Jump to content

Needing someone to look at this..


Recommended Posts

Wife downloaded something and got a browser hi-jack which i do believe is gone. Would appreciate it very much if someone would look at this log file for me.

Thanks..

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:15:12 PM, on 6/17/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17006)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O20 - AppInit_DLLs:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9969 bytes

Link to post
Share on other sites

Welcome to the forum, HJT is no longer used....please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

DDS log:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by aaron's at 1:12:49 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2039 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: DhcpNameServer = 216.220.3.205 216.220.3.204

TCP: Interfaces\{4ACC5026-0964-49B7-8181-F782528441BA} : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{6770BB12-71B9-4564-81E4-FFB8EC3F9856} : DhcpNameServer = 216.220.3.205 216.220.3.204

AppInit_DLLs:

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64:

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\aaron's\AppData\Roaming\Mozilla\Firefox\Profiles\3n825qi4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\aaron's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-3-31 92160]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2012-2-27 126392]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-1 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-1 257696]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-1 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-1 113120]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-18 04:48:31 -------- d-----w- C:\Users\aaron's\AppData\Roaming\Malwarebytes

2012-06-18 04:48:24 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-18 04:48:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-18 04:48:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-18 04:03:34 388096 ----a-r- C:\Users\aaron's\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-18 04:03:34 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-06-17 03:42:23 -------- d-----w- C:\Users\aaron's\AppData\Roaming\PC Speed Maximizer

2012-06-17 03:24:09 -------- d-----w- C:\Users\aaron's\AppData\Roaming\.purple

2012-06-17 03:22:03 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer

2012-06-17 03:21:59 -------- d-----w- C:\Users\aaron's\AppData\Local\antiphishing-vmninternethelper1_1dn

2012-06-17 03:21:59 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor

2012-06-17 03:21:48 -------- d-----w- C:\ProgramData\Tarma Installer

2012-06-17 00:22:17 -------- d-----w- C:\Users\aaron's\AppData\Roaming\XBMC

2012-06-17 00:20:55 -------- d-----w- C:\Program Files (x86)\XBMC

2012-06-17 00:20:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5636211A-21C5-41E6-B3C5-F2FAB8306557}\offreg.dll

2012-06-17 00:19:25 -------- d-----w- C:\Users\aaron's\AppData\Local\jZip

2012-06-17 00:19:10 -------- d-----w- C:\ProgramData\boost_interprocess

2012-06-17 00:19:03 -------- d-----w- C:\Program Files (x86)\jZip

2012-06-16 23:41:27 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-16 23:41:27 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-15 17:18:52 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5636211A-21C5-41E6-B3C5-F2FAB8306557}\mpengine.dll

2012-06-13 15:52:41 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 15:52:40 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 15:52:40 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 15:52:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 15:52:39 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 15:52:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 03:13:40 -------- d-----w- C:\Users\aaron's\AppData\Local\Unity

2012-06-06 08:04:50 -------- d-----w- C:\Users\aaron's\AppData\Local\Diagnostics

2012-06-04 00:28:18 -------- d-----w- C:\ProgramData\CCP

2012-06-03 17:23:37 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-06-03 17:23:37 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll

2012-06-03 17:23:34 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-06-03 17:05:21 -------- d-----w- C:\Program Files (x86)\CCP

2012-06-03 16:22:12 -------- d-----w- C:\Users\aaron's\AppData\Local\CCP

2012-06-02 03:06:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-06-02 02:15:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-01 21:15:15 -------- d-----w- C:\Users\aaron's\AppData\Local\Google

2012-06-01 21:13:55 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-06-01 20:48:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-01 20:48:22 -------- d-----w- C:\Users\aaron's\AppData\Local\Adobe

2012-06-01 20:47:46 -------- d-----w- C:\Program Files (x86)\Atari

.

==================== Find3M ====================

.

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec

2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 1:13:43.70 ===============

Attach log:

Internet Explorer: 8.0.7600.16385

Run by aaron's at 1:12:49 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2039 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: DhcpNameServer = 216.220.3.205 216.220.3.204

TCP: Interfaces\{4ACC5026-0964-49B7-8181-F782528441BA} : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{6770BB12-71B9-4564-81E4-FFB8EC3F9856} : DhcpNameServer = 216.220.3.205 216.220.3.204

AppInit_DLLs:

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64:

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\aaron's\AppData\Roaming\Mozilla\Firefox\Profiles\3n825qi4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\aaron's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-3-31 92160]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2012-2-27 126392]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-1 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-1 257696]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-1 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-1 113120]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-18 04:48:31 -------- d-----w- C:\Users\aaron's\AppData\Roaming\Malwarebytes

2012-06-18 04:48:24 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-18 04:48:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-18 04:48:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-18 04:03:34 388096 ----a-r- C:\Users\aaron's\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-18 04:03:34 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-06-17 03:42:23 -------- d-----w- C:\Users\aaron's\AppData\Roaming\PC Speed Maximizer

2012-06-17 03:24:09 -------- d-----w- C:\Users\aaron's\AppData\Roaming\.purple

2012-06-17 03:22:03 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer

2012-06-17 03:21:59 -------- d-----w- C:\Users\aaron's\AppData\Local\antiphishing-vmninternethelper1_1dn

2012-06-17 03:21:59 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor

2012-06-17 03:21:48 -------- d-----w- C:\ProgramData\Tarma Installer

2012-06-17 00:22:17 -------- d-----w- C:\Users\aaron's\AppData\Roaming\XBMC

2012-06-17 00:20:55 -------- d-----w- C:\Program Files (x86)\XBMC

2012-06-17 00:20:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5636211A-21C5-41E6-B3C5-F2FAB8306557}\offreg.dll

2012-06-17 00:19:25 -------- d-----w- C:\Users\aaron's\AppData\Local\jZip

2012-06-17 00:19:10 -------- d-----w- C:\ProgramData\boost_interprocess

2012-06-17 00:19:03 -------- d-----w- C:\Program Files (x86)\jZip

2012-06-16 23:41:27 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-16 23:41:27 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-15 17:18:52 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5636211A-21C5-41E6-B3C5-F2FAB8306557}\mpengine.dll

2012-06-13 15:52:41 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 15:52:40 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 15:52:40 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 15:52:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 15:52:39 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 15:52:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 03:13:40 -------- d-----w- C:\Users\aaron's\AppData\Local\Unity

2012-06-06 08:04:50 -------- d-----w- C:\Users\aaron's\AppData\Local\Diagnostics

2012-06-04 00:28:18 -------- d-----w- C:\ProgramData\CCP

2012-06-03 17:23:37 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-06-03 17:23:37 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll

2012-06-03 17:23:34 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-06-03 17:05:21 -------- d-----w- C:\Program Files (x86)\CCP

2012-06-03 16:22:12 -------- d-----w- C:\Users\aaron's\AppData\Local\CCP

2012-06-02 03:06:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-06-02 02:15:30 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-01 21:15:15 -------- d-----w- C:\Users\aaron's\AppData\Local\Google

2012-06-01 21:13:55 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-06-01 20:48:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-01 20:48:22 -------- d-----w- C:\Users\aaron's\AppData\Local\Adobe

2012-06-01 20:47:46 -------- d-----w- C:\Program Files (x86)\Atari

.

==================== Find3M ====================

.

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec

2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 1:13:43.70 ===============

Just incase,RogueKiller log:

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: aaron's [Admin rights]

Mode: Scan -- Date: 06/19/2012 01:17:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST332041 8AS SATA Disk Device +++++

--- User ---

[MBR] f09fd6969ddbd27b848e83b3ab693c26

[bSP] f63a4cca6bce2f9ccb022c39f9298531 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206911 | Size: 294584 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603516928 | Size: 10558 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 88e42e907aec80f2e3f36dffeac43632

[bSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code

Partition table:

Finished

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Tdsskiller log: (Will be in multiple posts as it won't fit in just one)

09:24:59.0133 4608 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

09:25:01.0136 4608 ============================================================

09:25:01.0136 4608 Current date / time: 2012/06/19 09:25:01.0136

09:25:01.0136 4608 SystemInfo:

09:25:01.0137 4608

09:25:01.0137 4608 OS Version: 6.1.7600 ServicePack: 0.0

09:25:01.0137 4608 Product type: Workstation

09:25:01.0137 4608 ComputerName: AARONS-PC

09:25:01.0137 4608 UserName: aaron's

09:25:01.0137 4608 Windows directory: C:\Windows

09:25:01.0137 4608 System windows directory: C:\Windows

09:25:01.0137 4608 Running under WOW64

09:25:01.0137 4608 Processor architecture: Intel x64

09:25:01.0137 4608 Number of processors: 2

09:25:01.0137 4608 Page size: 0x1000

09:25:01.0137 4608 Boot type: Normal boot

09:25:01.0137 4608 ============================================================

09:25:02.0181 4608 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:25:02.0189 4608 ============================================================

09:25:02.0189 4608 \Device\Harddisk0\DR0:

09:25:02.0189 4608 MBR partitions:

09:25:02.0189 4608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

09:25:02.0189 4608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x23F5C7C1

09:25:02.0189 4608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23F8F000, BlocksNum 0x149F000

09:25:02.0189 4608 ============================================================

09:25:02.0215 4608 C: <-> \Device\Harddisk0\DR0\Partition1

09:25:02.0253 4608 D: <-> \Device\Harddisk0\DR0\Partition2

09:25:02.0253 4608 ============================================================

09:25:02.0253 4608 Initialize success

09:25:02.0253 4608 ============================================================

09:25:03.0760 3372 ============================================================

09:25:03.0760 3372 Scan started

09:25:03.0760 3372 Mode: Manual;

09:25:03.0760 3372 ============================================================

09:25:04.0625 3372 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

09:25:04.0674 3372 1394ohci - ok

09:25:04.0704 3372 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

09:25:04.0710 3372 ACPI - ok

09:25:04.0715 3372 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

09:25:04.0729 3372 AcpiPmi - ok

09:25:04.0798 3372 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:25:04.0831 3372 AdobeARMservice - ok

09:25:04.0943 3372 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:25:04.0947 3372 AdobeFlashPlayerUpdateSvc - ok

09:25:05.0002 3372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:25:05.0032 3372 adp94xx - ok

09:25:05.0076 3372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:25:05.0098 3372 adpahci - ok

09:25:05.0115 3372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:25:05.0136 3372 adpu320 - ok

09:25:05.0167 3372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:25:05.0169 3372 AeLookupSvc - ok

09:25:05.0214 3372 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

09:25:05.0217 3372 AERTFilters - ok

09:25:05.0301 3372 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

09:25:05.0335 3372 AFD - ok

09:25:05.0384 3372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

09:25:05.0401 3372 agp440 - ok

09:25:05.0433 3372 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:25:05.0462 3372 ALG - ok

09:25:05.0485 3372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

09:25:05.0501 3372 aliide - ok

09:25:05.0535 3372 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe

09:25:05.0540 3372 AMD External Events Utility - ok

09:25:05.0547 3372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

09:25:05.0570 3372 amdide - ok

09:25:05.0587 3372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:25:05.0589 3372 AmdK8 - ok

