391 4400 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:02:33.0422 4400 EraserUtilRebootDrv - ok
14:02:33.0438 4400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:02:33.0469 4400 ErrDev - ok
14:02:33.0516 4400 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:02:33.0563 4400 EventSystem - ok
14:02:33.0594 4400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:02:33.0625 4400 exfat - ok
14:02:33.0657 4400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:02:33.0704 4400 fastfat - ok
14:02:33.0766 4400 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:02:33.0844 4400 Fax - ok
14:02:33.0860 4400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:02:33.0891 4400 fdc - ok
14:02:33.0907 4400 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:02:33.0954 4400 fdPHost - ok
14:02:33.0985 4400 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:02:34.0016 4400 FDResPub - ok
14:02:34.0047 4400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:02:34.0063 4400 FileInfo - ok
14:02:34.0079 4400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:02:34.0125 4400 Filetrace - ok
14:02:34.0141 4400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:02:34.0172 4400 flpydisk - ok
14:02:34.0266 4400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:02:34.0282 4400 FltMgr - ok
14:02:34.0407 4400 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:02:34.0500 4400 FontCache - ok
14:02:34.0579 4400 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:02:34.0594 4400 FontCache3.0.0.0 - ok
14:02:34.0610 4400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:02:34.0641 4400 FsDepends - ok
14:02:34.0657 4400 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
14:02:34.0688 4400 Fs_Rec - ok
14:02:34.0735 4400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:02:34.0750 4400 fvevol - ok
14:02:34.0782 4400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:02:34.0813 4400 gagp30kx - ok
14:02:34.0829 4400 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:02:34.0844 4400 GEARAspiWDM - ok
14:02:34.0875 4400 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:02:34.0938 4400 gpsvc - ok
14:02:35.0016 4400 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:02:35.0032 4400 gusvc - ok
14:02:35.0047 4400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:02:35.0094 4400 hcw85cir - ok
14:02:35.0157 4400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:02:35.0204 4400 HdAudAddService - ok
14:02:35.0250 4400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:02:35.0266 4400 HDAudBus - ok
14:02:35.0297 4400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:02:35.0313 4400 HidBatt - ok
14:02:35.0329 4400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:02:35.0375 4400 HidBth - ok
14:02:35.0407 4400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:02:35.0422 4400 HidIr - ok
14:02:35.0454 4400 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:02:35.0500 4400 hidserv - ok
14:02:35.0547 4400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:02:35.0579 4400 HidUsb - ok
14:02:35.0594 4400 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:02:35.0625 4400 hkmsvc - ok
14:02:35.0641 4400 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:02:35.0704 4400 HomeGroupListener - ok
14:02:35.0719 4400 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:02:35.0766 4400 HomeGroupProvider - ok
14:02:35.0860 4400 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:02:35.0875 4400 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:02:35.0875 4400 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:02:35.0969 4400 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:02:36.0000 4400 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:02:36.0000 4400 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:02:36.0032 4400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:02:36.0047 4400 HpSAMD - ok
14:02:36.0125 4400 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:02:36.0204 4400 HSF_DPV - ok
14:02:36.0219 4400 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:02:36.0266 4400 HSXHWBS2 - ok
14:02:36.0329 4400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:02:36.0360 4400 HTTP - ok
14:02:36.0375 4400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:02:36.0391 4400 hwpolicy - ok
14:02:36.0422 4400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:02:36.0454 4400 i8042prt - ok
14:02:36.0516 4400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:02:36.0547 4400 iaStorV - ok
14:02:36.0641 4400 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:02:36.0672 4400 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:02:36.0672 4400 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:02:36.0782 4400 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:02:36.0829 4400 idsvc - ok
14:02:36.0969 4400 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120511.001\IDSvix86.sys
14:02:37.0000 4400 IDSVix86 - ok
14:02:37.0079 4400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:02:37.0110 4400 iirsp - ok
14:02:37.0172 4400 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:02:37.0250 4400 IKEEXT - ok
14:02:37.0375 4400 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
14:02:37.0422 4400 IntcAzAudAddService - ok
14:02:37.0532 4400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:02:37.0563 4400 intelide - ok
14:02:37.0594 4400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:02:37.0625 4400 intelppm - ok
