Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

[SOLVED] Hi there please help to ensure my new PC is clean as I have just had my PayP

This is a discussion on [SOLVED] Hi there please help to ensure my new PC is clean as I have just had my PayP within the Resolved HJT Threads forums, part of the Tech Support Forum category. Note I did not run GEMR as it says 32 bit systems only I'm using 64 bit Windows 7 Home


 
 
Thread Tools Search this Thread
Old 03-31-2012, 11:03 PM   #1
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Note I did not run GEMR as it says 32 bit systems only I'm using 64 bit Windows 7 Home Premium.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by scottie's computer at 15:00:55 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4083.3131 [GMT 9.5:30]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mWinlogon: Userinit=userinit.exe
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
uRun: [Google Update] "C:\Users\scottie's computer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {1013B64B-9C44-4DD3-86A4-911E53836674} - hxxps://www.secureft.com.au/SecurEFT.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4BDE36C5-D2A9-4522-BE7C-C3E392C81120} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-31 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-30 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-24 138232]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-1 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-4 378472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-23 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-01 03:44:08 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\SUPERAntiSpyware.com
2012-04-01 03:43:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-01 03:43:24 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-01 01:45:44 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Google
2012-03-30 13:41:48 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\Malwarebytes
2012-03-30 13:41:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-30 13:41:41 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 13:41:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 22:27:08 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-28 23:14:30 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Deployment
2012-03-28 23:14:30 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Apps
2012-03-28 05:26:27 -------- d-----w- C:\Users\scottie's computer\AppData\Local\CrashDumps
2012-03-27 23:12:58 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-27 23:12:20 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\hpqLog
2012-03-27 23:11:38 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\WinBatch
2012-03-25 12:56:28 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Microsoft Research
2012-03-25 12:56:04 -------- d-----w- C:\Program Files (x86)\Microsoft Research
2012-03-25 0221 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Microsoft Corporation
2012-03-25 01:08:34 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Diagnostics
2012-03-25 01:07:54 -------- d-----w- C:\Users\scottie's computer\AppData\Local\ElevatedDiagnostics
2012-03-24 13:53:59 -------- d-----w- C:\ProgramData\Recovery
2012-03-24 05:25:55 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-03-24 04:30:50 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-24 04:30:50 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-24 04:30:50 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-24 04:30:50 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-24 04:30:50 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-24 04:30:50 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-24 04:30:50 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-24 04:30:30 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-03-24 03:05:15 -------- dc----w- C:\Users\scottie's computer\AppData\Local\MigWiz
2012-03-24 02:00:47 -------- d-----w- C:\ProgramData\HP Photo Creations
2012-03-24 02:00:47 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2012-03-24 02:00:37 -------- d-----w- C:\Program Files (x86)\Coupons
2012-03-24 01:59:56 750440 ------w- C:\Windows\System32\HPDiscoPM9311.dll
2012-03-24 01:57:30 -------- d-----w- C:\Users\scottie's computer\AppData\Local\HP
2012-03-24 01:47:07 -------- d-----w- C:\Users\scottie's computer\AppData\Local\SoftGrid Client
2012-03-24 01:47:06 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\SoftGrid Client
2012-03-24 01:46:26 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-24 01:46:17 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\TP
2012-03-24 01:16:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-24 01:12:25 -------- d-----w- C:\Users\scottie's computer\hpremote
2012-03-24 01:11:32 -------- d-----w- C:\ProgramData\MusicStation
2012-03-24 01:11:32 -------- d-----w- C:\Program Files (x86)\MusicStation
2012-03-24 01:11:29 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Downloaded Installations
2012-03-24 01:11:26 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-03-24 01:11:26 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-24 01:11:26 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-03-24 01:11:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-24 01:09:28 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-03-24 00:55:51 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\HP Support Assistant
2012-03-23 23:38:32 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Adobe
2012-03-23 23:21:22 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-23 23:21:21 -------- d-----w- C:\Windows\System32\Wat
2012-03-23 23:12:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-23 23:12:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-23 23:12:02 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-23 22:54:08 -------- d-----w- C:\Users\scottie's computer\AppData\Roaming\HpUpdate
2012-03-23 22:37:15 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-22 22:13:30 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2012-03-22 13:45:27 -------- d-----w- C:\Users\scottie's computer\AppData\Local\PDFC
2012-03-22 13:44:57 -------- d-----w- C:\Users\scottie's computer\AppData\Local\VirtualStore
2012-03-22 13:44:37 -------- d-----w- C:\Users\scottie's computer\AppData\Local\RemEngine
2012-03-22 13:34:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-22 13:34:28 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-22 13:34:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-22 13:34:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-22 13:34:28 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-22 13:34:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-22 13:34:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-22 13:34:07 -------- d-----w- C:\Users\scottie's computer\AppData\Local\Hewlett-Packard
.
==================== Find3M ====================
.
2012-03-29 22:27:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-27 22:26:22 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 15:01:27.89 ===============


Hi there

My new desktop PC is just over a week old and on Friday (Australian time) I had my PayPal account hacked which had the flow on effect of some $500 plus $$$ being withdrawn from my bank account as its linked to PayPal in unauthorised fraudlent tranactions six in total. I have contacted both PayPal and my bank to have this matter investigated and fixed.

You guys have help me clean my laptop in the past and you were excellent.

As this is a new HP PC I want to make sure its clean without any keyloggers or any other nastys to comprimise my privacy & financial info. I have started changing all my passwords but then though if my machine is infected then lets fix that so I can change my passwords with confidence.
At present its running Norton A/V which includes there firewall (as it come with free Norton subsrciption). I know its maybe not the best AV on the market but I had intended to use until subsrcipton finished before looking for an excellent free AV I'm using avast free on my laptop and have been very happy with it. I also loaded MBAM free since PayPal hack (that found zero infections) and loaded SAS free Auper Anti Spyware. As my novice to moderate understanding is as these are free malware/spyware removal programs as they are free they dont run any live timers/scans as they are done manually be user'. So no conflict issues and I also paused Norton will running the reports you guys require.

Please note my system and performance has been great no issue and compared to my 8-9 year old laptop running XP its night & day. My concern is that as my PayPal was hacked have a got a keylogger or other nastys on this new PC? As I'm not well versed in reading anyalysing scans and reports to say with confidence everything is clean. If PC performance is a guide then I would say everything is sweet but that just a guess on my part.

Thanks in advance
Attached Files
File Type: zip Attach.zip (2.5 KB, 4 views)

__________________
scottietwenty3 is offline  
Old 04-03-2012, 11:16 PM   #2
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



"BUMP, please"

__________________
scottietwenty3 is offline  
Old 04-04-2012, 07:28 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



Hi,

If you haven't already done so, from a machine that has never been infected, make sure you change all your passwords for all your online accounts as it is almost impossible to know the source of the issues with PayPal, it was most likely a Phishing site that grabbed the password.


Let's make sure the machine is clean,

please run the following diagnostic scans as well, thanks


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT
  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-04-2012, 08:03 PM   #4
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi CatByte

Thanks for picking up my case.

I assume I have tp put my AV on hold/pause temp diasable in my case Norton is this new HP PC came with free included subcription. I did this before doing any of you instructions above.

I have done the first bit downloaded TDSSKiler and extracted to my desktop. My machine does not auto save (or I cant figure it out) how to auto save it to desktop atm. So I found it in programs and dragged it to my desktop.

I then went to download aswMBR.exe got as far as when asked to dowload Avast's virus definitions select yes (Norton pops while on pause/disabled saying its bloked me).

I went to see you all the logs zipped files etc you require but atm cant?

Note have changed all my passwords etc and have rum AV and MBAM for both machines this desktop PC and my old faithfull laptop. Both show all clean nothing found but I want someone for more expirenced than me to look/advise if all is well. As I'm not a computer noob but am along way from being a tech guru.

Also I'm happy to remove Norton if you recommed and replace it with a free AV if that would be better its just as it comes with a free subscription for a set period and it was pre-installed from HP and I got no disks with system I assume I will lose subscription. Also I have read Norton can be difficult to fully remove.
__________________
scottietwenty3 is offline  
Old 04-04-2012, 11:16 PM   #5
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi

Some of post above I figured out why could not run Avast definitions I had Norton AV disabled but I forgot about Nortons firewall once that was disabled bob's your uncle and all was sweet.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 14:16:57
-----------------------------
14:16:57.816 OS Version: Windows x64 6.1.7601 Service Pack 1
14:16:57.816 Number of processors: 2 586 0x100
14:16:57.816 ComputerName: SCOTTIESPC UserName:
14:17:00.998 Initialize success
14:18:24.751 AVAST engine defs: 12040401
14:27:00.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
14:27:00.246 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
14:27:00.262 Disk 0 MBR read successfully
14:27:00.277 Disk 0 MBR scan
14:27:00.277 Disk 0 Windows 7 default MBR code
14:27:00.293 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:27:00.308 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941816 MB offset 206848
14:27:00.340 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11951 MB offset 1929046016
14:27:00.402 Disk 0 scanning C:\Windows\system32\drivers
14:27:07.859 Service scanning
14:27:27.187 Modules scanning
14:27:27.203 Disk 0 trace - called modules:
14:27:27.218 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:27:27.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfe060]
14:27:27.250 3 CLASSPNP.SYS[fffff88001bc843f] -> nt!IofCallDriver -> [0xfffffa80048fd9b0]
14:27:27.265 5 amd_xata.sys[fffff88000ff38f7] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80048fb060]
14:27:29.434 AVAST engine scan C:\Windows
14:27:33.256 AVAST engine scan C:\Windows\system32
14:30:07.228 AVAST engine scan C:\Windows\system32\drivers
14:30:28.054 AVAST engine scan C:\Users\scottie's computer
14:33:53.787 Disk 0 MBR has been saved successfully to "C:\Users\scottie's computer\Desktop\MBR.dat"
14:33:53.803 The log file has been saved successfully to "C:\Users\scottie's computer\Desktop\aswMBR.txt"
14:35:01.756 AVAST engine scan C:\ProgramData
14:35:30.678 Scan finished successfully
14:37:50.876 Disk 0 MBR has been saved successfully to "C:\Users\scottie's computer\Desktop\MBR.dat"
14:37:50.876 The log file has been saved successfully to "C:\Users\scottie's computer\Desktop\aswMBR.txt"
Attached Files
File Type: zip MBR.zip (571 Bytes, 3 views)
__________________
scottietwenty3 is offline  
Old 04-05-2012, 02:27 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



Hi,

were you able to run the scan with TDSSKiller?

If so, please post the log (it will be on your c:\ drive

If you don't plan to renew your subscription for Norton, then I highly recommend using Malwarebytes Security Essentials,

it's excellent and free. Microsoft Security Essentials - Free Antivirus for Windows


Norton has a removal tool that will uninstall it completely
  • Download the appropriate Norton Removal Tool from HERE and save it to your desktop.
  • Next Double click on Norton_Removal_Tool.exe to run the tool.
  • Follow the on-screen instructions.
  • Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.


what browser are you using?
For firefox make sure your browser settings are as follows
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


for IE use the "save as" option rather than the 'save" option, then you will get the dialog as to where you want to save the file
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-05-2012, 03:59 PM   #7
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi CatByte

My primary browser is IE9 and I have Google Chrome as a back up browser. Thanks for the tip in IE that "'save as'' I was selecting save so now I will be able to save all files I wish to desktop.

I did run TDSSKiller yesterday and it produced a log that I copied but forgot to paste in my reply sorry. So I have run it again now eg checked Dectect TDLFS etc however it does not produce a log now that I can paste to you in my reply.

I did click on report in found nothing and I can highlight it but I'm unable to copy/paste for you it does not present copy/paste option?

As for your tip for a good AV/Firewall etc reall a security sweet I dont intend to renew Norton subscription so I will follow your instructions for removal and load Microsofts MSE in its place. I was leaning that way anyhow its just me original plan with to use up Norton subscription before swicthing.