09:25:05.0599 3372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:25:05.0614 3372 AmdPPM - ok

09:25:05.0644 3372 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys

09:25:05.0645 3372 amdsata - ok

09:25:05.0664 3372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:25:05.0682 3372 amdsbs - ok

09:25:05.0699 3372 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys

09:25:05.0735 3372 amdxata - ok

09:25:05.0767 3372 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

09:25:05.0783 3372 AppID - ok

09:25:05.0812 3372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:25:05.0826 3372 AppIDSvc - ok

09:25:05.0844 3372 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

09:25:05.0862 3372 Appinfo - ok

09:25:05.0873 3372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:25:05.0892 3372 arc - ok

09:25:05.0904 3372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:25:05.0923 3372 arcsas - ok

09:25:05.0958 3372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:25:05.0972 3372 AsyncMac - ok

09:25:05.0989 3372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

09:25:06.0005 3372 atapi - ok

09:25:06.0124 3372 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys

09:25:06.0190 3372 athr - ok

09:25:06.0673 3372 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys

09:25:06.0850 3372 atikmdag - ok

09:25:06.0969 3372 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:25:06.0998 3372 AtiPcie - ok

09:25:07.0086 3372 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

09:25:07.0178 3372 AudioEndpointBuilder - ok

09:25:07.0191 3372 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

09:25:07.0198 3372 AudioSrv - ok

09:25:07.0227 3372 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

09:25:07.0242 3372 AxInstSV - ok

09:25:07.0300 3372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:25:07.0323 3372 b06bdrv - ok

09:25:07.0363 3372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:25:07.0383 3372 b57nd60a - ok

09:25:07.0410 3372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:25:07.0425 3372 BDESVC - ok

09:25:07.0436 3372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:25:07.0449 3372 Beep - ok

09:25:07.0518 3372 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

09:25:07.0547 3372 BFE - ok

09:25:07.0686 3372 BHDrvx64 (cbee185bf1fa48d1d273b592c62a5a41) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys

09:25:07.0739 3372 BHDrvx64 - ok

09:25:07.0820 3372 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

09:25:07.0834 3372 BITS - ok

09:25:07.0878 3372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:25:07.0893 3372 blbdrive - ok

09:25:07.0932 3372 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

09:25:07.0959 3372 bowser - ok

09:25:07.0986 3372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:25:08.0002 3372 BrFiltLo - ok

09:25:08.0008 3372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:25:08.0022 3372 BrFiltUp - ok

09:25:08.0052 3372 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

09:25:08.0068 3372 Browser - ok

09:25:08.0091 3372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:25:08.0111 3372 Brserid - ok

09:25:08.0118 3372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:25:08.0134 3372 BrSerWdm - ok

09:25:08.0141 3372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:25:08.0155 3372 BrUsbMdm - ok

09:25:08.0161 3372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:25:08.0175 3372 BrUsbSer - ok

09:25:08.0187 3372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:25:08.0204 3372 BTHMODEM - ok

09:25:08.0227 3372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:25:08.0241 3372 bthserv - ok

09:25:08.0342 3372 ccHP (60050e92e160115b80175a5bdb1525b4) C:\Windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys

09:25:08.0366 3372 ccHP - ok

09:25:08.0396 3372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:25:08.0411 3372 cdfs - ok

09:25:08.0435 3372 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

09:25:08.0451 3372 cdrom - ok

09:25:08.0480 3372 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

09:25:08.0500 3372 CertPropSvc - ok

09:25:08.0517 3372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:25:08.0533 3372 circlass - ok

09:25:08.0568 3372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:25:08.0601 3372 CLFS - ok

09:25:08.0673 3372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:25:08.0750 3372 clr_optimization_v2.0.50727_32 - ok

09:25:09.0010 3372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:25:09.0045 3372 clr_optimization_v2.0.50727_64 - ok

09:25:09.0101 3372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:25:09.0104 3372 clr_optimization_v4.0.30319_32 - ok

09:25:09.0155 3372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:25:09.0158 3372 clr_optimization_v4.0.30319_64 - ok

09:25:09.0185 3372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:25:09.0200 3372 CmBatt - ok

09:25:09.0205 3372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

09:25:09.0222 3372 cmdide - ok

09:25:09.0277 3372 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

09:25:09.0315 3372 CNG - ok

09:25:09.0344 3372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:25:09.0360 3372 Compbatt - ok

09:25:09.0380 3372 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

09:25:09.0395 3372 CompositeBus - ok

09:25:09.0405 3372 COMSysApp - ok

09:25:09.0415 3372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:25:09.0434 3372 crcdisk - ok

09:25:09.0478 3372 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

09:25:09.0498 3372 CryptSvc - ok

09:25:09.0545 3372 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

09:25:09.0553 3372 DcomLaunch - ok

09:25:09.0594 3372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:25:09.0623 3372 defragsvc - ok

09:25:09.0652 3372 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

09:25:09.0680 3372 DfsC - ok

09:25:09.0719 3372 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

09:25:09.0725 3372 Dhcp - ok

09:25:09.0755 3372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:25:09.0776 3372 discache - ok

09:25:09.0904 3372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:25:09.0936 3372 Disk - ok

09:25:09.0979 3372 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

09:25:09.0999 3372 Dnscache - ok

09:25:10.0035 3372 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

09:25:10.0061 3372 dot3svc - ok

09:25:10.0089 3372 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

09:25:10.0094 3372 DPS - ok

09:25:10.0127 3372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:25:10.0141 3372 drmkaud - ok

09:25:10.0229 3372 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

09:25:10.0256 3372 DXGKrnl - ok

09:25:10.0278 3372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:25:10.0295 3372 EapHost - ok

09:25:10.0510 3372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:25:10.0613 3372 ebdrv - ok

09:25:10.0721 3372 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

09:25:10.0726 3372 eeCtrl - ok

09:25:10.0823 3372 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

09:25:10.0826 3372 EFS - ok

09:25:10.0907 3372 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

09:25:10.0965 3372 ehRecvr - ok

09:25:10.0984 3372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:25:11.0025 3372 ehSched - ok

09:25:11.0088 3372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:25:11.0120 3372 elxstor - ok

09:25:11.0189 3372 EraserUtilDrv11210 (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys

09:25:11.0192 3372 EraserUtilDrv11210 - ok

09:25:11.0198 3372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

09:25:11.0212 3372 ErrDev - ok

09:25:11.0287 3372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:25:11.0296 3372 EventSystem - ok

09:25:11.0348 3372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:25:11.0367 3372 exfat - ok

09:25:11.0379 3372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:25:11.0399 3372 fastfat - ok

09:25:11.0442 3372 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

09:25:11.0450 3372 Fax - ok

09:25:11.0467 3372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:25:11.0482 3372 fdc - ok

09:25:11.0506 3372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:25:11.0508 3372 fdPHost - ok

09:25:11.0519 3372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:25:11.0521 3372 FDResPub - ok

09:25:11.0554 3372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:25:11.0571 3372 FileInfo - ok

09:25:11.0587 3372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:25:11.0603 3372 Filetrace - ok

09:25:11.0610 3372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:25:11.0625 3372 flpydisk - ok

09:25:11.0657 3372 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

09:25:11.0676 3372 FltMgr - ok

09:25:11.0775 3372 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

09:25:11.0808 3372 FontCache - ok

09:25:11.0866 3372 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:25:11.0868 3372 FontCache3.0.0.0 - ok

09:25:11.0892 3372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:25:11.0909 3372 FsDepends - ok

09:25:11.0919 3372 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

09:25:11.0951 3372 Fs_Rec - ok

09:25:12.0015 3372 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:25:12.0036 3372 fvevol - ok

09:25:12.0054 3372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:25:12.0071 3372 gagp30kx - ok

09:25:12.0146 3372 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

09:25:12.0193 3372 GameConsoleService - ok

09:25:12.0262 3372 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

09:25:12.0271 3372 gpsvc - ok

09:25:12.0325 3372 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:25:12.0328 3372 gupdate - ok

09:25:12.0334 3372 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:25:12.0336 3372 gupdatem - ok

09:25:12.0357 3372 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:25:12.0404 3372 gusvc - ok

09:25:12.0454 3372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:25:12.0468 3372 hcw85cir - ok

09:25:12.0502 3372 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:25:12.0504 3372 HDAudBus - ok

09:25:12.0511 3372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:25:12.0526 3372 HidBatt - ok

09:25:12.0538 3372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:25:12.0555 3372 HidBth - ok

09:25:12.0584 3372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:25:12.0598 3372 HidIr - ok

09:25:12.0623 3372 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

09:25:12.0651 3372 hidserv - ok

09:25:12.0673 3372 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

09:25:12.0687 3372 HidUsb - ok

09:25:12.0703 3372 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

09:25:12.0719 3372 hkmsvc - ok

09:25:12.0745 3372 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

09:25:12.0750 3372 HomeGroupListener - ok

09:25:12.0792 3372 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

09:25:12.0796 3372 HomeGroupProvider - ok

09:25:12.0851 3372 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

09:25:12.0853 3372 HP Health Check Service - ok

09:25:12.0906 3372 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

09:25:12.0961 3372 hpqwmiex - ok

09:25:12.0983 3372 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

09:25:13.0002 3372 HpSAMD - ok

09:25:13.0061 3372 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

09:25:13.0087 3372 HTTP - ok

09:25:13.0097 3372 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

09:25:13.0111 3372 hwpolicy - ok

09:25:13.0128 3372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

09:25:13.0145 3372 i8042prt - ok

09:25:13.0199 3372 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

09:25:13.0221 3372 iaStorV - ok

09:25:13.0340 3372 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:25:13.0370 3372 idsvc - ok

09:25:13.0531 3372 IDSVia64 (41d2c4e4c5dfab0b9fbd7438d8822123) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys

09:25:13.0553 3372 IDSVia64 - ok

09:25:13.0658 3372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:25:13.0675 3372 iirsp - ok

09:25:13.0747 3372 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

09:25:13.0778 3372 IKEEXT - ok

09:25:13.0948 3372 IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys

09:25:13.0986 3372 IntcAzAudAddService - ok

09:25:14.0090 3372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

09:25:14.0106 3372 intelide - ok

09:25:14.0125 3372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:25:14.0140 3372 intelppm - ok

09:25:14.0166 3372 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:25:14.0183 3372 IPBusEnum - ok

09:25:14.0205 3372 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:25:14.0221 3372 IpFilterDriver - ok

09:25:14.0281 3372 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

09:25:14.0288 3372 iphlpsvc - ok

09:25:14.0298 3372 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

09:25:14.0315 3372 IPMIDRV - ok

09:25:14.0328 3372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:25:14.0345 3372 IPNAT - ok

09:25:14.0367 3372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:25:14.0383 3372 IRENUM - ok

09:25:14.0390 3372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

09:25:14.0407 3372 isapnp - ok

09:25:14.0437 3372 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

09:25:14.0458 3372 iScsiPrt - ok

09:25:14.0482 3372 JMCR (41e6c1f0f85f6f75e53a56dd6bf809ab) C:\Windows\system32\DRIVERS\jmcr.sys