14:02:37.0657 4400 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:02:37.0688 4400 IPBusEnum - ok
14:02:37.0704 4400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:37.0750 4400 IpFilterDriver - ok
14:02:37.0797 4400 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
14:02:37.0844 4400 iphlpsvc - ok
14:02:37.0875 4400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:02:37.0891 4400 IPMIDRV - ok
14:02:37.0922 4400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:02:37.0969 4400 IPNAT - ok
14:02:38.0063 4400 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
14:02:38.0110 4400 iPod Service - ok
14:02:38.0141 4400 iprip (72dd56197db4af4de203efe0d9e5901e) C:\Windows\System32\iprip.dll
14:02:38.0172 4400 iprip - ok
14:02:38.0297 4400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:02:38.0344 4400 IRENUM - ok
14:02:38.0391 4400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:02:38.0422 4400 isapnp - ok
14:02:38.0610 4400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:02:38.0657 4400 iScsiPrt - ok
14:02:38.0766 4400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:02:38.0797 4400 kbdclass - ok
14:02:38.0907 4400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:02:38.0954 4400 kbdhid - ok
14:02:39.0032 4400 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:39.0063 4400 KeyIso - ok
14:02:39.0094 4400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:02:39.0125 4400 KSecDD - ok
14:02:39.0157 4400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:02:39.0172 4400 KSecPkg - ok
14:02:39.0219 4400 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:02:39.0266 4400 KtmRm - ok
14:02:39.0360 4400 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
14:02:39.0422 4400 LanmanServer - ok
14:02:39.0454 4400 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:02:39.0500 4400 LanmanWorkstation - ok
14:02:39.0547 4400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:02:39.0594 4400 lltdio - ok
14:02:39.0610 4400 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:02:39.0657 4400 lltdsvc - ok
14:02:39.0672 4400 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:02:39.0719 4400 lmhosts - ok
14:02:39.0750 4400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:02:39.0782 4400 LSI_FC - ok
14:02:39.0813 4400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:02:39.0844 4400 LSI_SAS - ok
14:02:39.0860 4400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:02:39.0875 4400 LSI_SAS2 - ok
14:02:39.0907 4400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:02:39.0922 4400 LSI_SCSI - ok
14:02:39.0938 4400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:02:40.0000 4400 luafv - ok
14:02:40.0016 4400 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:02:40.0032 4400 MBAMProtector - ok
14:02:40.0125 4400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:02:40.0157 4400 MBAMService - ok
14:02:40.0219 4400 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:02:40.0313 4400 Mcx2Svc - ok
14:02:40.0360 4400 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:02:40.0422 4400 mdmxsdk - ok
14:02:40.0547 4400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:02:40.0594 4400 megasas - ok
14:02:40.0782 4400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:02:40.0813 4400 MegaSR - ok
14:02:40.0985 4400 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:02:41.0000 4400 Microsoft Office Groove Audit Service - ok
14:02:41.0063 4400 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:02:41.0125 4400 MMCSS - ok
14:02:41.0157 4400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:02:41.0219 4400 Modem - ok
14:02:41.0282 4400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:02:41.0313 4400 monitor - ok
14:02:41.0344 4400 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
14:02:41.0438 4400 motandroidusb - ok
14:02:41.0469 4400 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
14:02:41.0532 4400 motccgp - ok
14:02:41.0563 4400 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
14:02:41.0610 4400 motccgpfl - ok
14:02:41.0625 4400 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
14:02:41.0704 4400 motmodem - ok
14:02:41.0719 4400 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
14:02:41.0735 4400 MotoSwitchService - ok
14:02:41.0750 4400 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
14:02:41.0782 4400 Motousbnet - ok
14:02:41.0813 4400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:02:41.0829 4400 mouclass - ok
14:02:41.0860 4400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:02:41.0891 4400 mouhid - ok
14:02:41.0907 4400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:02:41.0922 4400 mountmgr - ok
14:02:41.0985 4400 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:02:42.0032 4400 MozillaMaintenance - ok
14:02:42.0079 4400 mozyprobackup (bfef4138a016fab92f6d255416a9c967) C:\Program Files\MozyPro\mozyprobackup.exe
14:02:42.0094 4400 mozyprobackup - ok
14:02:42.0125 4400 mozyproFilter (7f4e5e7bbae245616c28a53b94dd7ddb) C:\Windows\system32\DRIVERS\mozypro.sys
14:02:42.0141 4400 mozyproFilter - ok
14:02:42.0157 4400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:02:42.0188 4400 mpio - ok
14:02:42.0219 4400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:02:42.0250 4400 mpsdrv - ok
14:02:42.0313 4400 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
14:02:42.0360 4400 MpsSvc - ok
14:02:42.0375 4400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:02:42.0422 4400 MRxDAV - ok