I have a family commitment for most the day but when I get back on later today at some stage I will follow & run any instructions left.
__________________
scottietwenty3 is offline  
Old 04-05-2012, 04:03 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



The original TDSSKiller log should be on your C:\ drive

please run the following:

Refer to the ComboFix User's Guide
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-05-2012, 05:12 PM   #9
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



11:17:12.0553 5972 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
11:17:12.0740 5972 ============================================================
11:17:12.0740 5972 Current date / time: 2012/04/05 11:17:12.0740
11:17:12.0740 5972 SystemInfo:
11:17:12.0740 5972
11:17:12.0740 5972 OS Version: 6.1.7601 ServicePack: 1.0
11:17:12.0740 5972 Product type: Workstation
11:17:12.0740 5972 ComputerName: SCOTTIESPC
11:17:12.0740 5972 UserName: scottie's computer
11:17:12.0740 5972 Windows directory: C:\Windows
11:17:12.0740 5972 System windows directory: C:\Windows
11:17:12.0740 5972 Running under WOW64
11:17:12.0740 5972 Processor architecture: Intel x64
11:17:12.0756 5972 Number of processors: 2
11:17:12.0756 5972 Page size: 0x1000
11:17:12.0756 5972 Boot type: Normal boot
11:17:12.0756 5972 ============================================================
11:17:13.0317 5972 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:17:13.0349 5972 \Device\Harddisk0\DR0:
11:17:13.0364 5972 MBR used
11:17:13.0364 5972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:17:13.0364 5972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F7C000
11:17:13.0364 5972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FAE800, BlocksNum 0x1757800
11:17:13.0458 5972 Initialize success
11:17:13.0458 5972 ============================================================
11:17:41.0257 5740 ============================================================
11:17:41.0257 5740 Scan started
11:17:41.0257 5740 Mode: Manual; TDLFS;
11:17:41.0257 5740 ============================================================
11:17:42.0115 5740 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:17:42.0115 5740 1394ohci - ok
11:17:42.0146 5740 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:17:42.0162 5740 ACPI - ok
11:17:42.0209 5740 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:17:42.0209 5740 AcpiPmi - ok
11:17:42.0271 5740 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:17:42.0271 5740 adp94xx - ok
11:17:42.0302 5740 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:17:42.0302 5740 adpahci - ok
11:17:42.0365 5740 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:17:42.0365 5740 adpu320 - ok
11:17:42.0427 5740 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:17:42.0443 5740 AeLookupSvc - ok
11:17:42.0521 5740 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:17:42.0521 5740 AFD - ok
11:17:42.0599 5740 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:17:42.0599 5740 agp440 - ok
11:17:42.0646 5740 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:17:42.0646 5740 ALG - ok
11:17:42.0677 5740 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:17:42.0677 5740 aliide - ok
11:17:42.0692 5740 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:17:42.0692 5740 amdide - ok
11:17:42.0708 5740 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:17:42.0708 5740 AmdK8 - ok
11:17:42.0833 5740 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:17:42.0833 5740 AmdPPM - ok
11:17:42.0880 5740 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:17:42.0880 5740 amdsata - ok
11:17:42.0895 5740 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:17:42.0895 5740 amdsbs - ok
11:17:42.0911 5740 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:17:42.0926 5740 amdxata - ok
11:17:42.0942 5740 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\drivers\amd_sata.sys
11:17:42.0942 5740 amd_sata - ok
11:17:42.0989 5740 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\drivers\amd_xata.sys
11:17:42.0989 5740 amd_xata - ok
11:17:43.0051 5740 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:17:43.0051 5740 AppID - ok
11:17:43.0082 5740 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:17:43.0082 5740 AppIDSvc - ok
11:17:43.0082 5740 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:17:43.0082 5740 Appinfo - ok
11:17:43.0114 5740 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:17:43.0114 5740 arc - ok
11:17:43.0129 5740 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:17:43.0129 5740 arcsas - ok
11:17:43.0238 5740 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:17:43.0238 5740 aspnet_state - ok
11:17:43.0332 5740 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:17:43.0332 5740 AsyncMac - ok
11:17:43.0363 5740 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:17:43.0363 5740 atapi - ok
11:17:43.0379 5740 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:17:43.0394 5740 AudioEndpointBuilder - ok
11:17:43.0410 5740 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:17:43.0410 5740 AudioSrv - ok
11:17:43.0457 5740 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:17:43.0457 5740 AxInstSV - ok
11:17:43.0519 5740 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:17:43.0519 5740 b06bdrv - ok
11:17:43.0535 5740 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:17:43.0550 5740 b57nd60a - ok
11:17:43.0628 5740 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:17:43.0644 5740 BBSvc - ok
11:17:43.0675 5740 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:17:43.0675 5740 BDESVC - ok
11:17:43.0738 5740 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:17:43.0738 5740 Beep - ok
11:17:43.0816 5740 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:17:43.0831 5740 BFE - ok
11:17:43.0940 5740 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
11:17:43.0972 5740 BHDrvx64 - ok
11:17:44.0003 5740 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:17:44.0018 5740 BITS - ok
11:17:44.0065 5740 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:17:44.0065 5740 blbdrive - ok
11:17:44.0081 5740 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:17:44.0081 5740 bowser - ok
11:17:44.0159 5740 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:17:44.0159 5740 BrFiltLo - ok
11:17:44.0174 5740 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:17:44.0174 5740 BrFiltUp - ok
11:17:44.0206 5740 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:17:44.0206 5740 Browser - ok
11:17:44.0221 5740 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:17:44.0221 5740 Brserid - ok
11:17:44.0221 5740 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:17:44.0221 5740 BrSerWdm - ok
11:17:44.0237 5740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:17:44.0237 5740 BrUsbMdm - ok
11:17:44.0252 5740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:17:44.0252 5740 BrUsbSer - ok
11:17:44.0268 5740 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:17:44.0268 5740 BTHMODEM - ok
11:17:44.0284 5740 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:17:44.0284 5740 bthserv - ok
11:17:44.0362 5740 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
11:17:44.0377 5740 ccSet_NIS - ok
11:17:44.0393 5740 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:17:44.0393 5740 cdfs - ok
11:17:44.0440 5740 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:17:44.0440 5740 cdrom - ok
11:17:44.0549 5740 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:17:44.0549 5740 CertPropSvc - ok
11:17:44.0611 5740 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:17:44.0611 5740 circlass - ok
11:17:44.0642 5740 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:17:44.0658 5740 CLFS - ok
11:17:44.0720 5740 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:44.0720 5740 clr_optimization_v2.0.50727_32 - ok
11:17:44.0752 5740 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:17:44.0767 5740 clr_optimization_v2.0.50727_64 - ok
11:17:44.0830 5740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:44.0830 5740 clr_optimization_v4.0.30319_32 - ok
11:17:44.0861 5740 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:17:44.0861 5740 clr_optimization_v4.0.30319_64 - ok
11:17:44.0954 5740 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:17:44.0954 5740 CmBatt - ok
11:17:44.0986 5740 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:17:44.0986 5740 cmdide - ok
11:17:45.0017 5740 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:17:45.0032 5740 CNG - ok
11:17:45.0048 5740 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:17:45.0064 5740 Compbatt - ok
11:17:45.0110 5740 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:17:45.0110 5740 CompositeBus - ok
11:17:45.0142 5740 COMSysApp - ok
11:17:45.0188 5740 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:17:45.0188 5740 crcdisk - ok
11:17:45.0235 5740 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:17:45.0235 5740 CryptSvc - ok
11:17:45.0360 5740 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:17:45.0376 5740 cvhsvc - ok
11:17:45.0454 5740 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:17:45.0454 5740 DcomLaunch - ok
11:17:45.0516 5740 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:17:45.0532 5740 defragsvc - ok
11:17:45.0547 5740 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:17:45.0547 5740 DfsC - ok
11:17:45.0610 5740 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:17:45.0625 5740 Dhcp - ok
11:17:45.0641 5740 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:17:45.0641 5740 discache - ok
11:17:45.0703 5740 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:17:45.0703 5740 Disk - ok
11:17:45.0734 5740 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:17:45.0734 5740 Dnscache - ok
11:17:45.0766 5740 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:17:45.0766 5740 dot3svc - ok
11:17:45.0781 5740 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:17:45.0797 5740 DPS - ok
11:17:45.0875 5740 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:17:45.0875 5740 drmkaud - ok
11:17:45.0906 5740 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:17:45.0922 5740 DXGKrnl - ok
11:17:45.0937 5740 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:17:45.0937 5740 EapHost - ok
11:17:46.0015 5740 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:17:46.0046 5740 ebdrv - ok
11:17:46.0140 5740 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:17:46.0140 5740 eeCtrl - ok
11:17:46.0171 5740 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:17:46.0171 5740 EFS - ok
11:17:46.0218 5740 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:17:46.0234 5740 ehRecvr - ok
11:17:46.0312 5740 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:17:46.0312 5740 ehSched - ok
11:17:46.0405 5740 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:17:46.0421 5740 elxstor - ok
11:17:46.0483 5740 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:17:46.0483 5740 EraserUtilRebootDrv - ok
11:17:46.0499 5740 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:17:46.0499 5740 ErrDev - ok
11:17:46.0577 5740 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:17:46.0592 5740 EventSystem - ok
11:17:46.0608 5740 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:17:46.0608 5740 exfat - ok
11:17:46.0624 5740 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:17:46.0639 5740 fastfat - ok
11:17:46.0686 5740 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:17:46.0702 5740 Fax - ok
11:17:46.0717 5740 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:17:46.0717 5740 fdc - ok
11:17:46.0733 5740 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:17:46.0733 5740 fdPHost - ok
11:17:46.0748 5740 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:17:46.0748 5740 FDResPub - ok
11:17:46.0748 5740 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:17:46.0748 5740 FileInfo - ok
11:17:46.0764 5740 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:17:46.0764 5740 Filetrace - ok
11:17:46.0780 5740 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:17:46.0780 5740 flpydisk - ok
11:17:46.0811 5740 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:17:46.0826 5740 FltMgr - ok
11:17:46.0889 5740 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:17:46.0920 5740 FontCache - ok
11:17:46.0967 5740 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:17:46.0967 5740 FontCache3.0.0.0 - ok
11:17:46.0998 5740 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:17:46.0998 5740 FsDepends - ok
11:17:47.0014 5740 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:17:47.0014 5740 Fs_Rec - ok
11:17:47.0029 5740 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:17:47.0029 5740 fvevol - ok
11:17:47.0076 5740 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:17:47.0076 5740 gagp30kx - ok
11:17:47.0154 5740 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:17:47.0154 5740 GamesAppService - ok
11:17:47.0201 5740 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:17:47.0216 5740 gpsvc - ok
11:17:47.0232 5740 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:17:47.0232 5740 hcw85cir - ok
11:17:47.0310 5740 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:17:47.0326 5740 HdAudAddService - ok
11:17:47.0404 5740 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:17:47.0419 5740 HDAudBus - ok
11:17:47.0435 5740 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:17:47.0435 5740 HidBatt - ok
11:17:47.0466 5740 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:17:47.0466 5740 HidBth - ok
11:17:47.0482 5740 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:17:47.0482 5740 HidIr - ok