09:25:14.0500 3372 JMCR - ok

09:25:14.0526 3372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

09:25:14.0543 3372 kbdclass - ok

09:25:14.0556 3372 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

09:25:14.0571 3372 kbdhid - ok

09:25:14.0593 3372 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:25:14.0596 3372 KeyIso - ok

09:25:14.0614 3372 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

09:25:14.0646 3372 KSecDD - ok

09:25:14.0674 3372 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

09:25:14.0694 3372 KSecPkg - ok

09:25:14.0704 3372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:25:14.0719 3372 ksthunk - ok

09:25:14.0758 3372 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:25:14.0797 3372 KtmRm - ok

09:25:14.0843 3372 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

09:25:14.0867 3372 LanmanServer - ok

09:25:14.0897 3372 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

09:25:14.0931 3372 LanmanWorkstation - ok

09:25:14.0996 3372 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

09:25:15.0027 3372 LightScribeService - ok

09:25:15.0051 3372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:25:15.0067 3372 lltdio - ok

09:25:15.0109 3372 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:25:15.0128 3372 lltdsvc - ok

09:25:15.0155 3372 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:25:15.0173 3372 lmhosts - ok

09:25:15.0208 3372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:25:15.0226 3372 LSI_FC - ok

09:25:15.0235 3372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:25:15.0255 3372 LSI_SAS - ok

09:25:15.0264 3372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:25:15.0282 3372 LSI_SAS2 - ok

09:25:15.0299 3372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:25:15.0318 3372 LSI_SCSI - ok

09:25:15.0338 3372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:25:15.0364 3372 luafv - ok

09:25:15.0387 3372 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

09:25:15.0404 3372 Mcx2Svc - ok

09:25:15.0421 3372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:25:15.0437 3372 megasas - ok

09:25:15.0474 3372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:25:15.0496 3372 MegaSR - ok

09:25:15.0529 3372 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:25:15.0533 3372 MMCSS - ok

09:25:15.0580 3372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:25:15.0596 3372 Modem - ok

09:25:15.0613 3372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:25:15.0615 3372 monitor - ok

09:25:15.0650 3372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:25:15.0681 3372 mouclass - ok

09:25:15.0707 3372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:25:15.0722 3372 mouhid - ok

09:25:15.0750 3372 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

09:25:15.0768 3372 mountmgr - ok

09:25:15.0830 3372 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:25:15.0924 3372 MozillaMaintenance - ok

09:25:15.0955 3372 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

09:25:15.0979 3372 mpio - ok

09:25:15.0994 3372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:25:16.0011 3372 mpsdrv - ok

09:25:16.0088 3372 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

09:25:16.0178 3372 MpsSvc - ok

09:25:16.0197 3372 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

09:25:16.0215 3372 MRxDAV - ok

09:25:16.0251 3372 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:25:16.0270 3372 mrxsmb - ok

09:25:16.0299 3372 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:25:16.0319 3372 mrxsmb10 - ok

09:25:16.0351 3372 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:25:16.0368 3372 mrxsmb20 - ok

09:25:16.0379 3372 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

09:25:16.0405 3372 msahci - ok

09:25:16.0419 3372 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

09:25:16.0442 3372 msdsm - ok

09:25:16.0469 3372 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:25:16.0486 3372 MSDTC - ok

09:25:16.0511 3372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:25:16.0525 3372 Msfs - ok

09:25:16.0538 3372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:25:16.0553 3372 mshidkmdf - ok

09:25:16.0566 3372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

09:25:16.0581 3372 msisadrv - ok

09:25:16.0615 3372 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:25:16.0632 3372 MSiSCSI - ok

Link to post
Share on other sites

6.0638 3372 msiserver - ok

09:25:16.0659 3372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:25:16.0672 3372 MSKSSRV - ok

09:25:16.0678 3372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:25:16.0692 3372 MSPCLOCK - ok

09:25:16.0698 3372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:25:16.0712 3372 MSPQM - ok

09:25:16.0744 3372 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

09:25:16.0766 3372 MsRPC - ok

09:25:16.0780 3372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

09:25:16.0781 3372 mssmbios - ok

09:25:16.0789 3372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:25:16.0803 3372 MSTEE - ok

09:25:16.0810 3372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:25:16.0824 3372 MTConfig - ok

09:25:16.0853 3372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:25:16.0878 3372 Mup - ok

09:25:16.0923 3372 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

09:25:16.0931 3372 napagent - ok

09:25:16.0971 3372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:25:16.0992 3372 NativeWifiP - ok

09:25:17.0075 3372 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120618.017\ENG64.SYS

09:25:17.0106 3372 NAVENG - ok

09:25:17.0246 3372 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120618.017\EX64.SYS

09:25:17.0288 3372 NAVEX15 - ok

09:25:17.0481 3372 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

09:25:17.0495 3372 NDIS - ok

09:25:17.0544 3372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:25:17.0568 3372 NdisCap - ok

09:25:17.0596 3372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:25:17.0621 3372 NdisTapi - ok

09:25:17.0640 3372 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

09:25:17.0655 3372 Ndisuio - ok

09:25:17.0679 3372 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

09:25:17.0697 3372 NdisWan - ok

09:25:17.0720 3372 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

09:25:17.0736 3372 NDProxy - ok

09:25:17.0751 3372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:25:17.0766 3372 NetBIOS - ok

09:25:17.0794 3372 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

09:25:17.0813 3372 NetBT - ok

09:25:17.0832 3372 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:25:17.0834 3372 Netlogon - ok

09:25:17.0901 3372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:25:17.0910 3372 Netman - ok

09:25:17.0950 3372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:25:17.0959 3372 netprofm - ok

09:25:18.0025 3372 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:25:18.0061 3372 NetTcpPortSharing - ok

09:25:18.0098 3372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:25:18.0120 3372 nfrd960 - ok

09:25:18.0187 3372 NIS (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

09:25:18.0192 3372 NIS - ok

09:25:18.0232 3372 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

09:25:18.0240 3372 NlaSvc - ok

09:25:18.0258 3372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:25:18.0277 3372 Npfs - ok

09:25:18.0306 3372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:25:18.0342 3372 nsi - ok

09:25:18.0373 3372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:25:18.0389 3372 nsiproxy - ok

09:25:18.0514 3372 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

09:25:18.0562 3372 Ntfs - ok

09:25:18.0651 3372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:25:18.0664 3372 Null - ok

09:25:18.0710 3372 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

09:25:18.0729 3372 nvraid - ok

09:25:18.0768 3372 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

09:25:18.0788 3372 nvstor - ok

09:25:18.0924 3372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

09:25:19.0059 3372 nv_agp - ok

09:25:19.0069 3372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

09:25:19.0084 3372 ohci1394 - ok

09:25:19.0120 3372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:25:19.0125 3372 p2pimsvc - ok

09:25:19.0168 3372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:25:19.0177 3372 p2psvc - ok

09:25:19.0189 3372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:25:19.0205 3372 Parport - ok

09:25:19.0245 3372 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

09:25:19.0279 3372 partmgr - ok

09:25:19.0313 3372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:25:19.0346 3372 PcaSvc - ok

09:25:19.0499 3372 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms

09:25:19.0767 3372 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok

09:25:19.0833 3372 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

09:25:19.0835 3372 pci - ok

09:25:19.0871 3372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

09:25:19.0897 3372 pciide - ok

09:25:19.0918 3372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:25:19.0940 3372 pcmcia - ok

09:25:19.0957 3372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:25:19.0973 3372 pcw - ok

09:25:20.0024 3372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:25:20.0049 3372 PEAUTH - ok

09:25:20.0126 3372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:25:20.0171 3372 PerfHost - ok

09:25:20.0292 3372 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

09:25:20.0344 3372 pla - ok

09:25:20.0404 3372 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

09:25:20.0448 3372 PlugPlay - ok

09:25:20.0501 3372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:25:20.0530 3372 PNRPAutoReg - ok

09:25:20.0564 3372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:25:20.0570 3372 PNRPsvc - ok

09:25:20.0612 3372 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

09:25:20.0621 3372 PolicyAgent - ok

09:25:20.0654 3372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:25:20.0660 3372 Power - ok

09:25:20.0710 3372 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

09:25:20.0728 3372 PptpMiniport - ok

09:25:20.0747 3372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:25:20.0763 3372 Processor - ok

09:25:20.0794 3372 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

09:25:20.0799 3372 ProfSvc - ok

09:25:20.0821 3372 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:25:20.0823 3372 ProtectedStorage - ok

09:25:20.0843 3372 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

09:25:20.0845 3372 Psched - ok

09:25:20.0962 3372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:25:21.0017 3372 ql2300 - ok

09:25:21.0122 3372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:25:21.0142 3372 ql40xx - ok

09:25:21.0178 3372 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:25:21.0202 3372 QWAVE - ok

09:25:21.0223 3372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:25:21.0242 3372 QWAVEdrv - ok

09:25:21.0260 3372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:25:21.0293 3372 RasAcd - ok

09:25:21.0345 3372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:25:21.0376 3372 RasAgileVpn - ok

09:25:21.0402 3372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:25:21.0420 3372 RasAuto - ok

09:25:21.0440 3372 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:25:21.0458 3372 Rasl2tp - ok

09:25:21.0481 3372 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

09:25:21.0505 3372 RasMan - ok

09:25:21.0522 3372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:25:21.0539 3372 RasPppoe - ok

09:25:21.0565 3372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:25:21.0582 3372 RasSstp - ok

09:25:21.0612 3372 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

09:25:21.0647 3372 rdbss - ok

09:25:21.0659 3372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:25:21.0674 3372 rdpbus - ok

09:25:21.0711 3372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:25:21.0725 3372 RDPCDD - ok

09:25:21.0739 3372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:25:21.0759 3372 RDPENCDD - ok

09:25:21.0780 3372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:25:21.0795 3372 RDPREFMP - ok

09:25:21.0830 3372 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

09:25:21.0859 3372 RDPWD - ok

09:25:21.0880 3372 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

09:25:21.0899 3372 rdyboost - ok

09:25:21.0938 3372 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:25:21.0955 3372 RemoteAccess - ok

09:25:21.0993 3372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:25:22.0020 3372 RemoteRegistry - ok

09:25:22.0050 3372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:25:22.0086 3372 RpcEptMapper - ok

09:25:22.0111 3372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:25:22.0130 3372 RpcLocator - ok

09:25:22.0180 3372 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

09:25:22.0192 3372 RpcSs - ok

09:25:22.0229 3372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:25:22.0250 3372 rspndr - ok

09:25:22.0315 3372 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:25:22.0346 3372 RTL8167 - ok

09:25:22.0369 3372 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:25:22.0372 3372 SamSs - ok

09:25:22.0398 3372 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

09:25:22.0417 3372 sbp2port - ok

09:25:22.0446 3372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:25:22.0465 3372 SCardSvr - ok