14:02:42.0469 4400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:42.0516 4400 mrxsmb - ok
14:02:42.0532 4400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:42.0563 4400 mrxsmb10 - ok
14:02:42.0579 4400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:42.0610 4400 mrxsmb20 - ok
14:02:42.0625 4400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:02:42.0657 4400 msahci - ok
14:02:42.0672 4400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:02:42.0688 4400 msdsm - ok
14:02:42.0719 4400 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:02:42.0750 4400 MSDTC - ok
14:02:42.0782 4400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:02:42.0813 4400 Msfs - ok
14:02:42.0829 4400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:02:42.0875 4400 mshidkmdf - ok
14:02:42.0891 4400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:02:42.0907 4400 msisadrv - ok
14:02:42.0938 4400 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:02:43.0000 4400 MSiSCSI - ok
14:02:43.0000 4400 msiserver - ok
14:02:43.0047 4400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:02:43.0094 4400 MSKSSRV - ok
14:02:43.0125 4400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:43.0188 4400 MSPCLOCK - ok
14:02:43.0204 4400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:02:43.0235 4400 MSPQM - ok
14:02:43.0266 4400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:02:43.0282 4400 MsRPC - ok
14:02:43.0297 4400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:02:43.0313 4400 mssmbios - ok
14:02:43.0375 4400 MSSQL$MSSMLBIZ - ok
14:02:43.0391 4400 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:02:43.0422 4400 MSSQLServerADHelper - ok
14:02:43.0454 4400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:02:43.0485 4400 MSTEE - ok
14:02:43.0516 4400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
14:02:43.0547 4400 MTConfig - ok
14:02:43.0563 4400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:02:43.0579 4400 Mup - ok
14:02:43.0625 4400 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
14:02:43.0657 4400 N360 - ok
14:02:43.0688 4400 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
14:02:43.0735 4400 napagent - ok
14:02:43.0782 4400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:02:43.0829 4400 NativeWifiP - ok
14:02:44.0016 4400 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVENG.SYS
14:02:44.0032 4400 NAVENG - ok
14:02:44.0125 4400 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVEX15.SYS
14:02:44.0188 4400 NAVEX15 - ok
14:02:44.0313 4400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:02:44.0360 4400 NDIS - ok
14:02:44.0375 4400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:02:44.0422 4400 NdisCap - ok
14:02:44.0454 4400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:44.0516 4400 NdisTapi - ok
14:02:44.0532 4400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:44.0579 4400 Ndisuio - ok
14:02:44.0610 4400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:44.0657 4400 NdisWan - ok
14:02:44.0657 4400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:02:44.0688 4400 NDProxy - ok
14:02:44.0719 4400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:02:44.0782 4400 NetBIOS - ok
14:02:44.0797 4400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:02:44.0844 4400 NetBT - ok
14:02:44.0860 4400 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:44.0875 4400 Netlogon - ok
14:02:44.0938 4400 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:02:44.0969 4400 Netman - ok
14:02:45.0063 4400 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0094 4400 NetMsmqActivator - ok
14:02:45.0094 4400 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0125 4400 NetPipeActivator - ok
14:02:45.0172 4400 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:02:45.0235 4400 netprofm - ok
14:02:45.0250 4400 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0266 4400 NetTcpActivator - ok
14:02:45.0266 4400 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:02:45.0282 4400 NetTcpPortSharing - ok
14:02:45.0329 4400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
14:02:45.0344 4400 nfrd960 - ok
14:02:45.0375 4400 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
14:02:45.0422 4400 NlaSvc - ok
14:02:45.0438 4400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:02:45.0485 4400 Npfs - ok
14:02:45.0500 4400 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:02:45.0547 4400 nsi - ok
14:02:45.0563 4400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:02:45.0610 4400 nsiproxy - ok
14:02:45.0688 4400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:02:45.0750 4400 Ntfs - ok
14:02:45.0844 4400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:02:45.0891 4400 Null - ok
14:02:45.0922 4400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:02:45.0954 4400 nvraid - ok
14:02:45.0985 4400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:02:46.0016 4400 nvstor - ok
14:02:46.0032 4400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:02:46.0047 4400 nv_agp - ok
14:02:46.0125 4400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:02:46.0157 4400 odserv - ok
14:02:46.0235 4400 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:02:46.0282 4400 ohci1394 - ok
14:02:46.0329 4400 ose (067db5b067722997fcafe1858163d411) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:46.0344 4400 ose - ok
14:02:46.0391 4400 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:02:46.0469 4400 p2pimsvc - ok