11:17:47.0497 5740 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:17:47.0497 5740 hidserv - ok
11:17:47.0575 5740 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:17:47.0575 5740 HidUsb - ok
11:17:47.0591 5740 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:17:47.0591 5740 hkmsvc - ok
11:17:47.0606 5740 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:17:47.0606 5740 HomeGroupListener - ok
11:17:47.0638 5740 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:17:47.0638 5740 HomeGroupProvider - ok
11:17:47.0731 5740 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:17:47.0731 5740 HP Support Assistant Service - ok
11:17:47.0809 5740 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:17:47.0825 5740 HPAuto - ok
11:17:47.0840 5740 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:17:47.0856 5740 HPClientSvc - ok
11:17:47.0887 5740 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:17:47.0887 5740 HPDrvMntSvc.exe - ok
11:17:47.0934 5740 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:17:47.0950 5740 hpqwmiex - ok
11:17:48.0043 5740 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:17:48.0043 5740 HpSAMD - ok
11:17:48.0106 5740 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:17:48.0121 5740 HTTP - ok
11:17:48.0121 5740 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:17:48.0121 5740 hwpolicy - ok
11:17:48.0184 5740 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:17:48.0199 5740 i8042prt - ok
11:17:48.0215 5740 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:17:48.0215 5740 iaStorV - ok
11:17:48.0308 5740 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:17:48.0324 5740 idsvc - ok
11:17:48.0449 5740 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120404.002\IDSvia64.sys
11:17:48.0449 5740 IDSVia64 - ok
11:17:48.0652 5740 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:17:48.0714 5740 igfx - ok
11:17:48.0761 5740 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:17:48.0761 5740 iirsp - ok
11:17:48.0808 5740 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:17:48.0823 5740 IKEEXT - ok
11:17:48.0932 5740 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
11:17:48.0964 5740 IntcAzAudAddService - ok
11:17:49.0026 5740 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:17:49.0042 5740 intelide - ok
11:17:49.0088 5740 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:17:49.0088 5740 intelppm - ok
11:17:49.0120 5740 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:17:49.0120 5740 IPBusEnum - ok
11:17:49.0120 5740 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:17:49.0135 5740 IpFilterDriver - ok
11:17:49.0151 5740 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:17:49.0151 5740 iphlpsvc - ok
11:17:49.0166 5740 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:17:49.0166 5740 IPMIDRV - ok
11:17:49.0182 5740 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:17:49.0182 5740 IPNAT - ok
11:17:49.0213 5740 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:17:49.0213 5740 IRENUM - ok
11:17:49.0244 5740 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:17:49.0244 5740 isapnp - ok
11:17:49.0260 5740 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:17:49.0260 5740 iScsiPrt - ok
11:17:49.0322 5740 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:17:49.0322 5740 kbdclass - ok
11:17:49.0338 5740 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:17:49.0338 5740 kbdhid - ok
11:17:49.0354 5740 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:49.0369 5740 KeyIso - ok
11:17:49.0432 5740 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:17:49.0432 5740 KSecDD - ok
11:17:49.0447 5740 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:17:49.0447 5740 KSecPkg - ok
11:17:49.0478 5740 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:17:49.0478 5740 ksthunk - ok
11:17:49.0510 5740 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:17:49.0525 5740 KtmRm - ok
11:17:49.0588 5740 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:17:49.0588 5740 LanmanServer - ok
11:17:49.0650 5740 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:17:49.0650 5740 LanmanWorkstation - ok
11:17:49.0697 5740 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:17:49.0697 5740 lltdio - ok
11:17:49.0728 5740 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:17:49.0744 5740 lltdsvc - ok
11:17:49.0744 5740 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:17:49.0744 5740 lmhosts - ok
11:17:49.0806 5740 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:17:49.0806 5740 LSI_FC - ok
11:17:49.0822 5740 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:17:49.0837 5740 LSI_SAS - ok
11:17:49.0884 5740 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:17:49.0884 5740 LSI_SAS2 - ok
11:17:49.0900 5740 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:17:49.0900 5740 LSI_SCSI - ok
11:17:49.0931 5740 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:17:49.0931 5740 luafv - ok
11:17:49.0946 5740 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:17:49.0946 5740 MBAMProtector - ok
11:17:50.0040 5740 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:17:50.0040 5740 MBAMService - ok
11:17:50.0056 5740 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:17:50.0056 5740 Mcx2Svc - ok
11:17:50.0087 5740 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:17:50.0087 5740 megasas - ok
11:17:50.0118 5740 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:17:50.0118 5740 MegaSR - ok
11:17:50.0134 5740 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:17:50.0134 5740 MMCSS - ok
11:17:50.0149 5740 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:17:50.0149 5740 Modem - ok
11:17:50.0180 5740 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:17:50.0180 5740 monitor - ok
11:17:50.0212 5740 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:17:50.0212 5740 mouclass - ok
11:17:50.0243 5740 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:17:50.0243 5740 mouhid - ok
11:17:50.0274 5740 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:17:50.0274 5740 mountmgr - ok
11:17:50.0321 5740 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:17:50.0321 5740 mpio - ok
11:17:50.0336 5740 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:17:50.0336 5740 mpsdrv - ok
11:17:50.0383 5740 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:17:50.0383 5740 MpsSvc - ok
11:17:50.0399 5740 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:17:50.0399 5740 MRxDAV - ok
11:17:50.0430 5740 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:17:50.0430 5740 mrxsmb - ok
11:17:50.0477 5740 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:17:50.0477 5740 mrxsmb10 - ok
11:17:50.0492 5740 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:17:50.0492 5740 mrxsmb20 - ok
11:17:50.0508 5740 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:17:50.0524 5740 msahci - ok
11:17:50.0555 5740 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:17:50.0555 5740 msdsm - ok
11:17:50.0586 5740 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:17:50.0586 5740 MSDTC - ok
11:17:50.0617 5740 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:17:50.0617 5740 Msfs - ok
11:17:50.0617 5740 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:17:50.0617 5740 mshidkmdf - ok
11:17:50.0648 5740 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:17:50.0648 5740 msisadrv - ok
11:17:50.0664 5740 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:17:50.0680 5740 MSiSCSI - ok
11:17:50.0711 5740 msiserver - ok
11:17:50.0758 5740 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:17:50.0758 5740 MSKSSRV - ok
11:17:50.0773 5740 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:17:50.0773 5740 MSPCLOCK - ok
11:17:50.0789 5740 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:17:50.0789 5740 MSPQM - ok
11:17:50.0804 5740 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:17:50.0820 5740 MsRPC - ok
11:17:50.0836 5740 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:17:50.0836 5740 mssmbios - ok
11:17:50.0836 5740 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:17:50.0836 5740 MSTEE - ok
11:17:50.0851 5740 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:17:50.0851 5740 MTConfig - ok
11:17:50.0851 5740 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:17:50.0867 5740 Mup - ok
11:17:50.0882 5740 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:17:50.0898 5740 napagent - ok
11:17:50.0945 5740 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:17:50.0960 5740 NativeWifiP - ok
11:17:51.0054 5740 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120404.019\ENG64.SYS
11:17:51.0054 5740 NAVENG - ok
11:17:51.0101 5740 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120404.019\EX64.SYS
11:17:51.0116 5740 NAVEX15 - ok
11:17:51.0194 5740 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:17:51.0210 5740 NDIS - ok
11:17:51.0288 5740 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:17:51.0288 5740 NdisCap - ok
11:17:51.0335 5740 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:17:51.0335 5740 NdisTapi - ok
11:17:51.0366 5740 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:17:51.0366 5740 Ndisuio - ok
11:17:51.0382 5740 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:17:51.0397 5740 NdisWan - ok
11:17:51.0413 5740 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:17:51.0413 5740 NDProxy - ok
11:17:51.0460 5740 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:17:51.0475 5740 NetBIOS - ok
11:17:51.0491 5740 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:17:51.0506 5740 NetBT - ok
11:17:51.0538 5740 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:51.0538 5740 Netlogon - ok
11:17:51.0600 5740 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:17:51.0616 5740 Netman - ok
11:17:51.0694 5740 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0694 5740 NetMsmqActivator - ok
11:17:51.0709 5740 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0709 5740 NetPipeActivator - ok
11:17:51.0756 5740 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:17:51.0772 5740 netprofm - ok
11:17:51.0787 5740 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0787 5740 NetTcpActivator - ok
11:17:51.0787 5740 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:51.0787 5740 NetTcpPortSharing - ok
11:17:51.0865 5740 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:17:51.0865 5740 nfrd960 - ok
11:17:51.0959 5740 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
11:17:51.0974 5740 NIS - ok
11:17:52.0006 5740 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:17:52.0006 5740 NlaSvc - ok
11:17:52.0099 5740 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:17:52.0146 5740 NOBU - ok
11:17:52.0177 5740 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:17:52.0177 5740 Npfs - ok
11:17:52.0208 5740 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:17:52.0208 5740 nsi - ok
11:17:52.0240 5740 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:17:52.0240 5740 nsiproxy - ok
11:17:52.0286 5740 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:17:52.0302 5740 Ntfs - ok
11:17:52.0333 5740 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:17:52.0333 5740 Null - ok
11:17:52.0614 5740 nvlddmkm (cd90d63b7161ce9f5a3066f320999ab8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:17:52.0786 5740 nvlddmkm - ok
11:17:52.0895 5740 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:17:52.0895 5740 nvraid - ok
11:17:52.0926 5740 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:17:52.0926 5740 nvstor - ok
11:17:53.0004 5740 nvsvc (b014b7050a2beae115bfcb3a91803d73) C:\Windows\system32\nvvsvc.exe
11:17:53.0020 5740 nvsvc - ok
11:17:53.0035 5740 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:17:53.0035 5740 nv_agp - ok
11:17:53.0051 5740 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:17:53.0066 5740 ohci1394 - ok
11:17:53.0098 5740 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:53.0098 5740 ose - ok
11:17:53.0238 5740 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:17:53.0285 5740 osppsvc - ok
11:17:53.0347 5740 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:17:53.0363 5740 p2pimsvc - ok
11:17:53.0378 5740 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:17:53.0394 5740 p2psvc - ok
11:17:53.0456 5740 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:17:53.0456 5740 Parport - ok
11:17:53.0488 5740 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:17:53.0488 5740 partmgr - ok
11:17:53.0488 5740 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:17:53.0503 5740 PcaSvc - ok
11:17:53.0566 5740 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:17:53.0566 5740 pci - ok
11:17:53.0628 5740 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:17:53.0628 5740 pciide - ok
11:17:53.0659 5740 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:17:53.0659 5740 pcmcia - ok
11:17:53.0675 5740 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:17:53.0675 5740 pcw - ok
11:17:53.0737 5740 pdfcDispatcher - ok
11:17:53.0784 5740 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:17:53.0800 5740 PEAUTH - ok
11:17:53.0846 5740 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:17:53.0846 5740 PerfHost - ok
11:17:53.0893 5740 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:17:53.0909 5740 pla - ok
11:17:53.0971 5740 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:17:53.0987 5740 PlugPlay - ok
11:17:54.0034 5740 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:17:54.0049 5740 PNRPAutoReg - ok
11:17:54.0065 5740 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:17:54.0065 5740 PNRPsvc - ok
11:17:54.0112 5740 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:17:54.0112 5740 PolicyAgent - ok