09:25:22.0483 3372 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

09:25:22.0498 3372 scfilter - ok

09:25:22.0595 3372 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

09:25:22.0744 3372 Schedule - ok

09:25:22.0773 3372 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

09:25:22.0775 3372 SCPolicySvc - ok

09:25:22.0802 3372 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

09:25:22.0821 3372 SDRSVC - ok

09:25:22.0864 3372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:25:22.0879 3372 secdrv - ok

09:25:22.0896 3372 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

09:25:22.0914 3372 seclogon - ok

09:25:22.0930 3372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:25:22.0934 3372 SENS - ok

09:25:22.0963 3372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:25:22.0980 3372 SensrSvc - ok

09:25:23.0007 3372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:25:23.0022 3372 Serenum - ok

09:25:23.0031 3372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:25:23.0049 3372 Serial - ok

09:25:23.0069 3372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:25:23.0083 3372 sermouse - ok

09:25:23.0115 3372 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

09:25:23.0141 3372 SessionEnv - ok

09:25:23.0148 3372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

09:25:23.0163 3372 sffdisk - ok

09:25:23.0169 3372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

09:25:23.0183 3372 sffp_mmc - ok

09:25:23.0190 3372 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

09:25:23.0205 3372 sffp_sd - ok

09:25:23.0214 3372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

09:25:23.0229 3372 sfloppy - ok

09:25:23.0280 3372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

09:25:23.0306 3372 SharedAccess - ok

09:25:23.0355 3372 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

09:25:23.0381 3372 ShellHWDetection - ok

09:25:23.0388 3372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:25:23.0405 3372 SiSRaid2 - ok

09:25:23.0417 3372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

09:25:23.0436 3372 SiSRaid4 - ok

09:25:23.0459 3372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:25:23.0475 3372 Smb - ok

09:25:23.0506 3372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

09:25:23.0522 3372 SNMPTRAP - ok

09:25:23.0535 3372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:25:23.0550 3372 spldr - ok

09:25:23.0603 3372 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

09:25:23.0615 3372 Spooler - ok

09:25:23.0849 3372 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

09:25:23.0923 3372 sppsvc - ok

09:25:24.0014 3372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

09:25:24.0048 3372 sppuinotify - ok

09:25:24.0141 3372 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS

09:25:24.0178 3372 SRTSP - ok

09:25:24.0205 3372 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS

09:25:24.0222 3372 SRTSPX - ok

09:25:24.0273 3372 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

09:25:24.0296 3372 srv - ok

09:25:24.0326 3372 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

09:25:24.0354 3372 srv2 - ok

09:25:24.0377 3372 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

09:25:24.0405 3372 srvnet - ok

09:25:24.0466 3372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

09:25:24.0472 3372 SSDPSRV - ok

09:25:24.0488 3372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

09:25:24.0513 3372 SstpSvc - ok

09:25:24.0542 3372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

09:25:24.0559 3372 stexstor - ok

09:25:24.0614 3372 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

09:25:24.0625 3372 stisvc - ok

09:25:24.0634 3372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

09:25:24.0659 3372 swenum - ok

09:25:24.0704 3372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

09:25:24.0714 3372 swprv - ok

09:25:24.0793 3372 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS

09:25:24.0818 3372 SymDS - ok

09:25:24.0853 3372 SymEFA (8464297bf069a81613a276181b83b37c) C:\Windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS

09:25:24.0873 3372 SymEFA - ok

09:25:24.0917 3372 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

09:25:24.0946 3372 SymEvent - ok

09:25:24.0981 3372 SymIRON (3744dae483213fac04422731825af44f) C:\Windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS

09:25:24.0999 3372 SymIRON - ok

09:25:25.0036 3372 SYMTDIv (186814960618bc499399a6f455ec0e14) C:\Windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS

09:25:25.0059 3372 SYMTDIv - ok

09:25:25.0187 3372 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

09:25:25.0206 3372 SysMain - ok

09:25:25.0293 3372 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

09:25:25.0310 3372 TabletInputService - ok

09:25:25.0343 3372 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

09:25:25.0367 3372 TapiSrv - ok

09:25:25.0386 3372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

09:25:25.0390 3372 TBS - ok

09:25:25.0591 3372 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

09:25:25.0652 3372 Tcpip - ok

09:25:25.0850 3372 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

09:25:25.0868 3372 TCPIP6 - ok

09:25:25.0936 3372 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

09:25:25.0951 3372 tcpipreg - ok

09:25:25.0974 3372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:25:25.0989 3372 TDPIPE - ok

09:25:26.0009 3372 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

09:25:26.0024 3372 TDTCP - ok

09:25:26.0055 3372 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

09:25:26.0071 3372 tdx - ok

09:25:26.0087 3372 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

09:25:26.0103 3372 TermDD - ok

09:25:26.0168 3372 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

09:25:26.0200 3372 TermService - ok

09:25:26.0215 3372 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

09:25:26.0233 3372 Themes - ok

09:25:26.0261 3372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:25:26.0264 3372 THREADORDER - ok

09:25:26.0287 3372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

09:25:26.0324 3372 TrkWks - ok

09:25:26.0388 3372 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

09:25:26.0391 3372 TrustedInstaller - ok

09:25:26.0409 3372 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:25:26.0431 3372 tssecsrv - ok

09:25:26.0474 3372 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

09:25:26.0491 3372 tunnel - ok

09:25:26.0508 3372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

09:25:26.0526 3372 uagp35 - ok

09:25:26.0548 3372 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

09:25:26.0568 3372 udfs - ok

09:25:26.0603 3372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

09:25:26.0621 3372 UI0Detect - ok

09:25:26.0631 3372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

09:25:26.0648 3372 uliagpkx - ok

09:25:26.0689 3372 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

09:25:26.0703 3372 umbus - ok

09:25:26.0709 3372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

09:25:26.0724 3372 UmPass - ok

09:25:26.0759 3372 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

09:25:26.0768 3372 upnphost - ok

09:25:26.0797 3372 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

09:25:26.0825 3372 usbccgp - ok

09:25:26.0844 3372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

09:25:26.0861 3372 usbcir - ok

09:25:26.0878 3372 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

09:25:26.0893 3372 usbehci - ok

09:25:26.0927 3372 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys

09:25:26.0943 3372 usbfilter - ok

09:25:26.0986 3372 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

09:25:27.0006 3372 usbhub - ok

09:25:27.0020 3372 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

09:25:27.0035 3372 usbohci - ok

09:25:27.0053 3372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

09:25:27.0068 3372 usbprint - ok

09:25:27.0085 3372 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

09:25:27.0102 3372 USBSTOR - ok

09:25:27.0119 3372 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

09:25:27.0134 3372 usbuhci - ok

09:25:27.0184 3372 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

09:25:27.0202 3372 usbvideo - ok

09:25:27.0232 3372 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

09:25:27.0254 3372 UxSms - ok

09:25:27.0291 3372 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:25:27.0294 3372 VaultSvc - ok

09:25:27.0343 3372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

09:25:27.0363 3372 vdrvroot - ok

09:25:27.0433 3372 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

09:25:27.0443 3372 vds - ok

09:25:27.0473 3372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:25:27.0490 3372 vga - ok

09:25:27.0521 3372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:25:27.0541 3372 VgaSave - ok

09:25:27.0577 3372 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

09:25:27.0600 3372 vhdmp - ok

09:25:27.0626 3372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

09:25:27.0641 3372 viaide - ok

09:25:27.0659 3372 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

09:25:27.0676 3372 volmgr - ok

09:25:27.0714 3372 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

09:25:27.0736 3372 volmgrx - ok

09:25:27.0755 3372 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

09:25:27.0775 3372 volsnap - ok

09:25:27.0797 3372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

09:25:27.0818 3372 vsmraid - ok

09:25:27.0910 3372 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

09:25:27.0945 3372 VSS - ok

09:25:28.0029 3372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:25:28.0043 3372 vwifibus - ok

09:25:28.0069 3372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:25:28.0085 3372 vwififlt - ok

09:25:28.0135 3372 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

09:25:28.0209 3372 W32Time - ok

09:25:28.0232 3372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

09:25:28.0256 3372 WacomPen - ok

09:25:28.0287 3372 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

09:25:28.0304 3372 WANARP - ok

09:25:28.0310 3372 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

09:25:28.0313 3372 Wanarpv6 - ok

09:25:28.0427 3372 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

09:25:28.0506 3372 WatAdminSvc - ok

09:25:28.0617 3372 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

09:25:28.0638 3372 wbengine - ok

09:25:28.0732 3372 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

09:25:28.0757 3372 WbioSrvc - ok

09:25:28.0795 3372 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

09:25:28.0819 3372 wcncsvc - ok

09:25:28.0834 3372 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

09:25:28.0852 3372 WcsPlugInService - ok

09:25:28.0884 3372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

09:25:28.0901 3372 Wd - ok

09:25:28.0952 3372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:25:28.0978 3372 Wdf01000 - ok

09:25:29.0144 3372 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:25:29.0149 3372 WdiServiceHost - ok

09:25:29.0158 3372 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:25:29.0163 3372 WdiSystemHost - ok

09:25:29.0360 3372 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

09:25:29.0422 3372 WebClient - ok

09:25:29.0453 3372 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

09:25:29.0486 3372 Wecsvc - ok

09:25:29.0512 3372 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

09:25:29.0516 3372 wercplsupport - ok

09:25:29.0544 3372 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

09:25:29.0548 3372 WerSvc - ok

09:25:29.0600 3372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:25:29.0627 3372 WfpLwf - ok

09:25:29.0641 3372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:25:29.0658 3372 WIMMount - ok

09:25:29.0676 3372 WinDefend - ok

09:25:29.0690 3372 WinHttpAutoProxySvc - ok

09:25:29.0756 3372 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

09:25:29.0789 3372 Winmgmt - ok

09:25:29.0946 3372 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

09:25:30.0037 3372 WinRM - ok

09:25:30.0193 3372 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

09:25:30.0234 3372 Wlansvc - ok

09:25:30.0265 3372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:25:30.0283 3372 WmiAcpi - ok

09:25:30.0359 3372 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

09:25:30.0400 3372 wmiApSrv - ok

09:25:30.0426 3372 WMPNetworkSvc - ok

09:25:30.0466 3372 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

09:25:30.0482 3372 WPCSvc - ok

09:25:30.0501 3372 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

09:25:30.0522 3372 WPDBusEnum - ok

09:25:30.0549 3372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:25:30.0564 3372 ws2ifsl - ok

09:25:30.0596 3372 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

09:25:30.0601 3372 wscsvc - ok

09:25:30.0608 3372 WSearch - ok

09:25:30.0791 3372 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

09:25:30.0850 3372 wuauserv - ok

09:25:30.0946 3372 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

09:25:30.0966 3372 WudfPf - ok

09:25:30.0993 3372 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

09:25:31.0011 3372 wudfsvc - ok

09:25:31.0040 3372 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

09:25:31.0063 3372 WwanSvc - ok

09:25:31.0094 3372 MBR (0x1B8) (59822081721d0d15221fb33e0acb545d) \Device\Harddisk0\DR0