14:02:46.0516 4400 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:02:46.0532 4400 p2psvc - ok
14:02:46.0594 4400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:02:46.0610 4400 Parport - ok
14:02:46.0657 4400 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
14:02:46.0672 4400 partmgr - ok
14:02:46.0688 4400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:02:46.0719 4400 Parvdm - ok
14:02:46.0750 4400 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:02:46.0782 4400 PcaSvc - ok
14:02:46.0797 4400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:02:46.0829 4400 pci - ok
14:02:46.0844 4400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:02:46.0860 4400 pciide - ok
14:02:46.0891 4400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
14:02:46.0922 4400 pcmcia - ok
14:02:46.0922 4400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:02:46.0954 4400 pcw - ok
14:02:47.0000 4400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:02:47.0047 4400 PEAUTH - ok
14:02:47.0141 4400 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
14:02:47.0219 4400 pla - ok
14:02:47.0313 4400 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
14:02:47.0375 4400 PlugPlay - ok
14:02:47.0407 4400 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:02:47.0438 4400 PNRPAutoReg - ok
14:02:47.0454 4400 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:02:47.0485 4400 PNRPsvc - ok
14:02:47.0516 4400 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
14:02:47.0563 4400 PolicyAgent - ok
14:02:47.0594 4400 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
14:02:47.0625 4400 Power - ok
14:02:47.0672 4400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:02:47.0735 4400 PptpMiniport - ok
14:02:47.0750 4400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
14:02:47.0766 4400 Processor - ok
14:02:47.0797 4400 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
14:02:47.0829 4400 ProfSvc - ok
14:02:47.0844 4400 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:47.0875 4400 ProtectedStorage - ok
14:02:47.0907 4400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:02:47.0954 4400 Psched - ok
14:02:48.0016 4400 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys
14:02:48.0032 4400 PSSDK42 - ok
14:02:48.0047 4400 PSSDKLBF (0bec7b42f4093400509821c63f13f1d5) C:\Windows\system32\Drivers\pssdklbf.sys
14:02:48.0063 4400 PSSDKLBF - ok
14:02:48.0141 4400 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:02:48.0188 4400 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
14:02:48.0188 4400 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
14:02:48.0266 4400 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:02:48.0313 4400 QBFCService ( UnsignedFile.Multi.Generic ) - warning
14:02:48.0313 4400 QBFCService - detected UnsignedFile.Multi.Generic (1)
14:02:48.0407 4400 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
14:02:48.0469 4400 QBVSS ( UnsignedFile.Multi.Generic ) - warning
14:02:48.0469 4400 QBVSS - detected UnsignedFile.Multi.Generic (1)
14:02:48.0610 4400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
14:02:48.0657 4400 ql2300 - ok
14:02:48.0688 4400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
14:02:48.0719 4400 ql40xx - ok
14:02:48.0782 4400 QuickBooksDB21 - ok
14:02:48.0813 4400 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:02:48.0844 4400 QWAVE - ok
14:02:48.0860 4400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:02:48.0891 4400 QWAVEdrv - ok
14:02:48.0907 4400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:02:48.0954 4400 RasAcd - ok
14:02:49.0000 4400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:02:49.0032 4400 RasAgileVpn - ok
14:02:49.0063 4400 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:02:49.0110 4400 RasAuto - ok
14:02:49.0125 4400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:49.0172 4400 Rasl2tp - ok
14:02:49.0204 4400 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
14:02:49.0266 4400 RasMan - ok
14:02:49.0297 4400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:49.0344 4400 RasPppoe - ok
14:02:49.0360 4400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:02:49.0407 4400 RasSstp - ok
14:02:49.0422 4400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:02:49.0485 4400 rdbss - ok
14:02:49.0500 4400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
14:02:49.0532 4400 rdpbus - ok
14:02:49.0532 4400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:02:49.0579 4400 RDPCDD - ok
14:02:49.0594 4400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:02:49.0641 4400 RDPENCDD - ok
14:02:49.0641 4400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:02:49.0688 4400 RDPREFMP - ok
14:02:49.0719 4400 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
14:02:49.0782 4400 RDPWD - ok
14:02:49.0813 4400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:02:49.0844 4400 rdyboost - ok
14:02:49.0860 4400 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:02:49.0907 4400 RemoteAccess - ok
14:02:49.0922 4400 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:02:49.0954 4400 RemoteRegistry - ok
14:02:49.0985 4400 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
14:02:50.0000 4400 Revoflt - ok
14:02:50.0047 4400 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
14:02:50.0094 4400 RimUsb - ok
14:02:50.0141 4400 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:02:50.0204 4400 RimVSerPort - ok