11:17:54.0143 5740 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:17:54.0143 5740 Power - ok
11:17:54.0221 5740 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:17:54.0221 5740 PptpMiniport - ok
11:17:54.0236 5740 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:17:54.0252 5740 Processor - ok
11:17:54.0268 5740 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:17:54.0268 5740 ProfSvc - ok
11:17:54.0283 5740 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:54.0283 5740 ProtectedStorage - ok
11:17:54.0299 5740 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:17:54.0314 5740 Psched - ok
11:17:54.0346 5740 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:17:54.0361 5740 ql2300 - ok
11:17:54.0408 5740 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:17:54.0408 5740 ql40xx - ok
11:17:54.0486 5740 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:17:54.0486 5740 QWAVE - ok
11:17:54.0533 5740 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:17:54.0533 5740 QWAVEdrv - ok
11:17:54.0548 5740 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:17:54.0548 5740 RasAcd - ok
11:17:54.0580 5740 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:54.0580 5740 RasAgileVpn - ok
11:17:54.0580 5740 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:17:54.0595 5740 RasAuto - ok
11:17:54.0611 5740 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:54.0611 5740 Rasl2tp - ok
11:17:54.0626 5740 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:17:54.0626 5740 RasMan - ok
11:17:54.0704 5740 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:54.0704 5740 RasPppoe - ok
11:17:54.0720 5740 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:17:54.0720 5740 RasSstp - ok
11:17:54.0751 5740 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:17:54.0751 5740 rdbss - ok
11:17:54.0767 5740 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:17:54.0767 5740 rdpbus - ok
11:17:54.0782 5740 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:54.0782 5740 RDPCDD - ok
11:17:54.0798 5740 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:17:54.0798 5740 RDPENCDD - ok
11:17:54.0814 5740 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:17:54.0814 5740 RDPREFMP - ok
11:17:54.0845 5740 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:17:54.0845 5740 RDPWD - ok
11:17:54.0860 5740 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:17:54.0860 5740 rdyboost - ok
11:17:54.0892 5740 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:17:54.0892 5740 RemoteAccess - ok
11:17:54.0907 5740 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:17:54.0907 5740 RemoteRegistry - ok
11:17:54.0923 5740 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:17:54.0923 5740 RpcEptMapper - ok
11:17:54.0970 5740 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:17:54.0970 5740 RpcLocator - ok
11:17:55.0001 5740 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:17:55.0016 5740 RpcSs - ok
11:17:55.0016 5740 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:17:55.0032 5740 rspndr - ok
11:17:55.0094 5740 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:17:55.0110 5740 RTL8167 - ok
11:17:55.0126 5740 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:55.0126 5740 SamSs - ok
11:17:55.0157 5740 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:17:55.0172 5740 sbp2port - ok
11:17:55.0188 5740 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:17:55.0188 5740 SCardSvr - ok
11:17:55.0204 5740 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:17:55.0204 5740 scfilter - ok
11:17:55.0250 5740 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:17:55.0266 5740 Schedule - ok
11:17:55.0297 5740 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:17:55.0297 5740 SCPolicySvc - ok
11:17:55.0360 5740 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:17:55.0360 5740 sdbus - ok
11:17:55.0438 5740 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:17:55.0438 5740 SDRSVC - ok
11:17:55.0500 5740 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:17:55.0500 5740 SeaPort - ok
11:17:55.0516 5740 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:17:55.0516 5740 secdrv - ok
11:17:55.0531 5740 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:17:55.0547 5740 seclogon - ok
11:17:55.0562 5740 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:17:55.0562 5740 SENS - ok
11:17:55.0609 5740 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:17:55.0609 5740 SensrSvc - ok
11:17:55.0672 5740 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:17:55.0672 5740 Serenum - ok
11:17:55.0734 5740 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:17:55.0734 5740 Serial - ok
11:17:55.0750 5740 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:17:55.0765 5740 sermouse - ok
11:17:55.0781 5740 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:17:55.0781 5740 SessionEnv - ok
11:17:55.0843 5740 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:17:55.0843 5740 sffdisk - ok
11:17:55.0874 5740 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:17:55.0874 5740 sffp_mmc - ok
11:17:55.0890 5740 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:17:55.0890 5740 sffp_sd - ok
11:17:55.0906 5740 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:17:55.0906 5740 sfloppy - ok
11:17:55.0937 5740 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:17:55.0952 5740 Sftfs - ok
11:17:55.0999 5740 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:17:56.0015 5740 sftlist - ok
11:17:56.0030 5740 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:17:56.0030 5740 Sftplay - ok
11:17:56.0046 5740 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:17:56.0062 5740 Sftredir - ok
11:17:56.0062 5740 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:17:56.0062 5740 Sftvol - ok
11:17:56.0077 5740 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:17:56.0093 5740 sftvsa - ok
11:17:56.0124 5740 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:17:56.0124 5740 SharedAccess - ok
11:17:56.0171 5740 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:17:56.0186 5740 ShellHWDetection - ok
11:17:56.0280 5740 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:17:56.0280 5740 SiSRaid2 - ok
11:17:56.0296 5740 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:17:56.0296 5740 SiSRaid4 - ok
11:17:56.0358 5740 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:17:56.0358 5740 Smb - ok
11:17:56.0420 5740 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:17:56.0420 5740 SNMPTRAP - ok
11:17:56.0436 5740 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:17:56.0436 5740 spldr - ok
11:17:56.0467 5740 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:17:56.0498 5740 Spooler - ok
11:17:56.0639 5740 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:17:56.0670 5740 sppsvc - ok
11:17:56.0701 5740 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:17:56.0701 5740 sppuinotify - ok
11:17:56.0810 5740 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
11:17:56.0826 5740 SRTSP - ok
11:17:56.0888 5740 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
11:17:56.0888 5740 SRTSPX - ok
11:17:56.0920 5740 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:17:56.0935 5740 srv - ok
11:17:56.0951 5740 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:17:56.0951 5740 srv2 - ok
11:17:56.0966 5740 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:17:56.0982 5740 srvnet - ok
11:17:57.0044 5740 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:17:57.0044 5740 SSDPSRV - ok
11:17:57.0060 5740 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:17:57.0076 5740 SstpSvc - ok
11:17:57.0169 5740 Stereo Service (218d527116a4dc9ebae3b1832da01c54) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:17:57.0169 5740 Stereo Service - ok
11:17:57.0216 5740 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:17:57.0216 5740 stexstor - ok
11:17:57.0310 5740 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:17:57.0310 5740 StillCam - ok
11:17:57.0372 5740 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:17:57.0388 5740 stisvc - ok
11:17:57.0403 5740 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:17:57.0403 5740 swenum - ok
11:17:57.0419 5740 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:17:57.0434 5740 swprv - ok
11:17:57.0528 5740 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
11:17:57.0544 5740 SymDS - ok
11:17:57.0590 5740 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
11:17:57.0622 5740 SymEFA - ok
11:17:57.0684 5740 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:17:57.0684 5740 SymEvent - ok
11:17:57.0715 5740 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
11:17:57.0731 5740 SymIRON - ok
11:17:57.0778 5740 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
11:17:57.0793 5740 SymNetS - ok
11:17:57.0856 5740 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:17:57.0887 5740 SysMain - ok
11:17:57.0902 5740 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:17:57.0902 5740 TabletInputService - ok
11:17:57.0918 5740 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:17:57.0918 5740 TapiSrv - ok
11:17:57.0934 5740 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:17:57.0949 5740 TBS - ok
11:17:57.0996 5740 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:17:58.0027 5740 Tcpip - ok
11:17:58.0058 5740 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:17:58.0074 5740 TCPIP6 - ok
11:17:58.0121 5740 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:17:58.0121 5740 tcpipreg - ok
11:17:58.0136 5740 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:17:58.0136 5740 TDPIPE - ok
11:17:58.0152 5740 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:17:58.0152 5740 TDTCP - ok
11:17:58.0168 5740 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:17:58.0168 5740 tdx - ok
11:17:58.0199 5740 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:17:58.0199 5740 TermDD - ok
11:17:58.0261 5740 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:17:58.0277 5740 TermService - ok
11:17:58.0308 5740 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:17:58.0308 5740 Themes - ok
11:17:58.0339 5740 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:17:58.0339 5740 THREADORDER - ok
11:17:58.0355 5740 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:17:58.0355 5740 TrkWks - ok
11:17:58.0402 5740 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:17:58.0402 5740 TrustedInstaller - ok
11:17:58.0402 5740 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:58.0402 5740 tssecsrv - ok
11:17:58.0417 5740 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:17:58.0417 5740 TsUsbFlt - ok
11:17:58.0448 5740 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:17:58.0448 5740 TsUsbGD - ok
11:17:58.0542 5740 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:17:58.0542 5740 tunnel - ok
11:17:58.0558 5740 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:17:58.0558 5740 uagp35 - ok
11:17:58.0589 5740 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:17:58.0589 5740 udfs - ok
11:17:58.0604 5740 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:17:58.0620 5740 UI0Detect - ok
11:17:58.0636 5740 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:17:58.0636 5740 uliagpkx - ok
11:17:58.0729 5740 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:17:58.0729 5740 umbus - ok
11:17:58.0760 5740 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:17:58.0760 5740 UmPass - ok
11:17:58.0792 5740 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:17:58.0807 5740 upnphost - ok
11:17:58.0823 5740 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:17:58.0823 5740 usbccgp - ok
11:17:58.0838 5740 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:17:58.0838 5740 usbcir - ok
11:17:58.0854 5740 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:17:58.0854 5740 usbehci - ok
11:17:58.0885 5740 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\drivers\usbfilter.sys
11:17:58.0885 5740 usbfilter - ok
11:17:58.0948 5740 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
11:17:58.0948 5740 usbhub - ok
11:17:58.0963 5740 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:17:58.0963 5740 usbohci - ok
11:17:58.0979 5740 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:17:58.0979 5740 usbprint - ok
11:17:59.0041 5740 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:17:59.0041 5740 usbscan - ok
11:17:59.0072 5740 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:17:59.0072 5740 USBSTOR - ok
11:17:59.0119 5740 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:17:59.0119 5740 usbuhci - ok
11:17:59.0135 5740 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:17:59.0150 5740 UxSms - ok
11:17:59.0166 5740 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:59.0166 5740 VaultSvc - ok
11:17:59.0228 5740 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:17:59.0228 5740 vdrvroot - ok
11:17:59.0275 5740 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:17:59.0291 5740 vds - ok
11:17:59.0322 5740 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:59.0322 5740 vga - ok
11:17:59.0338 5740 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:17:59.0338 5740 VgaSave - ok
11:17:59.0369 5740 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:17:59.0369 5740 vhdmp - ok
11:17:59.0384 5740 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:17:59.0384 5740 viaide - ok
11:17:59.0400 5740 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:17:59.0416 5740 volmgr - ok
11:17:59.0431 5740 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:17:59.0447 5740 volmgrx - ok