09:25:31.0316 3372 \Device\Harddisk0\DR0 - ok

09:25:31.0323 3372 Boot (0x1200) (0b48cd1e7270759058c21d85f5337fbf) \Device\Harddisk0\DR0\Partition0

09:25:31.0325 3372 \Device\Harddisk0\DR0\Partition0 - ok

09:25:31.0345 3372 Boot (0x1200) (bbc58d97c987564e4744dbcdf3f2ad8d) \Device\Harddisk0\DR0\Partition1

09:25:31.0347 3372 \Device\Harddisk0\DR0\Partition1 - ok

09:25:31.0377 3372 Boot (0x1200) (c4d84563404fa572c68b0c1143a05e85) \Device\Harddisk0\DR0\Partition2

09:25:31.0379 3372 \Device\Harddisk0\DR0\Partition2 - ok

09:25:31.0380 3372 ============================================================

09:25:31.0380 3372 Scan finished

09:25:31.0380 3372 ============================================================

09:25:31.0405 5056 Detected object count: 0

09:25:31.0405 5056 Actual detected object count: 0

09:25:43.0859 4092 ============================================================

09:25:43.0859 4092 Scan started

09:25:43.0859 4092 Mode: Manual; SigCheck; TDLFS;

09:25:43.0859 4092 ============================================================

09:25:44.0135 4092 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

09:25:44.0309 4092 1394ohci - ok

09:25:44.0342 4092 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

09:25:44.0392 4092 ACPI - ok

09:25:44.0399 4092 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

09:25:44.0503 4092 AcpiPmi - ok

09:25:44.0558 4092 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:25:44.0610 4092 AdobeARMservice - ok

09:25:44.0711 4092 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:25:44.0821 4092 AdobeFlashPlayerUpdateSvc - ok

09:25:44.0866 4092 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:25:44.0917 4092 adp94xx - ok

09:25:44.0952 4092 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:25:44.0999 4092 adpahci - ok

09:25:45.0016 4092 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:25:45.0059 4092 adpu320 - ok

09:25:45.0092 4092 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:25:45.0252 4092 AeLookupSvc - ok

09:25:45.0299 4092 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

09:25:45.0443 4092 AERTFilters - ok

09:25:45.0494 4092 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

09:25:45.0557 4092 AFD - ok

09:25:45.0585 4092 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

09:25:45.0624 4092 agp440 - ok

09:25:45.0650 4092 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:25:45.0726 4092 ALG - ok

09:25:45.0732 4092 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

09:25:45.0770 4092 aliide - ok

09:25:45.0803 4092 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe

09:25:45.0892 4092 AMD External Events Utility - ok

09:25:45.0899 4092 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

09:25:45.0944 4092 amdide - ok

09:25:45.0963 4092 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:25:46.0023 4092 AmdK8 - ok

09:25:46.0041 4092 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:25:46.0119 4092 AmdPPM - ok

09:25:46.0143 4092 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys

09:25:46.0186 4092 amdsata - ok

09:25:46.0204 4092 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:25:46.0246 4092 amdsbs - ok

09:25:46.0258 4092 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys

09:25:46.0293 4092 amdxata - ok

09:25:46.0302 4092 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

09:25:46.0433 4092 AppID - ok

09:25:46.0454 4092 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:25:46.0530 4092 AppIDSvc - ok

09:25:46.0543 4092 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

09:25:46.0615 4092 Appinfo - ok

09:25:46.0632 4092 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:25:46.0672 4092 arc - ok

09:25:46.0685 4092 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:25:46.0724 4092 arcsas - ok

09:25:46.0741 4092 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:25:46.0835 4092 AsyncMac - ok

09:25:46.0842 4092 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

09:25:46.0878 4092 atapi - ok

09:25:46.0999 4092 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys

09:25:47.0101 4092 athr - ok

09:25:47.0595 4092 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys

09:25:47.0761 4092 atikmdag - ok

09:25:47.0844 4092 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:25:47.0878 4092 AtiPcie - ok

09:25:47.0945 4092 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

09:25:48.0112 4092 AudioEndpointBuilder - ok

09:25:48.0125 4092 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

09:25:48.0271 4092 AudioSrv - ok

09:25:48.0294 4092 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

09:25:48.0368 4092 AxInstSV - ok

09:25:48.0419 4092 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:25:48.0498 4092 b06bdrv - ok

09:25:48.0530 4092 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:25:48.0572 4092 b57nd60a - ok

09:25:48.0601 4092 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:25:48.0678 4092 BDESVC - ok

09:25:48.0686 4092 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:25:48.0776 4092 Beep - ok

09:25:48.0831 4092 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

09:25:48.0940 4092 BFE - ok

09:25:49.0056 4092 BHDrvx64 (cbee185bf1fa48d1d273b592c62a5a41) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx64.sys

09:25:49.0106 4092 BHDrvx64 - ok

09:25:49.0177 4092 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

09:25:49.0285 4092 BITS - ok

09:25:49.0335 4092 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:25:49.0385 4092 blbdrive - ok

09:25:49.0405 4092 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

09:25:49.0481 4092 bowser - ok

09:25:49.0501 4092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:25:49.0560 4092 BrFiltLo - ok

09:25:49.0566 4092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:25:49.0628 4092 BrFiltUp - ok

09:25:49.0666 4092 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

09:25:49.0756 4092 Browser - ok

09:25:49.0780 4092 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:25:49.0855 4092 Brserid - ok

09:25:49.0863 4092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:25:49.0926 4092 BrSerWdm - ok

09:25:49.0932 4092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:25:50.0014 4092 BrUsbMdm - ok

09:25:50.0021 4092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:25:50.0060 4092 BrUsbSer - ok

09:25:50.0071 4092 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:25:50.0113 4092 BTHMODEM - ok

09:25:50.0142 4092 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:25:50.0233 4092 bthserv - ok

09:25:50.0316 4092 ccHP (60050e92e160115b80175a5bdb1525b4) C:\Windows\system32\drivers\NISx64\1100000.088\ccHPx64.sys

09:25:50.0365 4092 ccHP - ok

09:25:50.0386 4092 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:25:50.0482 4092 cdfs - ok

09:25:50.0509 4092 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

09:25:50.0565 4092 cdrom - ok

09:25:50.0595 4092 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

09:25:50.0688 4092 CertPropSvc - ok

09:25:50.0717 4092 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:25:50.0774 4092 circlass - ok

09:25:50.0816 4092 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:25:50.0872 4092 CLFS - ok

09:25:50.0939 4092 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:25:51.0031 4092 clr_optimization_v2.0.50727_32 - ok

09:25:51.0073 4092 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:25:51.0109 4092 clr_optimization_v2.0.50727_64 - ok

09:25:51.0159 4092 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:25:51.0209 4092 clr_optimization_v4.0.30319_32 - ok

09:25:51.0254 4092 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:25:51.0293 4092 clr_optimization_v4.0.30319_64 - ok

09:25:51.0352 4092 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:25:51.0436 4092 CmBatt - ok

09:25:51.0451 4092 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

09:25:51.0486 4092 cmdide - ok

09:25:51.0538 4092 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

09:25:51.0603 4092 CNG - ok

09:25:51.0611 4092 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:25:51.0648 4092 Compbatt - ok

09:25:51.0663 4092 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

09:25:51.0722 4092 CompositeBus - ok

09:25:51.0728 4092 COMSysApp - ok

09:25:51.0740 4092 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:25:51.0778 4092 crcdisk - ok

09:25:51.0820 4092 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

09:25:51.0900 4092 CryptSvc - ok

09:25:51.0956 4092 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

09:25:52.0062 4092 DcomLaunch - ok

09:25:52.0110 4092 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:25:52.0212 4092 defragsvc - ok

09:25:52.0242 4092 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

09:25:52.0318 4092 DfsC - ok

09:25:52.0351 4092 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

09:25:52.0454 4092 Dhcp - ok

09:25:52.0478 4092 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:25:52.0571 4092 discache - ok

09:25:52.0596 4092 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:25:52.0635 4092 Disk - ok

09:25:52.0667 4092 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

09:25:52.0720 4092 Dnscache - ok

09:25:52.0760 4092 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

09:25:52.0852 4092 dot3svc - ok

09:25:52.0887 4092 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

09:25:52.0969 4092 DPS - ok

09:25:52.0992 4092 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:25:53.0047 4092 drmkaud - ok

09:25:53.0138 4092 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

09:25:53.0199 4092 DXGKrnl - ok

09:25:53.0218 4092 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:25:53.0316 4092 EapHost - ok

09:25:53.0550 4092 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:25:53.0664 4092 ebdrv - ok

09:25:53.0760 4092 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

09:25:53.0807 4092 eeCtrl - ok

09:25:53.0904 4092 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

09:25:53.0987 4092 EFS - ok

09:25:54.0068 4092 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

09:25:54.0183 4092 ehRecvr - ok

09:25:54.0218 4092 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:25:54.0272 4092 ehSched - ok

09:25:54.0337 4092 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:25:54.0393 4092 elxstor - ok

09:25:54.0454 4092 EraserUtilDrv11210 (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys

09:25:54.0495 4092 EraserUtilDrv11210 - ok

09:25:54.0501 4092 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

09:25:54.0548 4092 ErrDev - ok

09:25:54.0603 4092 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:25:54.0704 4092 EventSystem - ok

09:25:54.0735 4092 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:25:54.0814 4092 exfat - ok

09:25:54.0833 4092 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:25:54.0939 4092 fastfat - ok

09:25:55.0012 4092 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

09:25:55.0113 4092 Fax - ok

09:25:55.0121 4092 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:25:55.0172 4092 fdc - ok

09:25:55.0195 4092 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:25:55.0273 4092 fdPHost - ok

09:25:55.0282 4092 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:25:55.0374 4092 FDResPub - ok

09:25:55.0410 4092 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:25:55.0447 4092 FileInfo - ok

09:25:55.0458 4092 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:25:55.0549 4092 Filetrace - ok

09:25:55.0556 4092 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:25:55.0594 4092 flpydisk - ok

09:25:55.0638 4092 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

09:25:55.0680 4092 FltMgr - ok

09:25:55.0781 4092 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

09:25:55.0868 4092 FontCache - ok

09:25:55.0922 4092 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:25:55.0963 4092 FontCache3.0.0.0 - ok

09:25:55.0989 4092 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:25:56.0026 4092 FsDepends - ok

09:25:56.0042 4092 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

09:25:56.0078 4092 Fs_Rec - ok

09:25:56.0111 4092 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:25:56.0158 4092 fvevol - ok

09:25:56.0175 4092 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:25:56.0213 4092 gagp30kx - ok

09:25:56.0277 4092 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

09:25:56.0330 4092 GameConsoleService - ok

09:25:56.0418 4092 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

09:25:56.0573 4092 gpsvc - ok

09:25:56.0631 4092 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:25:56.0704 4092 gupdate - ok

09:25:56.0712 4092 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:25:56.0775 4092 gupdatem - ok

09:25:56.0805 4092 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:25:56.0857 4092 gusvc - ok