14:02:50.0219 4400 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
14:02:50.0266 4400 ROOTMODEM - ok
14:02:50.0282 4400 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:02:50.0329 4400 RpcEptMapper - ok
14:02:50.0375 4400 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:02:50.0407 4400 RpcLocator - ok
14:02:50.0563 4400 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:02:50.0610 4400 RpcSs - ok
14:02:50.0641 4400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:02:50.0704 4400 rspndr - ok
14:02:50.0813 4400 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
14:02:50.0891 4400 RTL8023xp - ok
14:02:50.0907 4400 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:50.0922 4400 SamSs - ok
14:02:50.0969 4400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:02:50.0985 4400 sbp2port - ok
14:02:51.0016 4400 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:02:51.0079 4400 SCardSvr - ok
14:02:51.0094 4400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:02:51.0141 4400 scfilter - ok
14:02:51.0172 4400 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
14:02:51.0235 4400 Schedule - ok
14:02:51.0250 4400 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:02:51.0282 4400 SCPolicySvc - ok
14:02:51.0329 4400 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
14:02:51.0407 4400 SDRSVC - ok
14:02:51.0438 4400 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:02:51.0485 4400 secdrv - ok
14:02:51.0500 4400 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:02:51.0563 4400 seclogon - ok
14:02:51.0594 4400 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:02:51.0641 4400 SENS - ok
14:02:51.0672 4400 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:02:51.0750 4400 SensrSvc - ok
14:02:51.0797 4400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:02:51.0813 4400 Serenum - ok
14:02:51.0829 4400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:02:51.0844 4400 Serial - ok
14:02:51.0860 4400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
14:02:51.0891 4400 sermouse - ok
14:02:51.0922 4400 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
14:02:51.0969 4400 SessionEnv - ok
14:02:51.0985 4400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:02:52.0016 4400 sffdisk - ok
14:02:52.0047 4400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:02:52.0063 4400 sffp_mmc - ok
14:02:52.0079 4400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:02:52.0110 4400 sffp_sd - ok
14:02:52.0125 4400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
14:02:52.0141 4400 sfloppy - ok
14:02:52.0172 4400 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:02:52.0235 4400 SharedAccess - ok
14:02:52.0282 4400 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
14:02:52.0313 4400 ShellHWDetection - ok
14:02:52.0329 4400 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
14:02:52.0360 4400 simptcp - ok
14:02:52.0375 4400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:02:52.0391 4400 sisagp - ok
14:02:52.0438 4400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
14:02:52.0469 4400 SiSRaid2 - ok
14:02:52.0485 4400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
14:02:52.0500 4400 SiSRaid4 - ok
14:02:52.0563 4400 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
14:02:52.0579 4400 SkypeUpdate - ok
14:02:52.0625 4400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:02:52.0657 4400 Smb - ok
14:02:52.0688 4400 SNMP (8f5171c837e64ff0ac48f0a29dd9e180) C:\Windows\System32\snmp.exe
14:02:52.0766 4400 SNMP - ok
14:02:52.0813 4400 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:02:52.0829 4400 SNMPTRAP - ok
14:02:52.0954 4400 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
14:02:53.0000 4400 SpeedDiskService - ok
14:02:53.0032 4400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:02:53.0047 4400 spldr - ok
14:02:53.0094 4400 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
14:02:53.0157 4400 Spooler - ok
14:02:53.0485 4400 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
14:02:53.0579 4400 sppsvc - ok
14:02:53.0688 4400 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
14:02:53.0719 4400 sppuinotify - ok
14:02:53.0782 4400 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:02:53.0797 4400 SQLBrowser - ok
14:02:53.0829 4400 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:02:53.0844 4400 SQLWriter - ok
14:02:53.0954 4400 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602000.009\SRTSP.SYS
14:02:53.0985 4400 SRTSP - ok
14:02:54.0000 4400 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602000.009\SRTSPX.SYS
14:02:54.0016 4400 SRTSPX - ok
14:02:54.0047 4400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:02:54.0110 4400 srv - ok
14:02:54.0141 4400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:02:54.0204 4400 srv2 - ok
14:02:54.0235 4400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:02:54.0282 4400 srvnet - ok
14:02:54.0313 4400 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:02:54.0360 4400 SSDPSRV - ok
14:02:54.0422 4400 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:02:54.0485 4400 SstpSvc - ok
14:02:54.0516 4400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
14:02:54.0532 4400 stexstor - ok
14:02:54.0594 4400 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
14:02:54.0641 4400 StiSvc - ok
14:02:54.0657 4400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:02:54.0672 4400 swenum - ok