11:17:59.0462 5740 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
11:17:59.0462 5740 volsnap - ok
11:17:59.0572 5740 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:17:59.0572 5740 vsmraid - ok
11:17:59.0618 5740 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:17:59.0650 5740 VSS - ok
11:17:59.0665 5740 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:17:59.0665 5740 vwifibus - ok
11:17:59.0681 5740 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:17:59.0696 5740 W32Time - ok
11:17:59.0712 5740 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:17:59.0712 5740 WacomPen - ok
11:17:59.0743 5740 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:59.0743 5740 WANARP - ok
11:17:59.0743 5740 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:17:59.0743 5740 Wanarpv6 - ok
11:17:59.0821 5740 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:17:59.0852 5740 WatAdminSvc - ok
11:17:59.0899 5740 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:17:59.0915 5740 wbengine - ok
11:17:59.0915 5740 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:17:59.0930 5740 WbioSrvc - ok
11:17:59.0930 5740 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:17:59.0946 5740 wcncsvc - ok
11:17:59.0993 5740 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:17:59.0993 5740 WcsPlugInService - ok
11:18:00.0040 5740 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:18:00.0040 5740 Wd - ok
11:18:00.0071 5740 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:18:00.0086 5740 Wdf01000 - ok
11:18:00.0102 5740 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:18:00.0102 5740 WdiServiceHost - ok
11:18:00.0102 5740 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:18:00.0118 5740 WdiSystemHost - ok
11:18:00.0133 5740 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:18:00.0133 5740 WebClient - ok
11:18:00.0149 5740 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:18:00.0149 5740 Wecsvc - ok
11:18:00.0164 5740 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:18:00.0164 5740 wercplsupport - ok
11:18:00.0180 5740 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:18:00.0180 5740 WerSvc - ok
11:18:00.0211 5740 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:18:00.0211 5740 WfpLwf - ok
11:18:00.0227 5740 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:18:00.0227 5740 WIMMount - ok
11:18:00.0258 5740 WinDefend - ok
11:18:00.0258 5740 WinHttpAutoProxySvc - ok
11:18:00.0320 5740 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:18:00.0320 5740 Winmgmt - ok
11:18:00.0367 5740 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:18:00.0398 5740 WinRM - ok
11:18:00.0476 5740 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:18:00.0508 5740 Wlansvc - ok
11:18:00.0570 5740 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:18:00.0586 5740 wlcrasvc - ok
11:18:00.0664 5740 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:18:00.0679 5740 wlidsvc - ok
11:18:00.0726 5740 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:18:00.0726 5740 WmiAcpi - ok
11:18:00.0788 5740 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:18:00.0804 5740 wmiApSrv - ok
11:18:00.0820 5740 WMPNetworkSvc - ok
11:18:00.0898 5740 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:18:00.0898 5740 WPCSvc - ok
11:18:00.0913 5740 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:18:00.0913 5740 WPDBusEnum - ok
11:18:00.0944 5740 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:18:00.0944 5740 ws2ifsl - ok
11:18:00.0960 5740 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:18:00.0960 5740 wscsvc - ok
11:18:00.0960 5740 WSearch - ok
11:18:01.0022 5740 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:18:01.0038 5740 wuauserv - ok
11:18:01.0054 5740 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:18:01.0054 5740 WudfPf - ok
11:18:01.0069 5740 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:18:01.0069 5740 WUDFRd - ok
11:18:01.0069 5740 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:18:01.0085 5740 wudfsvc - ok
11:18:01.0100 5740 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:18:01.0100 5740 WwanSvc - ok
11:18:01.0116 5740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:18:01.0256 5740 \Device\Harddisk0\DR0 - ok
11:18:01.0256 5740 Boot (0x1200) (841cdf51d1f6762fe3d7e4f1955fae34) \Device\Harddisk0\DR0\Partition0
11:18:01.0256 5740 \Device\Harddisk0\DR0\Partition0 - ok
11:18:01.0303 5740 Boot (0x1200) (bbd327e0fbf87e66c993a4f6b0b44f3e) \Device\Harddisk0\DR0\Partition1
11:18:01.0303 5740 \Device\Harddisk0\DR0\Partition1 - ok
11:18:01.0334 5740 Boot (0x1200) (87aeaa52d4b072d2796cda6bbebfa595) \Device\Harddisk0\DR0\Partition2
11:18:01.0334 5740 \Device\Harddisk0\DR0\Partition2 - ok
11:18:01.0334 5740 ============================================================
11:18:01.0334 5740 Scan finished
11:18:01.0334 5740 ============================================================
11:18:01.0366 4340 Detected object count: 0
11:18:01.0366 4340 Actual detected object count: 0
11:18:28.0806 4464 ============================================================
11:18:28.0806 4464 Scan started
11:18:28.0806 4464 Mode: Manual; TDLFS;
11:18:28.0806 4464 ============================================================
11:18:29.0071 4464 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:18:29.0071 4464 1394ohci - ok
11:18:29.0102 4464 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:18:29.0102 4464 ACPI - ok
11:18:29.0118 4464 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:18:29.0134 4464 AcpiPmi - ok
11:18:29.0149 4464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:18:29.0149 4464 adp94xx - ok
11:18:29.0180 4464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:18:29.0180 4464 adpahci - ok
11:18:29.0196 4464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:18:29.0196 4464 adpu320 - ok
11:18:29.0227 4464 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:18:29.0227 4464 AeLookupSvc - ok
11:18:29.0258 4464 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:18:29.0258 4464 AFD - ok
11:18:29.0290 4464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:18:29.0290 4464 agp440 - ok
11:18:29.0290 4464 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:18:29.0290 4464 ALG - ok
11:18:29.0321 4464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:18:29.0321 4464 aliide - ok
11:18:29.0336 4464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:18:29.0336 4464 amdide - ok
11:18:29.0352 4464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:18:29.0352 4464 AmdK8 - ok
11:18:29.0383 4464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:18:29.0383 4464 AmdPPM - ok
11:18:29.0461 4464 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:18:29.0461 4464 amdsata - ok
11:18:29.0477 4464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:18:29.0492 4464 amdsbs - ok
11:18:29.0508 4464 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:18:29.0508 4464 amdxata - ok
11:18:29.0508 4464 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\drivers\amd_sata.sys
11:18:29.0524 4464 amd_sata - ok
11:18:29.0524 4464 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\drivers\amd_xata.sys
11:18:29.0524 4464 amd_xata - ok
11:18:29.0555 4464 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:18:29.0555 4464 AppID - ok
11:18:29.0570 4464 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:18:29.0570 4464 AppIDSvc - ok
11:18:29.0586 4464 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:18:29.0586 4464 Appinfo - ok
11:18:29.0602 4464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:18:29.0602 4464 arc - ok
11:18:29.0633 4464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:18:29.0633 4464 arcsas - ok
11:18:29.0695 4464 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:18:29.0695 4464 aspnet_state - ok
11:18:29.0695 4464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:18:29.0711 4464 AsyncMac - ok
11:18:29.0726 4464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:18:29.0726 4464 atapi - ok
11:18:29.0789 4464 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:18:29.0804 4464 AudioEndpointBuilder - ok
11:18:29.0820 4464 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:18:29.0820 4464 AudioSrv - ok
11:18:29.0836 4464 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:18:29.0836 4464 AxInstSV - ok
11:18:29.0882 4464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:18:29.0882 4464 b06bdrv - ok
11:18:29.0898 4464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:18:29.0898 4464 b57nd60a - ok
11:18:29.0960 4464 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:18:29.0960 4464 BBSvc - ok
11:18:29.0992 4464 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:18:29.0992 4464 BDESVC - ok
11:18:29.0992 4464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:18:29.0992 4464 Beep - ok
11:18:30.0023 4464 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:18:30.0023 4464 BFE - ok
11:18:30.0148 4464 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
11:18:30.0163 4464 BHDrvx64 - ok
11:18:30.0226 4464 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:18:30.0241 4464 BITS - ok
11:18:30.0272 4464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:18:30.0272 4464 blbdrive - ok
11:18:30.0304 4464 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:18:30.0304 4464 bowser - ok
11:18:30.0319 4464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:18:30.0319 4464 BrFiltLo - ok
11:18:30.0335 4464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:18:30.0350 4464 BrFiltUp - ok
11:18:30.0366 4464 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:18:30.0366 4464 Browser - ok
11:18:30.0382 4464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:18:30.0382 4464 Brserid - ok
11:18:30.0397 4464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:18:30.0397 4464 BrSerWdm - ok
11:18:30.0413 4464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:18:30.0413 4464 BrUsbMdm - ok
11:18:30.0428 4464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:18:30.0428 4464 BrUsbSer - ok
11:18:30.0428 4464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:18:30.0428 4464 BTHMODEM - ok
11:18:30.0444 4464 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:18:30.0444 4464 bthserv - ok
11:18:30.0506 4464 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
11:18:30.0506 4464 ccSet_NIS - ok
11:18:30.0569 4464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:18:30.0569 4464 cdfs - ok
11:18:30.0600 4464 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:18:30.0600 4464 cdrom - ok
11:18:30.0616 4464 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:18:30.0616 4464 CertPropSvc - ok
11:18:30.0631 4464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:18:30.0631 4464 circlass - ok
11:18:30.0647 4464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:18:30.0662 4464 CLFS - ok
11:18:30.0709 4464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:30.0709 4464 clr_optimization_v2.0.50727_32 - ok
11:18:30.0756 4464 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:18:30.0756 4464 clr_optimization_v2.0.50727_64 - ok
11:18:30.0803 4464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:18:30.0803 4464 clr_optimization_v4.0.30319_32 - ok
11:18:30.0834 4464 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:18:30.0834 4464 clr_optimization_v4.0.30319_64 - ok
11:18:30.0865 4464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:18:30.0865 4464 CmBatt - ok
11:18:30.0912 4464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:18:30.0928 4464 cmdide - ok
11:18:30.0959 4464 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:18:30.0959 4464 CNG - ok
11:18:30.0974 4464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:18:30.0974 4464 Compbatt - ok
11:18:30.0990 4464 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:18:30.0990 4464 CompositeBus - ok
11:18:30.0990 4464 COMSysApp - ok
11:18:31.0021 4464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:18:31.0021 4464 crcdisk - ok
11:18:31.0037 4464 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:18:31.0037 4464 CryptSvc - ok
11:18:31.0130 4464 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:18:31.0146 4464 cvhsvc - ok
11:18:31.0177 4464 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:18:31.0177 4464 DcomLaunch - ok
11:18:31.0208 4464 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:18:31.0208 4464 defragsvc - ok
11:18:31.0255 4464 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:18:31.0255 4464 DfsC - ok
11:18:31.0302 4464 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:18:31.0302 4464 Dhcp - ok
11:18:31.0318 4464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:18:31.0318 4464 discache - ok
11:18:31.0349 4464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:18:31.0349 4464 Disk - ok
11:18:31.0380 4464 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:18:31.0380 4464 Dnscache - ok
11:18:31.0411 4464 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:18:31.0411 4464 dot3svc - ok
11:18:31.0427 4464 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:18:31.0427 4464 DPS - ok
11:18:31.0427 4464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:18:31.0427 4464 drmkaud - ok
11:18:31.0458 4464 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:18:31.0474 4464 DXGKrnl - ok
11:18:31.0489 4464 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:18:31.0489 4464 EapHost - ok
11:18:31.0567 4464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:18:31.0583 4464 ebdrv - ok
11:18:31.0630 4464 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:18:31.0645 4464 eeCtrl - ok
11:18:31.0708 4464 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:18:31.0708 4464 EFS - ok