09:25:56.0893 4092 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:25:56.0962 4092 hcw85cir - ok

09:25:56.0982 4092 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:25:57.0043 4092 HDAudBus - ok

09:25:57.0050 4092 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:25:57.0088 4092 HidBatt - ok

09:25:57.0100 4092 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:25:57.0145 4092 HidBth - ok

09:25:57.0153 4092 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:25:57.0215 4092 HidIr - ok

09:25:57.0245 4092 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

09:25:57.0338 4092 hidserv - ok

09:25:57.0360 4092 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

09:25:57.0416 4092 HidUsb - ok

09:25:57.0441 4092 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

09:25:57.0519 4092 hkmsvc - ok

09:25:57.0549 4092 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

09:25:57.0631 4092 HomeGroupListener - ok

09:25:57.0661 4092 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

09:25:57.0705 4092 HomeGroupProvider - ok

09:25:57.0755 4092 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

09:25:57.0796 4092 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning

09:25:57.0796 4092 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)

09:25:57.0852 4092 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

09:25:57.0917 4092 hpqwmiex - ok

09:25:57.0946 4092 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

09:25:57.0985 4092 HpSAMD - ok

09:25:58.0043 4092 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

09:25:58.0151 4092 HTTP - ok

09:25:58.0167 4092 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

09:25:58.0202 4092 hwpolicy - ok

09:25:58.0213 4092 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

09:25:58.0254 4092 i8042prt - ok

09:25:58.0294 4092 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

09:25:58.0343 4092 iaStorV - ok

09:25:58.0432 4092 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:25:58.0486 4092 idsvc - ok

Link to post
Share on other sites

09:25:58.0611 4092 IDSVia64 (41d2c4e4c5dfab0b9fbd7438d8822123) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVia64.sys

09:25:58.0657 4092 IDSVia64 - ok

09:25:58.0737 4092 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:25:58.0774 4092 iirsp - ok

09:25:58.0838 4092 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

09:25:58.0946 4092 IKEEXT - ok

09:25:59.0107 4092 IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys

09:25:59.0189 4092 IntcAzAudAddService - ok

09:25:59.0585 4092 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

09:25:59.0621 4092 intelide - ok

09:25:59.0629 4092 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:25:59.0699 4092 intelppm - ok

09:25:59.0726 4092 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:25:59.0820 4092 IPBusEnum - ok

09:25:59.0830 4092 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:25:59.0908 4092 IpFilterDriver - ok

09:25:59.0959 4092 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

09:26:00.0048 4092 iphlpsvc - ok

09:26:00.0068 4092 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

09:26:00.0121 4092 IPMIDRV - ok

09:26:00.0135 4092 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:26:00.0239 4092 IPNAT - ok

09:26:00.0270 4092 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:26:00.0314 4092 IRENUM - ok

09:26:00.0322 4092 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

09:26:00.0365 4092 isapnp - ok

09:26:00.0385 4092 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

09:26:00.0428 4092 iScsiPrt - ok

09:26:00.0452 4092 JMCR (41e6c1f0f85f6f75e53a56dd6bf809ab) C:\Windows\system32\DRIVERS\jmcr.sys

09:26:00.0513 4092 JMCR - ok

09:26:00.0529 4092 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

09:26:00.0566 4092 kbdclass - ok

09:26:00.0575 4092 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

09:26:00.0630 4092 kbdhid - ok

09:26:00.0672 4092 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:26:00.0709 4092 KeyIso - ok

09:26:00.0727 4092 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

09:26:00.0766 4092 KSecDD - ok

09:26:00.0786 4092 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

09:26:00.0828 4092 KSecPkg - ok

09:26:00.0841 4092 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:26:00.0934 4092 ksthunk - ok

09:26:00.0975 4092 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:26:01.0077 4092 KtmRm - ok

09:26:01.0118 4092 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

09:26:01.0175 4092 LanmanServer - ok

09:26:01.0208 4092 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

09:26:01.0309 4092 LanmanWorkstation - ok

09:26:01.0541 4092 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

09:26:01.0615 4092 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

09:26:01.0616 4092 LightScribeService - detected UnsignedFile.Multi.Generic (1)

09:26:01.0637 4092 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:26:01.0727 4092 lltdio - ok

09:26:01.0777 4092 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:26:01.0859 4092 lltdsvc - ok

09:26:01.0874 4092 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:26:01.0951 4092 lmhosts - ok

09:26:01.0976 4092 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:26:02.0016 4092 LSI_FC - ok

09:26:02.0025 4092 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:26:02.0066 4092 LSI_SAS - ok

09:26:02.0073 4092 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:26:02.0111 4092 LSI_SAS2 - ok

09:26:02.0120 4092 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:26:02.0161 4092 LSI_SCSI - ok

09:26:02.0182 4092 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:26:02.0290 4092 luafv - ok

09:26:02.0322 4092 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

09:26:02.0380 4092 Mcx2Svc - ok

09:26:02.0391 4092 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:26:02.0427 4092 megasas - ok

09:26:02.0456 4092 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:26:02.0502 4092 MegaSR - ok

09:26:02.0563 4092 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:26:02.0667 4092 MMCSS - ok

09:26:02.0686 4092 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:26:02.0780 4092 Modem - ok

09:26:02.0797 4092 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:26:02.0858 4092 monitor - ok

09:26:02.0968 4092 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:26:03.0004 4092 mouclass - ok

09:26:03.0117 4092 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:26:03.0166 4092 mouhid - ok

09:26:03.0192 4092 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

09:26:03.0230 4092 mountmgr - ok

09:26:03.0282 4092 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:26:03.0379 4092 MozillaMaintenance - ok

09:26:03.0400 4092 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

09:26:03.0444 4092 mpio - ok

09:26:03.0464 4092 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:26:03.0540 4092 mpsdrv - ok

09:26:03.0610 4092 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

09:26:03.0773 4092 MpsSvc - ok

09:26:03.0788 4092 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

09:26:03.0874 4092 MRxDAV - ok

09:26:03.0911 4092 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:26:03.0985 4092 mrxsmb - ok

09:26:04.0018 4092 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:26:04.0060 4092 mrxsmb10 - ok

09:26:04.0076 4092 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:26:04.0114 4092 mrxsmb20 - ok

09:26:04.0120 4092 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

09:26:04.0165 4092 msahci - ok

09:26:04.0179 4092 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

09:26:04.0218 4092 msdsm - ok

09:26:04.0242 4092 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:26:04.0301 4092 MSDTC - ok

09:26:04.0337 4092 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:26:04.0411 4092 Msfs - ok

09:26:04.0423 4092 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:26:04.0497 4092 mshidkmdf - ok

09:26:04.0509 4092 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

09:26:04.0547 4092 msisadrv - ok

09:26:04.0574 4092 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:26:04.0652 4092 MSiSCSI - ok

09:26:04.0657 4092 msiserver - ok

09:26:04.0676 4092 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:26:04.0771 4092 MSKSSRV - ok

09:26:04.0776 4092 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:26:04.0856 4092 MSPCLOCK - ok

09:26:04.0861 4092 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:26:04.0941 4092 MSPQM - ok

09:26:04.0980 4092 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

09:26:05.0027 4092 MsRPC - ok

09:26:05.0064 4092 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

09:26:05.0100 4092 mssmbios - ok

09:26:05.0152 4092 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:26:05.0226 4092 MSTEE - ok

09:26:05.0232 4092 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:26:05.0271 4092 MTConfig - ok

09:26:05.0290 4092 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:26:05.0337 4092 Mup - ok

09:26:05.0392 4092 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

09:26:05.0480 4092 napagent - ok

09:26:05.0515 4092 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:26:05.0584 4092 NativeWifiP - ok

09:26:05.0677 4092 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120618.017\ENG64.SYS

09:26:05.0714 4092 NAVENG - ok

09:26:05.0852 4092 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120618.017\EX64.SYS

09:26:05.0936 4092 NAVEX15 - ok

09:26:06.0086 4092 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

09:26:06.0178 4092 NDIS - ok

09:26:06.0194 4092 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:26:06.0282 4092 NdisCap - ok

09:26:06.0305 4092 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:26:06.0407 4092 NdisTapi - ok

09:26:06.0432 4092 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

09:26:06.0521 4092 Ndisuio - ok

09:26:06.0555 4092 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

09:26:06.0631 4092 NdisWan - ok

09:26:06.0645 4092 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

09:26:06.0738 4092 NDProxy - ok

09:26:06.0759 4092 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:26:06.0854 4092 NetBIOS - ok

09:26:06.0886 4092 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

09:26:06.0985 4092 NetBT - ok

09:26:07.0015 4092 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:26:07.0058 4092 Netlogon - ok

09:26:07.0103 4092 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:26:07.0204 4092 Netman - ok

09:26:07.0261 4092 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:26:07.0420 4092 netprofm - ok

09:26:07.0493 4092 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:26:07.0533 4092 NetTcpPortSharing - ok

09:26:07.0566 4092 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:26:07.0603 4092 nfrd960 - ok

09:26:07.0663 4092 NIS (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

09:26:07.0727 4092 NIS - ok

09:26:07.0772 4092 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

09:26:07.0873 4092 NlaSvc - ok

09:26:07.0900 4092 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:26:07.0992 4092 Npfs - ok

09:26:08.0023 4092 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:26:08.0114 4092 nsi - ok

09:26:08.0139 4092 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:26:08.0226 4092 nsiproxy - ok

09:26:08.0366 4092 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

09:26:08.0442 4092 Ntfs - ok

09:26:08.0542 4092 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:26:08.0616 4092 Null - ok

09:26:08.0643 4092 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

09:26:08.0683 4092 nvraid - ok

09:26:08.0709 4092 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

09:26:08.0749 4092 nvstor - ok

09:26:08.0772 4092 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

09:26:08.0812 4092 nv_agp - ok

09:26:08.0819 4092 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

09:26:08.0874 4092 ohci1394 - ok

09:26:08.0924 4092 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:26:09.0003 4092 p2pimsvc - ok

09:26:09.0040 4092 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:26:09.0085 4092 p2psvc - ok

09:26:09.0097 4092 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:26:09.0135 4092 Parport - ok

09:26:09.0159 4092 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

09:26:09.0197 4092 partmgr - ok

09:26:09.0220 4092 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:26:09.0285 4092 PcaSvc - ok

09:26:09.0415 4092 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms

09:26:09.0456 4092 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok

09:26:09.0509 4092 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

09:26:09.0550 4092 pci - ok

09:26:09.0562 4092 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

09:26:09.0598 4092 pciide - ok

09:26:09.0614 4092 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:26:09.0657 4092 pcmcia - ok

09:26:09.0674 4092 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:26:09.0710 4092 pcw - ok

09:26:09.0765 4092 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:26:09.0870 4092 PEAUTH - ok

09:26:09.0924 4092 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:26:09.0990 4092 PerfHost - ok

09:26:10.0099 4092 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

09:26:10.0217 4092 pla - ok

09:26:10.0261 4092 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

09:26:10.0358 4092 PlugPlay - ok

09:26:10.0381 4092 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:26:10.0439 4092 PNRPAutoReg - ok