14:02:54.0719 4400 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:02:54.0766 4400 swprv - ok
14:02:54.0891 4400 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
14:02:54.0922 4400 Symantec RemoteAssist - ok
14:02:55.0000 4400 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602000.009\SYMDS.SYS
14:02:55.0032 4400 SymDS - ok
14:02:55.0079 4400 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\Windows\system32\drivers\SymDSMon.sys
14:02:55.0094 4400 SymDSMon - ok
14:02:55.0141 4400 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602000.009\SYMEFA.SYS
14:02:55.0172 4400 SymEFA - ok
14:02:55.0219 4400 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:02:55.0235 4400 SymEvent - ok
14:02:55.0282 4400 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
14:02:55.0313 4400 SymIM - ok
14:02:55.0344 4400 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602000.009\Ironx86.SYS
14:02:55.0375 4400 SymIRON - ok
14:02:55.0422 4400 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0602000.009\SYMNETS.SYS
14:02:55.0454 4400 SymNetS - ok
14:02:55.0485 4400 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\Windows\system32\drivers\SymSpeedDisk.sys
14:02:55.0500 4400 SYMSpeedDisk - ok
14:02:55.0563 4400 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
14:02:55.0610 4400 SysMain - ok
14:02:55.0625 4400 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
14:02:55.0657 4400 TabletInputService - ok
14:02:55.0688 4400 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
14:02:55.0735 4400 TapiSrv - ok
14:02:55.0766 4400 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:02:55.0813 4400 TBS - ok
14:02:55.0891 4400 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
14:02:55.0938 4400 Tcpip - ok
14:02:56.0079 4400 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
14:02:56.0125 4400 TCPIP6 - ok
14:02:56.0172 4400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:02:56.0204 4400 tcpipreg - ok
14:02:56.0235 4400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:02:56.0250 4400 TDPIPE - ok
14:02:56.0282 4400 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
14:02:56.0313 4400 TDTCP - ok
14:02:56.0329 4400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:02:56.0375 4400 tdx - ok
14:02:56.0391 4400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
14:02:56.0407 4400 TermDD - ok
14:02:56.0454 4400 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
14:02:56.0500 4400 TermService - ok
14:02:56.0516 4400 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:02:56.0547 4400 Themes - ok
14:02:56.0579 4400 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:02:56.0625 4400 THREADORDER - ok
14:02:56.0641 4400 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe
14:02:56.0704 4400 TlntSvr - ok
14:02:56.0735 4400 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:02:56.0782 4400 TrkWks - ok
14:02:56.0797 4400 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
14:02:56.0844 4400 truecrypt - ok
14:02:56.0891 4400 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
14:02:56.0938 4400 TrustedInstaller - ok
14:02:56.0969 4400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:02:57.0016 4400 tssecsrv - ok
14:02:57.0016 4400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:02:57.0094 4400 TsUsbFlt - ok
14:02:57.0094 4400 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
14:02:57.0141 4400 TsUsbGD - ok
14:02:57.0266 4400 TuneUp.UtilitiesSvc (86cd728fb5f6a409112662e1596d987b) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
14:02:57.0329 4400 TuneUp.UtilitiesSvc - ok
14:02:57.0329 4400 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
14:02:57.0360 4400 TuneUpUtilitiesDrv - ok
14:02:57.0469 4400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:02:57.0500 4400 tunnel - ok
14:02:57.0579 4400 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
14:02:57.0625 4400 tvnserver - ok
14:02:57.0625 4400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
14:02:57.0641 4400 uagp35 - ok
14:02:57.0672 4400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:02:57.0704 4400 udfs - ok
14:02:57.0750 4400 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:02:57.0782 4400 UI0Detect - ok
14:02:57.0829 4400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:02:57.0844 4400 uliagpkx - ok
14:02:57.0875 4400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
14:02:57.0922 4400 umbus - ok
14:02:57.0938 4400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
14:02:57.0954 4400 UmPass - ok
14:02:58.0000 4400 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:02:58.0047 4400 upnphost - ok
14:02:58.0094 4400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:02:58.0141 4400 usbccgp - ok
14:02:58.0157 4400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:02:58.0219 4400 usbcir - ok
14:02:58.0250 4400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
14:02:58.0282 4400 usbehci - ok
14:02:58.0313 4400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:02:58.0375 4400 usbhub - ok
14:02:58.0391 4400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:02:58.0454 4400 usbohci - ok
14:02:58.0469 4400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:02:58.0500 4400 usbprint - ok
14:02:58.0532 4400 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:02:58.0563 4400 usbscan - ok
14:02:58.0594 4400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:02:58.0672 4400 USBSTOR - ok
14:02:58.0688 4400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:02:58.0704 4400 usbuhci - ok