11:18:31.0754 4464 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:18:31.0770 4464 ehRecvr - ok
11:18:31.0786 4464 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:18:31.0786 4464 ehSched - ok
11:18:31.0832 4464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:18:31.0832 4464 elxstor - ok
11:18:31.0864 4464 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:18:31.0864 4464 EraserUtilRebootDrv - ok
11:18:31.0879 4464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:18:31.0879 4464 ErrDev - ok
11:18:31.0926 4464 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:18:31.0926 4464 EventSystem - ok
11:18:31.0942 4464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:18:31.0942 4464 exfat - ok
11:18:31.0942 4464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:18:31.0942 4464 fastfat - ok
11:18:31.0973 4464 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:18:31.0973 4464 Fax - ok
11:18:31.0988 4464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:18:31.0988 4464 fdc - ok
11:18:32.0035 4464 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:18:32.0035 4464 fdPHost - ok
11:18:32.0051 4464 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:18:32.0051 4464 FDResPub - ok
11:18:32.0066 4464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:18:32.0066 4464 FileInfo - ok
11:18:32.0082 4464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:18:32.0082 4464 Filetrace - ok
11:18:32.0098 4464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:18:32.0098 4464 flpydisk - ok
11:18:32.0113 4464 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:18:32.0113 4464 FltMgr - ok
11:18:32.0144 4464 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:18:32.0160 4464 FontCache - ok
11:18:32.0207 4464 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:18:32.0207 4464 FontCache3.0.0.0 - ok
11:18:32.0238 4464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:18:32.0238 4464 FsDepends - ok
11:18:32.0238 4464 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:18:32.0238 4464 Fs_Rec - ok
11:18:32.0254 4464 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:18:32.0254 4464 fvevol - ok
11:18:32.0285 4464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:18:32.0285 4464 gagp30kx - ok
11:18:32.0332 4464 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:18:32.0347 4464 GamesAppService - ok
11:18:32.0378 4464 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:18:32.0394 4464 gpsvc - ok
11:18:32.0441 4464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:18:32.0441 4464 hcw85cir - ok
11:18:32.0472 4464 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:18:32.0488 4464 HdAudAddService - ok
11:18:32.0488 4464 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:18:32.0488 4464 HDAudBus - ok
11:18:32.0503 4464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:18:32.0503 4464 HidBatt - ok
11:18:32.0534 4464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:18:32.0534 4464 HidBth - ok
11:18:32.0534 4464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:18:32.0534 4464 HidIr - ok
11:18:32.0550 4464 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:18:32.0550 4464 hidserv - ok
11:18:32.0581 4464 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:18:32.0581 4464 HidUsb - ok
11:18:32.0597 4464 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:18:32.0597 4464 hkmsvc - ok
11:18:32.0612 4464 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:18:32.0612 4464 HomeGroupListener - ok
11:18:32.0644 4464 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:18:32.0644 4464 HomeGroupProvider - ok
11:18:32.0706 4464 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:18:32.0706 4464 HP Support Assistant Service - ok
11:18:32.0784 4464 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:18:32.0800 4464 HPAuto - ok
11:18:32.0815 4464 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:18:32.0831 4464 HPClientSvc - ok
11:18:32.0846 4464 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:18:32.0846 4464 HPDrvMntSvc.exe - ok
11:18:32.0878 4464 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:18:32.0878 4464 hpqwmiex - ok
11:18:32.0940 4464 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:18:32.0940 4464 HpSAMD - ok
11:18:32.0971 4464 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:18:32.0987 4464 HTTP - ok
11:18:33.0002 4464 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:18:33.0002 4464 hwpolicy - ok
11:18:33.0018 4464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:18:33.0018 4464 i8042prt - ok
11:18:33.0034 4464 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:18:33.0049 4464 iaStorV - ok
11:18:33.0112 4464 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:18:33.0127 4464 idsvc - ok
11:18:33.0221 4464 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120404.002\IDSvia64.sys
11:18:33.0236 4464 IDSVia64 - ok
11:18:33.0361 4464 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:18:33.0408 4464 igfx - ok
11:18:33.0470 4464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:18:33.0470 4464 iirsp - ok
11:18:33.0517 4464 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:18:33.0533 4464 IKEEXT - ok
11:18:33.0595 4464 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
11:18:33.0626 4464 IntcAzAudAddService - ok
11:18:33.0689 4464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:18:33.0689 4464 intelide - ok
11:18:33.0704 4464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:18:33.0704 4464 intelppm - ok
11:18:33.0720 4464 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:18:33.0720 4464 IPBusEnum - ok
11:18:33.0736 4464 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:18:33.0736 4464 IpFilterDriver - ok
11:18:33.0751 4464 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:18:33.0751 4464 iphlpsvc - ok
11:18:33.0829 4464 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:18:33.0829 4464 IPMIDRV - ok
11:18:33.0845 4464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:18:33.0845 4464 IPNAT - ok
11:18:33.0860 4464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:18:33.0860 4464 IRENUM - ok
11:18:33.0876 4464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:18:33.0876 4464 isapnp - ok
11:18:33.0892 4464 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:18:33.0892 4464 iScsiPrt - ok
11:18:33.0907 4464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:18:33.0907 4464 kbdclass - ok
11:18:33.0923 4464 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:18:33.0923 4464 kbdhid - ok
11:18:33.0938 4464 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:18:33.0938 4464 KeyIso - ok
11:18:33.0954 4464 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:18:33.0954 4464 KSecDD - ok
11:18:33.0985 4464 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:18:33.0985 4464 KSecPkg - ok
11:18:34.0001 4464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:18:34.0001 4464 ksthunk - ok
11:18:34.0032 4464 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:18:34.0032 4464 KtmRm - ok
11:18:34.0063 4464 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:18:34.0063 4464 LanmanServer - ok
11:18:34.0094 4464 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:18:34.0094 4464 LanmanWorkstation - ok
11:18:34.0110 4464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:18:34.0110 4464 lltdio - ok
11:18:34.0126 4464 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:18:34.0126 4464 lltdsvc - ok
11:18:34.0172 4464 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:18:34.0172 4464 lmhosts - ok
11:18:34.0219 4464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:18:34.0219 4464 LSI_FC - ok
11:18:34.0235 4464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:18:34.0235 4464 LSI_SAS - ok
11:18:34.0250 4464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:18:34.0250 4464 LSI_SAS2 - ok
11:18:34.0266 4464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:18:34.0266 4464 LSI_SCSI - ok
11:18:34.0282 4464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:18:34.0282 4464 luafv - ok
11:18:34.0328 4464 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:18:34.0328 4464 MBAMProtector - ok
11:18:34.0406 4464 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:18:34.0422 4464 MBAMService - ok
11:18:34.0438 4464 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:18:34.0438 4464 Mcx2Svc - ok
11:18:34.0453 4464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:18:34.0469 4464 megasas - ok
11:18:34.0484 4464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:18:34.0484 4464 MegaSR - ok
11:18:34.0500 4464 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:18:34.0500 4464 MMCSS - ok
11:18:34.0500 4464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:18:34.0500 4464 Modem - ok
11:18:34.0516 4464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:18:34.0531 4464 monitor - ok
11:18:34.0547 4464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:18:34.0547 4464 mouclass - ok
11:18:34.0547 4464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:18:34.0547 4464 mouhid - ok
11:18:34.0562 4464 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:18:34.0562 4464 mountmgr - ok
11:18:34.0578 4464 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:18:34.0578 4464 mpio - ok
11:18:34.0656 4464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:18:34.0656 4464 mpsdrv - ok
11:18:34.0687 4464 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:18:34.0703 4464 MpsSvc - ok
11:18:34.0703 4464 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:18:34.0718 4464 MRxDAV - ok
11:18:34.0734 4464 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:18:34.0734 4464 mrxsmb - ok
11:18:34.0750 4464 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:18:34.0750 4464 mrxsmb10 - ok
11:18:34.0765 4464 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:18:34.0765 4464 mrxsmb20 - ok
11:18:34.0796 4464 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:18:34.0796 4464 msahci - ok
11:18:34.0812 4464 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:18:34.0812 4464 msdsm - ok
11:18:34.0843 4464 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:18:34.0843 4464 MSDTC - ok
11:18:34.0859 4464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:18:34.0859 4464 Msfs - ok
11:18:34.0859 4464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:18:34.0859 4464 mshidkmdf - ok
11:18:34.0890 4464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:18:34.0890 4464 msisadrv - ok
11:18:34.0906 4464 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:18:34.0921 4464 MSiSCSI - ok
11:18:34.0921 4464 msiserver - ok
11:18:34.0937 4464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:18:34.0937 4464 MSKSSRV - ok
11:18:34.0937 4464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:18:34.0937 4464 MSPCLOCK - ok
11:18:34.0952 4464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:18:34.0952 4464 MSPQM - ok
11:18:34.0968 4464 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:18:34.0968 4464 MsRPC - ok
11:18:35.0030 4464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:18:35.0030 4464 mssmbios - ok
11:18:35.0046 4464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:18:35.0046 4464 MSTEE - ok
11:18:35.0062 4464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:18:35.0062 4464 MTConfig - ok
11:18:35.0077 4464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:18:35.0077 4464 Mup - ok
11:18:35.0108 4464 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:18:35.0108 4464 napagent - ok
11:18:35.0124 4464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:18:35.0124 4464 NativeWifiP - ok
11:18:35.0233 4464 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120404.019\ENG64.SYS
11:18:35.0233 4464 NAVENG - ok
11:18:35.0296 4464 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120404.019\EX64.SYS
11:18:35.0311 4464 NAVEX15 - ok
11:18:35.0342 4464 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:18:35.0342 4464 NDIS - ok
11:18:35.0358 4464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:18:35.0358 4464 NdisCap - ok
11:18:35.0374 4464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:18:35.0374 4464 NdisTapi - ok
11:18:35.0374 4464 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:18:35.0374 4464 Ndisuio - ok
11:18:35.0389 4464 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:18:35.0389 4464 NdisWan - ok
11:18:35.0405 4464 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:18:35.0405 4464 NDProxy - ok
11:18:35.0420 4464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:18:35.0420 4464 NetBIOS - ok
11:18:35.0436 4464 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:18:35.0436 4464 NetBT - ok
11:18:35.0483 4464 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:18:35.0483 4464 Netlogon - ok
11:18:35.0514 4464 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:18:35.0514 4464 Netman - ok
11:18:35.0561 4464 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:18:35.0576 4464 NetMsmqActivator - ok
11:18:35.0576 4464 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:18:35.0576 4464 NetPipeActivator - ok
11:18:35.0608 4464 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:18:35.0608 4464 netprofm - ok
11:18:35.0608 4464 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:18:35.0623 4464 NetTcpActivator - ok
11:18:35.0623 4464 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:18:35.0623 4464 NetTcpPortSharing - ok
11:18:35.0654 4464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:18:35.0654 4464 nfrd960 - ok
11:18:35.0732 4464 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
__________________
scottietwenty3 is offline  
Old 04-05-2012, 05:14 PM   #10
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