09:26:10.0481 4092 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:26:10.0524 4092 PNRPsvc - ok

09:26:10.0577 4092 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

09:26:10.0681 4092 PolicyAgent - ok

09:26:10.0729 4092 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:26:10.0815 4092 Power - ok

09:26:10.0867 4092 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

09:26:10.0995 4092 PptpMiniport - ok

09:26:11.0021 4092 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:26:11.0093 4092 Processor - ok

09:26:11.0130 4092 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

09:26:11.0224 4092 ProfSvc - ok

09:26:11.0244 4092 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:26:11.0284 4092 ProtectedStorage - ok

09:26:11.0307 4092 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

09:26:11.0391 4092 Psched - ok

09:26:11.0480 4092 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:26:11.0571 4092 ql2300 - ok

09:26:11.0777 4092 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:26:11.0818 4092 ql40xx - ok

09:26:11.0851 4092 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:26:11.0902 4092 QWAVE - ok

09:26:11.0912 4092 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:26:11.0969 4092 QWAVEdrv - ok

09:26:11.0976 4092 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:26:12.0061 4092 RasAcd - ok

09:26:12.0096 4092 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:26:12.0217 4092 RasAgileVpn - ok

09:26:12.0256 4092 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:26:12.0378 4092 RasAuto - ok

09:26:12.0416 4092 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:26:12.0507 4092 Rasl2tp - ok

09:26:12.0537 4092 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

09:26:12.0642 4092 RasMan - ok

09:26:12.0672 4092 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:26:12.0766 4092 RasPppoe - ok

09:26:12.0794 4092 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:26:12.0891 4092 RasSstp - ok

09:26:12.0935 4092 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

09:26:13.0045 4092 rdbss - ok

09:26:13.0065 4092 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:26:13.0118 4092 rdpbus - ok

09:26:13.0134 4092 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:26:13.0207 4092 RDPCDD - ok

09:26:13.0220 4092 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:26:13.0335 4092 RDPENCDD - ok

09:26:13.0363 4092 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:26:13.0474 4092 RDPREFMP - ok

09:26:13.0519 4092 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

09:26:13.0617 4092 RDPWD - ok

09:26:13.0657 4092 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

09:26:13.0701 4092 rdyboost - ok

09:26:13.0728 4092 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:26:13.0824 4092 RemoteAccess - ok

09:26:13.0858 4092 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:26:13.0940 4092 RemoteRegistry - ok

09:26:13.0957 4092 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:26:14.0051 4092 RpcEptMapper - ok

09:26:14.0074 4092 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:26:14.0127 4092 RpcLocator - ok

09:26:14.0179 4092 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

09:26:14.0267 4092 RpcSs - ok

09:26:14.0301 4092 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:26:14.0394 4092 rspndr - ok

09:26:14.0437 4092 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:26:14.0491 4092 RTL8167 - ok

09:26:14.0516 4092 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:26:14.0556 4092 SamSs - ok

09:26:14.0578 4092 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

09:26:14.0622 4092 sbp2port - ok

09:26:14.0651 4092 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:26:14.0756 4092 SCardSvr - ok

09:26:14.0778 4092 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

09:26:14.0878 4092 scfilter - ok

09:26:14.0976 4092 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

09:26:15.0130 4092 Schedule - ok

09:26:15.0162 4092 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

09:26:15.0246 4092 SCPolicySvc - ok

09:26:15.0278 4092 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

09:26:15.0366 4092 SDRSVC - ok

09:26:15.0497 4092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:26:15.0571 4092 secdrv - ok

09:26:15.0583 4092 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

09:26:15.0676 4092 seclogon - ok

09:26:15.0693 4092 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:26:15.0790 4092 SENS - ok

09:26:15.0808 4092 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:26:15.0893 4092 SensrSvc - ok

09:26:15.0920 4092 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:26:15.0974 4092 Serenum - ok

09:26:15.0990 4092 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:26:16.0034 4092 Serial - ok

09:26:16.0048 4092 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:26:16.0101 4092 sermouse - ok

09:26:16.0144 4092 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

09:26:16.0232 4092 SessionEnv - ok

09:26:16.0239 4092 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

09:26:16.0298 4092 sffdisk - ok

09:26:16.0304 4092 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

09:26:16.0345 4092 sffp_mmc - ok

09:26:16.0352 4092 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

09:26:16.0399 4092 sffp_sd - ok

09:26:16.0410 4092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

09:26:16.0454 4092 sfloppy - ok

09:26:16.0501 4092 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

09:26:16.0598 4092 SharedAccess - ok

09:26:16.0651 4092 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

09:26:16.0728 4092 ShellHWDetection - ok

09:26:16.0736 4092 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:26:16.0774 4092 SiSRaid2 - ok

09:26:16.0784 4092 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

09:26:16.0824 4092 SiSRaid4 - ok

09:26:16.0834 4092 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:26:16.0922 4092 Smb - ok

09:26:16.0960 4092 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

09:26:16.0997 4092 SNMPTRAP - ok

09:26:17.0014 4092 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:26:17.0051 4092 spldr - ok

09:26:17.0102 4092 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

09:26:17.0191 4092 Spooler - ok

09:26:17.0415 4092 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

09:26:17.0623 4092 sppsvc - ok

09:26:17.0710 4092 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

09:26:17.0786 4092 sppuinotify - ok

09:26:17.0873 4092 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS

09:26:17.0919 4092 SRTSP - ok

09:26:17.0934 4092 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS

09:26:17.0968 4092 SRTSPX - ok

09:26:18.0019 4092 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

09:26:18.0099 4092 srv - ok

09:26:18.0136 4092 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

09:26:18.0204 4092 srv2 - ok

09:26:18.0239 4092 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

09:26:18.0293 4092 srvnet - ok

09:26:18.0338 4092 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

09:26:18.0420 4092 SSDPSRV - ok

09:26:18.0441 4092 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

09:26:18.0528 4092 SstpSvc - ok

09:26:18.0553 4092 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

09:26:18.0589 4092 stexstor - ok

09:26:18.0635 4092 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

09:26:18.0717 4092 stisvc - ok

09:26:18.0738 4092 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

09:26:18.0780 4092 swenum - ok

09:26:18.0816 4092 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

09:26:18.0917 4092 swprv - ok

09:26:18.0988 4092 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1100000.088\SYMDS64.SYS

09:26:19.0033 4092 SymDS - ok

09:26:19.0064 4092 SymEFA (8464297bf069a81613a276181b83b37c) C:\Windows\system32\drivers\NISx64\1100000.088\SYMEFA64.SYS

09:26:19.0103 4092 SymEFA - ok

09:26:19.0147 4092 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

09:26:19.0184 4092 SymEvent - ok

09:26:19.0211 4092 SymIRON (3744dae483213fac04422731825af44f) C:\Windows\system32\drivers\NISx64\1100000.088\Ironx64.SYS

09:26:19.0247 4092 SymIRON - ok

09:26:19.0287 4092 SYMTDIv (186814960618bc499399a6f455ec0e14) C:\Windows\system32\drivers\NISx64\1100000.088\SYMTDIV.SYS

09:26:19.0333 4092 SYMTDIv - ok

09:26:19.0467 4092 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

09:26:19.0596 4092 SysMain - ok

09:26:19.0688 4092 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

09:26:19.0734 4092 TabletInputService - ok

09:26:19.0763 4092 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

09:26:19.0861 4092 TapiSrv - ok

09:26:19.0890 4092 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

09:26:19.0967 4092 TBS - ok

09:26:20.0110 4092 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

09:26:20.0193 4092 Tcpip - ok

09:26:20.0367 4092 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

09:26:20.0449 4092 TCPIP6 - ok

09:26:20.0537 4092 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

09:26:20.0626 4092 tcpipreg - ok

09:26:20.0643 4092 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:26:20.0716 4092 TDPIPE - ok

09:26:20.0745 4092 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

09:26:20.0811 4092 TDTCP - ok

09:26:20.0833 4092 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

09:26:20.0925 4092 tdx - ok

09:26:20.0939 4092 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

09:26:20.0976 4092 TermDD - ok

09:26:21.0041 4092 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

09:26:21.0147 4092 TermService - ok

09:26:21.0175 4092 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

09:26:21.0239 4092 Themes - ok

09:26:21.0280 4092 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:26:21.0359 4092 THREADORDER - ok

09:26:21.0381 4092 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

09:26:21.0481 4092 TrkWks - ok

09:26:21.0540 4092 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

09:26:21.0580 4092 TrustedInstaller - ok

09:26:21.0595 4092 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:26:21.0696 4092 tssecsrv - ok

09:26:21.0784 4092 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

09:26:21.0861 4092 tunnel - ok

09:26:21.0877 4092 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

09:26:21.0915 4092 uagp35 - ok

09:26:21.0941 4092 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

09:26:22.0036 4092 udfs - ok

09:26:22.0072 4092 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

09:26:22.0111 4092 UI0Detect - ok

09:26:22.0121 4092 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

09:26:22.0160 4092 uliagpkx - ok

09:26:22.0181 4092 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

09:26:22.0217 4092 umbus - ok

09:26:22.0223 4092 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

09:26:22.0276 4092 UmPass - ok

09:26:22.0316 4092 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

09:26:22.0413 4092 upnphost - ok

09:26:22.0457 4092 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

09:26:22.0532 4092 usbccgp - ok

09:26:22.0543 4092 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

09:26:22.0618 4092 usbcir - ok

09:26:22.0647 4092 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

09:26:22.0682 4092 usbehci - ok

09:26:22.0711 4092 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys

09:26:22.0746 4092 usbfilter - ok

09:26:22.0780 4092 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

09:26:22.0835 4092 usbhub - ok

09:26:22.0860 4092 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

09:26:22.0912 4092 usbohci - ok

09:26:22.0945 4092 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

09:26:22.0998 4092 usbprint - ok

09:26:23.0027 4092 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

09:26:23.0097 4092 USBSTOR - ok

09:26:23.0111 4092 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

09:26:23.0146 4092 usbuhci - ok

09:26:23.0185 4092 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

09:26:23.0239 4092 usbvideo - ok

09:26:23.0259 4092 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

09:26:23.0357 4092 UxSms - ok

09:26:23.0390 4092 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

09:26:23.0429 4092 VaultSvc - ok

09:26:23.0453 4092 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

09:26:23.0490 4092 vdrvroot - ok

09:26:23.0522 4092 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

09:26:23.0587 4092 vds - ok

09:26:23.0616 4092 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:26:23.0658 4092 vga - ok

09:26:23.0710 4092 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:26:23.0873 4092 VgaSave - ok

09:26:23.0892 4092 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

09:26:23.0936 4092 vhdmp - ok

09:26:23.0943 4092 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

09:26:23.0981 4092 viaide - ok

09:26:24.0002 4092 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

09:26:24.0041 4092 volmgr - ok

09:26:24.0071 4092 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

09:26:24.0118 4092 volmgrx - ok

09:26:24.0145 4092 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

09:26:24.0190 4092 volsnap - ok

09:26:24.0215 4092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

09:26:24.0257 4092 vsmraid - ok

09:26:24.0382 4092 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

09:26:24.0468 4092 VSS - ok

09:26:24.0580 4092 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:26:24.0637 4092 vwifibus - ok

09:26:24.0661 4092 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:26:24.0710 4092 vwififlt - ok

09:26:24.0750 4092 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

09:26:24.0887 4092 W32Time - ok

09:26:24.0908 4092 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

09:26:24.0957 4092 WacomPen - ok

09:26:24.0987 4092 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

09:26:25.0078 4092 WANARP - ok

09:26:25.0084 4092 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

09:26:25.0164 4092 Wanarpv6 - ok

09:26:25.0276 4092 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

09:26:25.0347 4092 WatAdminSvc - ok

09:26:25.0461 4092 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

09:26:25.0564 4092 wbengine - ok

09:26:25.0654 4092 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

09:26:25.0706 4092 WbioSrvc - ok

09:26:25.0745 4092 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

09:26:25.0822 4092 wcncsvc - ok

09:26:25.0833 4092 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

09:26:25.0888 4092 WcsPlugInService - ok

09:26:25.0925 4092 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

09:26:25.0972 4092 Wd - ok

09:26:26.0021 4092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:26:26.0085 4092 Wdf01000 - ok

09:26:26.0118 4092 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:26:26.0217 4092 WdiServiceHost - ok

09:26:26.0235 4092 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:26:26.0291 4092 WdiSystemHost - ok

09:26:26.0340 4092 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

09:26:26.0440 4092 WebClient - ok

09:26:26.0463 4092 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

09:26:26.0565 4092 Wecsvc - ok

09:26:26.0594 4092 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

09:26:26.0675 4092 wercplsupport - ok

09:26:26.0695 4092 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

09:26:26.0791 4092 WerSvc - ok

09:26:26.0841 4092 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:26:26.0942 4092 WfpLwf - ok

09:26:26.0966 4092 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:26:27.0012 4092 WIMMount - ok

09:26:27.0050 4092 WinDefend - ok

09:26:27.0071 4092 WinHttpAutoProxySvc - ok

09:26:27.0131 4092 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

09:26:27.0217 4092 Winmgmt - ok

09:26:27.0408 4092 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

09:26:27.0524 4092 WinRM - ok

09:26:27.0653 4092 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

09:26:27.0760 4092 Wlansvc - ok

09:26:27.0798 4092 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:26:27.0845 4092 WmiAcpi - ok

09:26:27.0914 4092 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

09:26:27.0999 4092 wmiApSrv - ok

09:26:28.0034 4092 WMPNetworkSvc - ok

09:26:28.0065 4092 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

09:26:28.0117 4092 WPCSvc - ok

09:26:28.0133 4092 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

09:26:28.0195 4092 WPDBusEnum - ok

09:26:28.0224 4092 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:26:28.0301 4092 ws2ifsl - ok

09:26:28.0329 4092 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

09:26:28.0383 4092 wscsvc - ok

09:26:28.0389 4092 WSearch - ok

09:26:28.0572 4092 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

09:26:28.0673 4092 wuauserv - ok

09:26:28.0871 4092 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

09:26:28.0961 4092 WudfPf - ok

09:26:28.0985 4092 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

09:26:29.0081 4092 wudfsvc - ok

09:26:29.0117 4092 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

09:26:29.0179 4092 WwanSvc - ok

09:26:29.0218 4092 MBR (0x1B8) (59822081721d0d15221fb33e0acb545d) \Device\Harddisk0\DR0

09:26:29.0541 4092 \Device\Harddisk0\DR0 - ok

09:26:29.0546 4092 Boot (0x1200) (0b48cd1e7270759058c21d85f5337fbf) \Device\Harddisk0\DR0\Partition0

09:26:29.0548 4092 \Device\Harddisk0\DR0\Partition0 - ok

09:26:29.0577 4092 Boot (0x1200) (bbc58d97c987564e4744dbcdf3f2ad8d) \Device\Harddisk0\DR0\Partition1

09:26:29.0579 4092 \Device\Harddisk0\DR0\Partition1 - ok

09:26:29.0609 4092 Boot (0x1200) (c4d84563404fa572c68b0c1143a05e85) \Device\Harddisk0\DR0\Partition2

09:26:29.0612 4092 \Device\Harddisk0\DR0\Partition2 - ok

09:26:29.0612 4092 ============================================================

09:26:29.0612 4092 Scan finished

09:26:29.0612 4092 ============================================================

09:26:29.0633 4160 Detected object count: 2

09:26:29.0633 4160 Actual detected object count: 2

09:26:58.0024 4160 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:26:58.0024 4160 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:26:58.0031 4160 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

09:26:58.0031 4160 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:27:02.0504 3492 Deinitialize success

Link to post
Share on other sites

That scan was clean, one more scan to run.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-06-21.01 - aaron's 06/21/2012 5:55.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2741 [GMT -5:00]

Running from: c:\users\aaron's\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))

.

.

2012-06-21 11:42 . 2012-06-21 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-21 10:36 . 2012-06-21 11:44 -------- d-----w- c:\windows\system32\drivers\NISx64\1109000.00C

2012-06-19 14:39 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-06-19 14:39 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-06-19 14:23 . 2012-06-19 14:23 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-06-19 12:28 . 2012-06-19 12:30 -------- d-----w- c:\users\aaron's\AppData\Local\Tific

2012-06-19 12:24 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 12:24 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 12:24 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 12:24 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 12:24 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 12:24 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 12:24 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 12:24 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 12:24 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 07:58 . 2012-06-19 07:58 -------- d-----w- c:\users\aaron's\AppData\Roaming\Tific

2012-06-19 07:58 . 2012-06-19 07:58 -------- d-----w- c:\users\aaron's\AppData\Local\Symantec

2012-06-19 07:57 . 2012-06-19 07:57 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-06-19 07:57 . 2012-06-19 07:58 -------- d-----w- c:\program files\Symantec

2012-06-19 07:57 . 2012-06-19 07:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-06-18 04:48 . 2012-06-18 04:48 -------- d-----w- c:\users\aaron's\AppData\Roaming\Malwarebytes

2012-06-18 04:48 . 2012-06-18 04:48 -------- d-----w- c:\programdata\Malwarebytes

2012-06-18 04:48 . 2012-06-18 04:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-18 04:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 04:03 . 2012-06-18 04:03 388096 ----a-r- c:\users\aaron's\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-18 04:03 . 2012-06-18 04:03 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-17 03:42 . 2012-06-17 03:42 -------- d-----w- c:\users\aaron's\AppData\Roaming\PC Speed Maximizer

2012-06-17 03:24 . 2012-06-17 08:56 -------- d-----w- c:\users\aaron's\AppData\Roaming\.purple

2012-06-17 03:22 . 2012-06-17 14:15 -------- d-----w- c:\program files (x86)\PC Speed Maximizer

2012-06-17 03:21 . 2012-06-17 14:15 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2012-06-17 03:21 . 2012-06-17 03:22 -------- d-----w- c:\users\aaron's\AppData\Local\antiphishing-vmninternethelper1_1dn

2012-06-17 03:21 . 2012-06-17 03:21 -------- d-----w- c:\programdata\Tarma Installer

2012-06-17 00:22 . 2012-06-20 12:23 -------- d-----w- c:\users\aaron's\AppData\Roaming\XBMC

2012-06-17 00:20 . 2012-06-19 14:38 -------- d-----w- c:\program files (x86)\XBMC

2012-06-17 00:20 . 2012-06-17 00:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5636211A-21C5-41E6-B3C5-F2FAB8306557}\offreg.dll

2012-06-17 00:19 . 2012-06-17 00:19 -------- d-----w- c:\users\aaron's\AppData\Local\jZip

2012-06-17 00:19 . 2012-06-17 14:16 -------- d-----w- c:\programdata\boost_interprocess

2012-06-17 00:19 . 2012-06-17 00:19 -------- d-----w- c:\program files (x86)\jZip

2012-06-15 17:18 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5636211A-21C5-41E6-B3C5-F2FAB8306557}\mpengine.dll

2012-06-13 15:52 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 15:52 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 15:52 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 15:52 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 15:52 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 15:52 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-12 03:13 . 2012-06-12 03:13 -------- d-----w- c:\users\aaron's\AppData\Local\Unity

2012-06-11 05:53 . 2012-06-11 05:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-06-06 08:04 . 2012-06-06 08:04 -------- d-----w- c:\users\aaron's\AppData\Local\Diagnostics

2012-06-04 00:28 . 2012-06-04 00:28 -------- d-----w- c:\programdata\CCP

2012-06-03 17:23 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-06-03 17:23 . 2009-09-04 22:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2012-06-03 17:23 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2012-06-03 17:05 . 2012-06-03 17:05 -------- d-----w- c:\program files (x86)\CCP

2012-06-03 16:22 . 2012-06-03 16:22 -------- d-----w- c:\users\aaron's\AppData\Local\CCP

2012-06-02 03:06 . 2012-06-02 03:06 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-06-02 02:15 . 2012-06-02 03:06 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-02 02:15 . 2012-06-02 02:15 -------- d-----w- c:\windows\system32\Macromed

2012-06-02 01:55 . 2012-06-02 01:55 -------- d-----w- c:\users\aaron's\AppData\Local\Mozilla

2012-06-02 01:55 . 2012-06-17 14:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-06-01 21:15 . 2012-06-01 21:15 -------- d-----w- c:\program files\Google

2012-06-01 21:15 . 2012-06-03 18:20 -------- d-----w- c:\users\aaron's\AppData\Local\Google

2012-06-01 21:15 . 2012-06-03 18:20 -------- d-----w- c:\program files (x86)\Google

2012-06-01 21:13 . 2012-06-18 18:34 -------- d-----w- c:\windows\SysWow64\Adobe

2012-06-01 20:48 . 2012-06-02 03:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-01 20:48 . 2012-06-01 20:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-06-01 20:48 . 2012-06-11 05:55 -------- d-----w- c:\users\aaron's\AppData\Local\Adobe

2012-06-01 20:47 . 2012-06-01 20:47 -------- d-----w- c:\program files (x86)\Atari

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-30 11:09 . 2012-05-10 17:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-01 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 257696]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]

R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120613.007\IDSvia64.sys [2012-06-14 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-03-31 92160]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-19 138912]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 03:06]

.

2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 21:15]

.

2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 21:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]

"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 216.220.3.205 216.220.3.204

FF - ProfilePath - c:\users\aaron's\AppData\Roaming\Mozilla\Firefox\Profiles\3n825qi4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]

"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\NORTON INTERNET SECURITY\ENGINE\17.9.0.12\cltLMH.exe

.

**************************************************************************

.

Completion time: 2012-06-21 06:50:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-21 11:50

.

Pre-Run: 253,363,617,792 bytes free

Post-Run: 253,173,067,776 bytes free

.

- - End Of File - - CEAA831E234B69C0B0E4D6C873FFAA8C

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.