14:02:58.0735 4400 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:02:58.0766 4400 UxSms - ok
14:02:58.0797 4400 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:02:58.0813 4400 VaultSvc - ok
14:02:58.0860 4400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:02:58.0875 4400 vdrvroot - ok
14:02:58.0907 4400 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
14:02:58.0954 4400 vds - ok
14:02:58.0985 4400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:02:59.0000 4400 vga - ok
14:02:59.0016 4400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:02:59.0047 4400 VgaSave - ok
14:02:59.0063 4400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:02:59.0094 4400 vhdmp - ok
14:02:59.0125 4400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:02:59.0141 4400 viaagp - ok
14:02:59.0172 4400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
14:02:59.0204 4400 ViaC7 - ok
14:02:59.0235 4400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:02:59.0250 4400 viaide - ok
14:02:59.0266 4400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:02:59.0282 4400 volmgr - ok
14:02:59.0313 4400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:02:59.0344 4400 volmgrx - ok
14:02:59.0360 4400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:02:59.0375 4400 volsnap - ok
14:02:59.0422 4400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
14:02:59.0438 4400 vsmraid - ok
14:02:59.0500 4400 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
14:02:59.0563 4400 VSS - ok
14:02:59.0579 4400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:02:59.0625 4400 vwifibus - ok
14:02:59.0641 4400 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:02:59.0688 4400 W32Time - ok
14:02:59.0735 4400 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
14:02:59.0766 4400 W3SVC - ok
14:02:59.0782 4400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
14:02:59.0813 4400 WacomPen - ok
14:02:59.0844 4400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:59.0891 4400 WANARP - ok
14:02:59.0907 4400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:02:59.0938 4400 Wanarpv6 - ok
14:02:59.0954 4400 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
14:02:59.0969 4400 WAS - ok
14:03:00.0110 4400 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:03:00.0172 4400 WatAdminSvc - ok
14:03:00.0297 4400 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
14:03:00.0375 4400 wbengine - ok
14:03:00.0391 4400 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:03:00.0438 4400 WbioSrvc - ok
14:03:00.0469 4400 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
14:03:00.0500 4400 wcncsvc - ok
14:03:00.0532 4400 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:03:00.0579 4400 WcsPlugInService - ok
14:03:00.0625 4400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
14:03:00.0641 4400 Wd - ok
14:03:00.0672 4400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:03:00.0704 4400 Wdf01000 - ok
14:03:00.0719 4400 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:03:00.0797 4400 WdiServiceHost - ok
14:03:00.0797 4400 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:03:00.0829 4400 WdiSystemHost - ok
14:03:00.0860 4400 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
14:03:00.0891 4400 WebClient - ok
14:03:00.0922 4400 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:03:00.0954 4400 Wecsvc - ok
14:03:00.0969 4400 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:03:01.0016 4400 wercplsupport - ok
14:03:01.0047 4400 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:03:01.0094 4400 WerSvc - ok
14:03:01.0125 4400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:03:01.0172 4400 WfpLwf - ok
14:03:01.0188 4400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:03:01.0219 4400 WIMMount - ok
14:03:01.0250 4400 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:03:01.0313 4400 winachsf - ok
14:03:01.0391 4400 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:03:01.0454 4400 WinDefend - ok
14:03:01.0469 4400 WinHttpAutoProxySvc - ok
14:03:01.0610 4400 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:03:01.0641 4400 Winmgmt - ok
14:03:01.0719 4400 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
14:03:01.0782 4400 WinRM - ok
14:03:01.0844 4400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:03:01.0875 4400 WinUsb - ok
14:03:01.0922 4400 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:03:01.0969 4400 Wlansvc - ok
14:03:02.0094 4400 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:03:02.0157 4400 wlidsvc - ok
14:03:02.0250 4400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:03:02.0282 4400 WmiAcpi - ok
14:03:02.0329 4400 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:03:02.0360 4400 wmiApSrv - ok
14:03:02.0469 4400 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:03:02.0532 4400 WMPNetworkSvc - ok
14:03:02.0641 4400 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:03:02.0704 4400 WPCSvc - ok
14:03:02.0719 4400 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
14:03:02.0750 4400 WPDBusEnum - ok
14:03:02.0797 4400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:03:02.0844 4400 ws2ifsl - ok
14:03:02.0875 4400 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
14:03:02.0891 4400 WsAudio_DeviceS(1) - ok
14:03:02.0907 4400 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
14:03:02.0922 4400 WsAudio_DeviceS(2) - ok
14:03:02.0938 4400 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
14:03:02.0954 4400 WsAudio_DeviceS(3) - ok
14:03:02.0969 4400 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
14:03:03.0000 4400 WsAudio_DeviceS(4) - ok
14:03:03.0016 4400 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
14:03:03.0032 4400 WsAudio_DeviceS(5) - ok
14:03:03.0094 4400 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
14:03:03.0125 4400 wscsvc - ok
14:03:03.0125 4400 WSearch - ok
14:03:03.0219 4400 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
14:03:03.0297 4400 wuauserv - ok
14:03:03.0391 4400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:03:03.0422 4400 WudfPf - ok
14:03:03.0469 4400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:03:03.0516 4400 WUDFRd - ok
14:03:03.0547 4400 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
14:03:03.0610 4400 wudfsvc - ok
14:03:03.0625 4400 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:03:03.0657 4400 WwanSvc - ok
14:03:03.0750 4400 WysePocketCloud (7868f4758712393cb08a82917a8a9927) C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
14:03:03.0782 4400 WysePocketCloud - ok
14:03:03.0797 4400 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
14:03:03.0829 4400 XAudio - ok
14:03:03.0844 4400 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
14:03:03.0875 4400 XAudioService - ok
14:03:03.0922 4400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:03:04.0016 4400 \Device\Harddisk0\DR0 - ok
14:03:04.0016 4400 Boot (0x1200) (42453c69628f84743c244c56ca58f1c3) \Device\Harddisk0\DR0\Partition0
14:03:04.0016 4400 \Device\Harddisk0\DR0\Partition0 - ok
14:03:04.0032 4400 Boot (0x1200) (14dde3687721ef310b1fe392a2aa3644) \Device\Harddisk0\DR0\Partition1
14:03:04.0032 4400 \Device\Harddisk0\DR0\Partition1 - ok
14:03:04.0032 4400 ============================================================
14:03:04.0032 4400 Scan finished
14:03:04.0032 4400 ============================================================
14:03:04.0047 4172 Detected object count: 6
14:03:04.0047 4172 Actual detected object count: 6
14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
#6
Posted 14 May 2012 - 02:07 PM
-
- Experts
-
- 17,447 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
That's clean.
Can you post the log from ComboFix.
Then delete your copy of ComboFix and download and run a fresh one as outlined in the link below:
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.
Please visit this webpage for download links, and instructions for running ComboFix
http://www.bleepingc...to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Information on disabling your malware programs can be found Here.
Make sure you run ComboFix from your desktop.
Please include the C:\ComboFix.txt in your next reply for further review.
Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC
Can you post the log from ComboFix.
Then delete your copy of ComboFix and download and run a fresh one as outlined in the link below:
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.
Please visit this webpage for download links, and instructions for running ComboFix
http://www.bleepingc...to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Information on disabling your malware programs can be found Here.
Make sure you run ComboFix from your desktop.
Please include the C:\ComboFix.txt in your next reply for further review.
Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#7
Posted 14 May 2012 - 02:28 PM
-
- Members
-
- 7 posts
New Member
File was too long to post. Zipped it and attached:
Attached Files
-
ComboFix.zip 32.17K
4 downloads
#8
Posted 14 May 2012 - 02:30 PM
-
- Members
-
- 7 posts
New Member
Well something seems to be working...not sure which step did it, probably a bit of all. The alerts have stopped comming in a mad rush...haven't noticed any in some time now, since we began this process....Will re-run ComboFix and post log file here ASAP. Thanks again.
#9
Posted 14 May 2012 - 03:06 PM
-
- Members
-
- 7 posts
New Member
Second ComboFix.txt File:
Attached Files
-
ComboFix (2).zip 31.39K
3 downloads
#10
Posted 14 May 2012 - 03:26 PM
-
- Experts
-
- 17,447 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Everything looks OK, you know you can't stop "incoming", sounds like MB is doing its job here.
MrC
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#11
Posted 14 May 2012 - 04:16 PM
-
- Members
-
- 7 posts
New Member
Alrighty then, thanks once more for the help! BTW, just because I'm not to swift on all of this, what do you think it was? The alerts kept saying that MWB had "Blocked Access to a [potentialy] malicious website - as if my machine wass placing the call, and meantioned "TCPSVCS.EXE" along with the IP address. I'd just like to know what to look for in the future.
#12
Posted 14 May 2012 - 04:21 PM
-
- Experts
-
- 17,447 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, open up MB and click on the "logs" tab, open up the latest protection log, copy and paste it back here, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#13
Posted 16 May 2012 - 08:35 PM
-
- Experts
-
- 17,447 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
How are we doing??
Do you still need help or can I close this post??
MrC
Do you still need help or can I close this post??
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#14
Posted 18 May 2012 - 07:39 AM
-
- Moderators
-
- 20,091 posts
Forum Deity
- Gender:Male
- Location:Missouri, USA
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