11:18:35.0732 4464 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
11:18:35.0732 4464 NIS - ok
11:18:35.0764 4464 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:18:35.0779 4464 NlaSvc - ok
11:18:35.0873 4464 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:18:35.0888 4464 NOBU - ok
11:18:35.0935 4464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:18:35.0935 4464 Npfs - ok
11:18:35.0966 4464 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:18:35.0966 4464 nsi - ok
11:18:35.0998 4464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:18:35.0998 4464 nsiproxy - ok
11:18:36.0044 4464 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:18:36.0060 4464 Ntfs - ok
11:18:36.0076 4464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:18:36.0076 4464 Null - ok
11:18:36.0278 4464 nvlddmkm (cd90d63b7161ce9f5a3066f320999ab8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:18:36.0356 4464 nvlddmkm - ok
11:18:36.0434 4464 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:18:36.0434 4464 nvraid - ok
11:18:36.0466 4464 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:18:36.0466 4464 nvstor - ok
11:18:36.0497 4464 nvsvc (b014b7050a2beae115bfcb3a91803d73) C:\Windows\system32\nvvsvc.exe
11:18:36.0512 4464 nvsvc - ok
11:18:36.0528 4464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:18:36.0528 4464 nv_agp - ok
11:18:36.0544 4464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:18:36.0559 4464 ohci1394 - ok
11:18:36.0590 4464 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:18:36.0590 4464 ose - ok
11:18:36.0731 4464 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:18:36.0762 4464 osppsvc - ok
11:18:36.0824 4464 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:18:36.0824 4464 p2pimsvc - ok
11:18:36.0856 4464 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:18:36.0856 4464 p2psvc - ok
11:18:36.0887 4464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:18:36.0887 4464 Parport - ok
11:18:36.0902 4464 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:18:36.0902 4464 partmgr - ok
11:18:36.0918 4464 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:18:36.0918 4464 PcaSvc - ok
11:18:36.0949 4464 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:18:36.0949 4464 pci - ok
11:18:36.0980 4464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:18:36.0980 4464 pciide - ok
11:18:36.0996 4464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:18:36.0996 4464 pcmcia - ok
11:18:37.0012 4464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:18:37.0012 4464 pcw - ok
11:18:37.0043 4464 pdfcDispatcher - ok
11:18:37.0105 4464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:18:37.0121 4464 PEAUTH - ok
11:18:37.0152 4464 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:18:37.0168 4464 PerfHost - ok
11:18:37.0230 4464 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:18:37.0246 4464 pla - ok
11:18:37.0277 4464 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:18:37.0277 4464 PlugPlay - ok
11:18:37.0292 4464 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:18:37.0292 4464 PNRPAutoReg - ok
11:18:37.0308 4464 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:18:37.0308 4464 PNRPsvc - ok
11:18:37.0339 4464 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:18:37.0339 4464 PolicyAgent - ok
11:18:37.0355 4464 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:18:37.0355 4464 Power - ok
11:18:37.0402 4464 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:18:37.0402 4464 PptpMiniport - ok
11:18:37.0417 4464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:18:37.0417 4464 Processor - ok
11:18:37.0480 4464 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:18:37.0480 4464 ProfSvc - ok
11:18:37.0495 4464 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:18:37.0511 4464 ProtectedStorage - ok
11:18:37.0526 4464 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:18:37.0526 4464 Psched - ok
11:18:37.0558 4464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:18:37.0573 4464 ql2300 - ok
11:18:37.0589 4464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:18:37.0589 4464 ql40xx - ok
11:18:37.0620 4464 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:18:37.0620 4464 QWAVE - ok
11:18:37.0636 4464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:18:37.0636 4464 QWAVEdrv - ok
11:18:37.0636 4464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:18:37.0636 4464 RasAcd - ok
11:18:37.0651 4464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:18:37.0651 4464 RasAgileVpn - ok
11:18:37.0667 4464 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:18:37.0667 4464 RasAuto - ok
11:18:37.0682 4464 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:18:37.0698 4464 Rasl2tp - ok
11:18:37.0714 4464 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:18:37.0714 4464 RasMan - ok
11:18:37.0745 4464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:18:37.0745 4464 RasPppoe - ok
11:18:37.0760 4464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:18:37.0760 4464 RasSstp - ok
11:18:37.0823 4464 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:18:37.0823 4464 rdbss - ok
11:18:37.0838 4464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:18:37.0838 4464 rdpbus - ok
11:18:37.0854 4464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:18:37.0854 4464 RDPCDD - ok
11:18:37.0870 4464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:18:37.0870 4464 RDPENCDD - ok
11:18:37.0870 4464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:18:37.0870 4464 RDPREFMP - ok
11:18:37.0901 4464 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:18:37.0901 4464 RDPWD - ok
11:18:37.0916 4464 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:18:37.0916 4464 rdyboost - ok
11:18:37.0948 4464 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:18:37.0948 4464 RemoteAccess - ok
11:18:37.0963 4464 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:18:37.0963 4464 RemoteRegistry - ok
11:18:37.0979 4464 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:18:37.0979 4464 RpcEptMapper - ok
11:18:37.0994 4464 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:18:37.0994 4464 RpcLocator - ok
11:18:38.0026 4464 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:18:38.0026 4464 RpcSs - ok
11:18:38.0041 4464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:18:38.0041 4464 rspndr - ok
11:18:38.0072 4464 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:18:38.0072 4464 RTL8167 - ok
11:18:38.0088 4464 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:18:38.0088 4464 SamSs - ok
11:18:38.0119 4464 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:18:38.0119 4464 sbp2port - ok
11:18:38.0166 4464 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:18:38.0182 4464 SCardSvr - ok
11:18:38.0213 4464 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:18:38.0213 4464 scfilter - ok
11:18:38.0260 4464 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:18:38.0260 4464 Schedule - ok
11:18:38.0291 4464 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:18:38.0291 4464 SCPolicySvc - ok
11:18:38.0322 4464 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:18:38.0322 4464 sdbus - ok
11:18:38.0353 4464 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:18:38.0353 4464 SDRSVC - ok
11:18:38.0416 4464 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:18:38.0416 4464 SeaPort - ok
11:18:38.0431 4464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:18:38.0431 4464 secdrv - ok
11:18:38.0462 4464 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:18:38.0478 4464 seclogon - ok
11:18:38.0494 4464 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:18:38.0494 4464 SENS - ok
11:18:38.0525 4464 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:18:38.0525 4464 SensrSvc - ok
11:18:38.0603 4464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:18:38.0603 4464 Serenum - ok
11:18:38.0650 4464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:18:38.0650 4464 Serial - ok
11:18:38.0681 4464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:18:38.0681 4464 sermouse - ok
11:18:38.0712 4464 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:18:38.0712 4464 SessionEnv - ok
11:18:38.0743 4464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:18:38.0743 4464 sffdisk - ok
11:18:38.0759 4464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:18:38.0759 4464 sffp_mmc - ok
11:18:38.0774 4464 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:18:38.0774 4464 sffp_sd - ok
11:18:38.0790 4464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:18:38.0790 4464 sfloppy - ok
11:18:38.0837 4464 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:18:38.0837 4464 Sftfs - ok
11:18:38.0884 4464 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:18:38.0899 4464 sftlist - ok
11:18:38.0915 4464 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:18:38.0915 4464 Sftplay - ok
11:18:38.0930 4464 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:18:38.0930 4464 Sftredir - ok
11:18:38.0946 4464 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:18:38.0946 4464 Sftvol - ok
11:18:38.0962 4464 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:18:38.0962 4464 sftvsa - ok
11:18:39.0024 4464 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:18:39.0024 4464 SharedAccess - ok
11:18:39.0071 4464 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:18:39.0086 4464 ShellHWDetection - ok
11:18:39.0118 4464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:18:39.0118 4464 SiSRaid2 - ok
11:18:39.0133 4464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:18:39.0149 4464 SiSRaid4 - ok
11:18:39.0164 4464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:18:39.0164 4464 Smb - ok
11:18:39.0180 4464 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:18:39.0180 4464 SNMPTRAP - ok
11:18:39.0196 4464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:18:39.0196 4464 spldr - ok
11:18:39.0211 4464 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:18:39.0211 4464 Spooler - ok
11:18:39.0274 4464 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:18:39.0289 4464 sppsvc - ok
11:18:39.0305 4464 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:18:39.0305 4464 sppuinotify - ok
11:18:39.0367 4464 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
11:18:39.0383 4464 SRTSP - ok
11:18:39.0445 4464 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
11:18:39.0445 4464 SRTSPX - ok
11:18:39.0492 4464 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:18:39.0492 4464 srv - ok
11:18:39.0508 4464 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:18:39.0523 4464 srv2 - ok
11:18:39.0539 4464 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:18:39.0539 4464 srvnet - ok
11:18:39.0570 4464 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:18:39.0570 4464 SSDPSRV - ok
11:18:39.0586 4464 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:18:39.0586 4464 SstpSvc - ok
11:18:39.0632 4464 Stereo Service (218d527116a4dc9ebae3b1832da01c54) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:18:39.0632 4464 Stereo Service - ok
11:18:39.0648 4464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:18:39.0664 4464 stexstor - ok
11:18:39.0679 4464 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:18:39.0679 4464 StillCam - ok
11:18:39.0710 4464 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:18:39.0726 4464 stisvc - ok
11:18:39.0788 4464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:18:39.0788 4464 swenum - ok
11:18:39.0820 4464 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:18:39.0820 4464 swprv - ok
11:18:39.0882 4464 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
11:18:39.0882 4464 SymDS - ok
11:18:39.0913 4464 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
11:18:39.0929 4464 SymEFA - ok
11:18:39.0944 4464 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:18:39.0944 4464 SymEvent - ok
11:18:39.0976 4464 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
11:18:39.0976 4464 SymIRON - ok
11:18:39.0991 4464 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
11:18:39.0991 4464 SymNetS - ok
11:18:40.0022 4464 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:18:40.0038 4464 SysMain - ok
11:18:40.0069 4464 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:18:40.0069 4464 TabletInputService - ok
11:18:40.0085 4464 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:18:40.0085 4464 TapiSrv - ok
11:18:40.0147 4464 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:18:40.0147 4464 TBS - ok
11:18:40.0225 4464 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:18:40.0225 4464 Tcpip - ok
11:18:40.0256 4464 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:18:40.0272 4464 TCPIP6 - ok
11:18:40.0288 4464 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:18:40.0288 4464 tcpipreg - ok
11:18:40.0303 4464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:18:40.0303 4464 TDPIPE - ok
11:18:40.0334 4464 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:18:40.0334 4464 TDTCP - ok
11:18:40.0334 4464 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:18:40.0334 4464 tdx - ok
11:18:40.0350 4464 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:18:40.0350 4464 TermDD - ok
11:18:40.0381 4464 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:18:40.0381 4464 TermService - ok
11:18:40.0397 4464 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:18:40.0397 4464 Themes - ok
11:18:40.0428 4464 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:18:40.0428 4464 THREADORDER - ok
11:18:40.0444 4464 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:18:40.0444 4464 TrkWks - ok
11:18:40.0506 4464 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:18:40.0522 4464 TrustedInstaller - ok
11:18:40.0600 4464 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:18:40.0600 4464 tssecsrv - ok
11:18:40.0615 4464 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:18:40.0615 4464 TsUsbFlt - ok
11:18:40.0631 4464 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:18:40.0631 4464 TsUsbGD - ok
11:18:40.0662 4464 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:18:40.0662 4464 tunnel - ok
11:18:40.0678 4464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:18:40.0678 4464 uagp35 - ok
11:18:40.0709 4464 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:18:40.0709 4464 udfs - ok
11:18:40.0740 4464 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:18:40.0740 4464 UI0Detect - ok
11:18:40.0771 4464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:18:40.0771 4464 uliagpkx - ok
11:18:40.0787 4464 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:18:40.0787 4464 umbus - ok
11:18:40.0802 4464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:18:40.0802 4464 UmPass - ok
11:18:40.0834 4464 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:18:40.0834 4464 upnphost - ok
11:18:40.0865 4464 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:18:40.0865 4464 usbccgp - ok
11:18:40.0880 4464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:18:40.0880 4464 usbcir - ok
11:18:40.0896 4464 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:18:40.0896 4464 usbehci - ok
11:18:40.0912 4464 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\drivers\usbfilter.sys
11:18:40.0912 4464 usbfilter - ok
11:18:40.0974 4464 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
11:18:40.0974 4464 usbhub - ok
11:18:41.0021 4464 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:18:41.0021 4464 usbohci - ok
11:18:41.0036 4464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:18:41.0036 4464 usbprint - ok
11:18:41.0068 4464 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:18:41.0068 4464 usbscan - ok
11:18:41.0083 4464 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:18:41.0083 4464 USBSTOR - ok
11:18:41.0099 4464 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:18:41.0099 4464 usbuhci - ok
11:18:41.0130 4464 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:18:41.0130 4464 UxSms - ok
11:18:41.0146 4464 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:18:41.0146 4464 VaultSvc - ok
11:18:41.0177 4464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:18:41.0177 4464 vdrvroot - ok
11:18:41.0192 4464 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:18:41.0192 4464 vds - ok
11:18:41.0208 4464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:18:41.0208 4464 vga - ok
11:18:41.0224 4464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:18:41.0224 4464 VgaSave - ok
11:18:41.0239 4464 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:18:41.0239 4464 vhdmp - ok
11:18:41.0302 4464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:18:41.0302 4464 viaide - ok
11:18:41.0317 4464 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:18:41.0317 4464 volmgr - ok
11:18:41.0348 4464 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:18:41.0348 4464 volmgrx - ok
11:18:41.0380 4464 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
11:18:41.0380 4464 volsnap - ok
11:18:41.0395 4464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:18:41.0395 4464 vsmraid - ok
11:18:41.0426 4464 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:18:41.0442 4464 VSS - ok
11:18:41.0458 4464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:18:41.0458 4464 vwifibus - ok
11:18:41.0504 4464 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:18:41.0504 4464 W32Time - ok
11:18:41.0520 4464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:18:41.0520 4464 WacomPen - ok
11:18:41.0536 4464 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:18:41.0536 4464 WANARP - ok
11:18:41.0536 4464 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:18:41.0536 4464 Wanarpv6 - ok
11:18:41.0598 4464 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:18:41.0614 4464 WatAdminSvc - ok
11:18:41.0645 4464 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:18:41.0660 4464 wbengine - ok
11:18:41.0738 4464 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:18:41.0754 4464 WbioSrvc - ok
11:18:41.0770 4464 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:18:41.0785 4464 wcncsvc - ok
11:18:41.0801 4464 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:18:41.0801 4464 WcsPlugInService - ok
11:18:41.0832 4464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:18:41.0832 4464 Wd - ok
11:18:41.0863 4464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:18:41.0863 4464 Wdf01000 - ok
11:18:41.0879 4464 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:18:41.0879 4464 WdiServiceHost - ok
11:18:41.0879 4464 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:18:41.0879 4464 WdiSystemHost - ok
11:18:41.0894 4464 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:18:41.0894 4464 WebClient - ok
11:18:41.0926 4464 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:18:41.0941 4464 Wecsvc - ok
11:18:41.0957 4464 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:18:41.0957 4464 wercplsupport - ok
11:18:41.0972 4464 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:18:41.0972 4464 WerSvc - ok
11:18:41.0988 4464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:18:41.0988 4464 WfpLwf - ok
11:18:41.0988 4464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:18:41.0988 4464 WIMMount - ok
11:18:42.0019 4464 WinDefend - ok
11:18:42.0019 4464 WinHttpAutoProxySvc - ok
11:18:42.0082 4464 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:18:42.0082 4464 Winmgmt - ok
11:18:42.0175 4464 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:18:42.0191 4464 WinRM - ok
11:18:42.0238 4464 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:18:42.0253 4464 Wlansvc - ok
11:18:42.0300 4464 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:18:42.0300 4464 wlcrasvc - ok
11:18:42.0362 4464 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:18:42.0394 4464 wlidsvc - ok
11:18:42.0409 4464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:18:42.0409 4464 WmiAcpi - ok
11:18:42.0503 4464 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:18:42.0503 4464 wmiApSrv - ok
11:18:42.0534 4464 WMPNetworkSvc - ok
11:18:42.0612 4464 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:18:42.0612 4464 WPCSvc - ok
11:18:42.0628 4464 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:18:42.0643 4464 WPDBusEnum - ok
11:18:42.0659 4464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:18:42.0659 4464 ws2ifsl - ok
11:18:42.0690 4464 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:18:42.0706 4464 wscsvc - ok
11:18:42.0706 4464 WSearch - ok
11:18:42.0752 4464 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:18:42.0768 4464 wuauserv - ok
11:18:42.0784 4464 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:18:42.0784 4464 WudfPf - ok
11:18:42.0799 4464 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:18:42.0799 4464 WUDFRd - ok
11:18:42.0815 4464 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:18:42.0815 4464 wudfsvc - ok
11:18:42.0830 4464 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:18:42.0830 4464 WwanSvc - ok
11:18:42.0846 4464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:18:42.0986 4464 \Device\Harddisk0\DR0 - ok
11:18:43.0002 4464 Boot (0x1200) (841cdf51d1f6762fe3d7e4f1955fae34) \Device\Harddisk0\DR0\Partition0
11:18:43.0002 4464 \Device\Harddisk0\DR0\Partition0 - ok
11:18:43.0049 4464 Boot (0x1200) (bbd327e0fbf87e66c993a4f6b0b44f3e) \Device\Harddisk0\DR0\Partition1
11:18:43.0049 4464 \Device\Harddisk0\DR0\Partition1 - ok
11:18:43.0080 4464 Boot (0x1200) (87aeaa52d4b072d2796cda6bbebfa595) \Device\Harddisk0\DR0\Partition2
11:18:43.0080 4464 \Device\Harddisk0\DR0\Partition2 - ok
11:18:43.0080 4464 ============================================================
11:18:43.0080 4464 Scan finished
11:18:43.0080 4464 ============================================================
11:18:43.0111 4928 Detected object count: 0
11:18:43.0111 4928 Actual detected object count: 0
11:18:46.0715 5264 Deinitialize success
__________________
scottietwenty3 is offline  
Old 04-05-2012, 05:18 PM   #11
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi

I will complete and post all steps in your post 8 upon my return from a a family function. Found Taskkiller log in my C drive from yesterday. I intend to remove norton and replace with MSE as you outlined in an earlier post on complation of green light from you for a clean machine.

Cheers
__________________
scottietwenty3 is offline  
Old 04-06-2012, 03:54 AM   #12
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi there

I followed all your instructions in post 8 ComboFix installed and all AV/Real Time scanners disabled. I ranComboFix for a 1 hour and the first 4 stages loaded/completed within 5 mins or so but it did not move past stage 4? I then tried again for another 50 mins and once again it did not move past stage 4 (it seems to stall/hang after stage 4 or something). I followed your instruction to the letter & printed out Bleeping Computer guide for running ComboFix in your link (so no mouse clicking etc).

I sure hope as my new PC wont go past stage 4 even after an hour its not a sign of some massive problem? As it says should takes less than 10mins but for badly effected machines this can easily double.

I await your advise and cheers.
__________________
scottietwenty3 is offline  
Old 04-06-2012, 05:54 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



Hi,

It may not be an indication of a huge problem,

try running it in safe mode.

If it still gets hung up in safe mode as well, then run it with the following switch


Press the WinKey + R to open a run box:

Copy/paste the following text into the open run box > Click OK

ComboFix /nombr



To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-06-2012, 06:53 AM   #14
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi

Could not get safe mode to even bring up blue box but ComboFix/nombr is run box worked like a charm.

ComboFix 12-04-06.01 - scottie's computer 06/04/2012 23:01:39.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4083.2907 [GMT 9.5:30]
Running from: c:\users\scottie's computer\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SCOTTI~1\AppData\Local\Temp\{1F4912AC-459E-47E7-B368-1A796AA067D0}\fpb.tmp
c:\users\scottie's computer\AppData\Local\Temp\{1F4912AC-459E-47E7-B368-1A796AA067D0}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 13:36 . 2012-04-06 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 13:11 . 2012-04-06 13:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-06 13:11 . 2012-04-06 13:11 -------- d-----w- c:\program files (x86)\Java
2012-04-06 08:38 . 2012-04-06 08:38 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-04-06 08:37 . 2012-04-06 13:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-06 08:19 . 2012-04-06 08:19 -------- d-----w- c:\programdata\Virtualized Applications
2012-04-05 22:47 . 2012-04-05 22:47 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 03:43 . 2012-04-04 14:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-01 03:43 . 2012-04-01 03:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-30 13:41 . 2012-03-30 13:41 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 13:41 . 2012-04-04 13:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-30 13:41 . 2011-12-10 05:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-25 12:56 . 2012-03-25 12:56 -------- d-----w- c:\program files (x86)\Microsoft Research
2012-03-24 13:53 . 2012-03-26 07:44 -------- d-----w- c:\programdata\Recovery
2012-03-24 13:48 . 2012-04-04 14:22 -------- d-----w- c:\windows\system32\Macromed
2012-03-24 05:25 . 2012-03-24 05:38 -------- d-----w- c:\programdata\VirtualizedApplications
2012-03-24 04:30 . 2012-04-04 13:23 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-24 02:00 . 2012-03-24 02:14 -------- d-----w- c:\programdata\HP Photo Creations
2012-03-24 02:00 . 2012-03-24 02:00 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-03-24 02:00 . 2012-03-24 02:00 -------- d-----w- c:\program files (x86)\Coupons
2012-03-24 01:59 . 2010-11-16 10:54 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-03-24 01:59 . 2012-03-24 01:59 -------- d-----w- c:\programdata\HP
2012-03-24 01:52 . 2012-03-24 01:52 -------- d-----r- C:\MSOCache
2012-03-24 01:46 . 2012-03-24 22:29 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-03-24 01:16 . 2012-03-24 01:16 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-24 01:11 . 2012-03-24 01:11 -------- d-----w- c:\programdata\MusicStation
2012-03-24 01:11 . 2012-03-24 01:11 -------- d-----w- c:\program files (x86)\MusicStation
2012-03-24 01:11 . 2012-03-24 01:12 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-24 01:11 . 2012-03-24 01:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-03-24 01:11 . 2012-03-24 01:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-24 01:11 . 2012-03-24 01:11 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-24 01:09 . 2012-03-24 01:06 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-03-23 23:21 . 2012-03-23 23:21 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-23 23:21 . 2012-03-23 23:21 -------- d-----w- c:\windows\system32\Wat
2012-03-23 23:12 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-23 23:12 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-23 23:12 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-23 22:37 . 2012-03-23 22:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-22 22:13 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-03-22 13:34 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 13:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 13:34 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 13:34 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-22 13:34 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 13:34 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 13:34 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 13:33 . 2012-04-05 12:02 -------- d-----w- c:\users\scottie's computer
2012-03-22 13:33 . 2012-03-22 13:33 -------- d-----w- c:\program files (x86)\Microsoft Mathematics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 22:47 . 2011-11-30 23:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-27 22:26 . 2011-12-01 00:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-24 01:06 . 2010-09-08 23:48 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-24 01:06 . 2010-09-08 23:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-24 01:06 . 2010-09-08 23:49 61544 ----a-w- c:\windows\system32\nvshext.dll
2012-03-24 01:06 . 2010-09-08 23:48 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2012-03-24 01:06 . 2010-09-08 23:48 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-24 01:06 . 2010-09-08 23:49 6301288 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-24 01:06 . 2011-11-30 23:44 8865896 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-24 01:06 . 2011-11-30 23:44 6556776 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-24 01:06 . 2011-11-30 23:44 15225960 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-24 01:06 . 2011-11-30 23:44 11994216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-24 01:06 . 2011-11-30 23:44 2645608 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-22 13:33 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\scottie's computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-16 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120405.002\IDSvia64.sys [2012-04-03 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 378472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:47]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2227199749-3598684527-2827923799-1000Core.job
- c:\users\scottie's computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 13:44]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2227199749-3598684527-2827923799-1000UA.job
- c:\users\scottie's computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 13:44]
.
2012-04-05 c:\windows\Tasks\HPCeeScheduleForscottie's computer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-04 c:\windows\Tasks\HPCeeScheduleForSCOTTIESPC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-04-06 23:10:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 13:40
.
Pre-Run: 945,738,850,304 bytes free
Post-Run: 946,006,249,472 bytes free
.
- - End Of File - - 17DE33FA8596D363EEA41C532FF3C686
__________________
scottietwenty3 is offline  
Old 04-06-2012, 07:05 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



Hi,

Please run the following:
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-06-2012, 08:09 AM   #16
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi

I have run MBAM pls checked for updates, log below note I was not given option to Click OK to show results. Sp I could do the step you highlighted in blue starts with Make sure that....

So I could not do any disinfection etc

Note also the note you had in green re MBAM encountersa file...
Same as above no option to be able to carry out same as per above.

Also ESETSCAN to follow next post then of to bed for me this esetscan taking far longer than I thought.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.04.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
scottie's computer :: SCOTTIESPC [administrator]

Protection: Enabled

6/04/2012 11:47:37 PM
mbam-log-2012-04-06 (23-47-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200791
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
scottietwenty3 is offline  
Old 04-06-2012, 08:51 AM   #17
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hi

ESET scan all done note no option to press the LIST OF THREATS FOUND button on scan completion.

So wasn't given the option to export etc and no log.

However if ran in full and no threats found was not able to copy/paste that for you so I wrote it down what it said.

Scanned Files 116224
Infected 0
Cleaned Files 0
Scan Time 1:01:53
Scan Status - Finish
__________________
scottietwenty3 is offline  
Old 04-06-2012, 02:42 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



Hi,

Well the machine appears to be clean, as long as you have changed all your online passwords, you should be fine,

we just need to clean up our tools now, please do the following:


You can delete the TDSSKiller, DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-06-2012, 04:07 PM   #19
Registered Member
 
Join Date: Aug 2009
Location: Australia
Posts: 153
OS: XP Home Edition SP3, Windows 7 Home Premium SP1 64bit



Hey CB

No need to thank me - I'm the one needing to do the thanking.

Can I just ask a couple questions first thanks.

What was wrong/what was found? as before posting this thread for help MBAM & Norton full scans found nothing. I really just want to no for curiosity and also to educate myself as I learn from these type of forums on the matter. I will also change my passwords again now on know this PC is clean. I will kook at those password keeper programs I'm just thinking how safe a secure are they really? As they would be very usefull.

I have worked my way down you post and done everything up to and including TFC is this similar to say CC cleaner that I have on my XP laptop?

I will work my way through the other suggestions further reading as soon as I can in my own time.

I did do some reseach while in this cleaning process and had read about WOT but I'm a little confused. I realise you dont use IE but this PC runs IE9 my XP laptop runs IE8 Microsoft has what the call smart filter in IE8 and above and from what I have read my understading is that works just like WOT and indicates if site is safe. As that correct? Do I need WOT in addition to IE8/9 in my case?

Lastly thanks heaps once again :) I'm very seriously thinking of putting MSE on both my computers its more so a case of when. This new PC only came with a quite short free subscription to Norton and I'm happy to unistall as per your instruction/guide much earlier in this thread if you reccommend MSE as a better free security suite than my current AV. On MSE as I have never used it am I correct its a security suite eg AV/firewall (not sure if it comes with more features) eg sfe for online banking/shopping/email as well. If it tikes those boxes and is recommended I might as well run on both networked computers.
__________________
scottietwenty3 is offline  
Old 04-06-2012, 04:16 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,684
OS: XP, Vista, Win7



Hi,

there were a couple of infected files found in your temp folders (see the ComboFix deletions). I suspect your problems came from a phishing site

https://cms.paypal.com/ca/cgi-bin/?c...urity/phishing

yes, TFC is similar to CC Cleaner (just don't use the registry cleaner component, it isn't needed)

You probably don't need WOT if you are using IE9, I like it myself as it blocks access to a bad site with a large warning window.

I really like MSE and use it on all my computers, but there are a few very good antivirus products out there,

free products to check out > Avira AntiVir or Avast, excellent paid product > ESET or Kaspersky

MSE doesn't come with a Firewall, but works in conjunction with the Windows Firewall.

If you have a secured router, you should be fine with MSE and the Windows firewall. I also use the paid version of Malwarebytes.

You need to try a couple of different combinations and products to see what suits your system the best (only use one AV product at a time though)

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help -- CANNOT get rid of redirect virus
Hello, everyone. Thank you for reading my post. My PC was recently was infected with a broswer redirect virus, taking me to "GimmeAnswers," "Hapili," etc. when I click on browser search results. It seems to only happen in Firefox, not Internet Explorer. I'm running Vista Home Premium,...
superbu Resolved HJT Threads 67 04-18-2012 07:47 PM
Can connect to internet through modem, not through router
Hi, I have a connection problem and none of the solutions provided thus far work. Here is the situation: I have two computers, a cable modem (Arris, through Time Warner) and a router (SMC). I can connect the router to the cable modem and then computer 1 wired to the router and get internet...
ScentOfTrees Networking Support 38 04-03-2012 05:34 PM
2tb hard drive now unallocated ... help
hello all... heres the detail to my ordeal. after a new built with win 7 installed... i plugged all 3 hard drive in. the 2 1tb hard drive is recognized, but the 2tb is not recognized. I went into disk management and sees that the drive is "unallocated" and it asked me to assigned a drive letter....
blnkcruiser Hard Drive Support 8 04-03-2012 05:06 PM
How to get Win XP SP1 up to date?
Hi, I reformatted my hard drive and reinstalled Win XP from my original install CD. It is SP1. I have spent four hours trying to get it updated to SP 3, and have just become sick of beating my head against the wall. Automatic updates isn't working for some reason. When I go to Windows update...
fatgreta1066 Windows XP Support 2 04-03-2012 08:06 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:00 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts